Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20240414 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apache2 (2.4.58 -> 2.4.59) apache2-manual (2.4.58 -> 2.4.59) apache2-prefork (2.4.58 -> 2.4.59) apache2-utils (2.4.58 -> 2.4.59) btrfsmaintenance emacs emacs-jinx (1.4 -> 1.6) f2fs-tools (1.15.0 -> 1.16.0) freerdp2 gcr (4.2.1 -> 4.3.0) gettext-runtime gnome-control-center gnome-online-accounts (3.50.0 -> 3.50.1) gnome-text-editor (46.0 -> 46.1) gobject-introspection gom (0.5.0 -> 0.5.1) gptfdisk (1.0.9 -> 1.0.10) grep gupnp jack kernel-source (6.8.4 -> 6.8.5) lensfun liblouis libquicktime libssh miniupnpc (2.2.5 -> 2.2.6) multipath-tools (0.9.8+87+suse.f72b9f3 -> 0.9.8+88+suse.d504d83) openSUSE-build-key openSUSE-release (20240410 -> 20240414) openssh ovmf pam (1.6.0 -> 1.6.1) pam-config (2.11 -> 2.11+git.20240411) pam-full-src (1.6.0 -> 1.6.1) patterns-kde perl pipewire postfix python-Pillow schily texlive transactional-update (4.6.0 -> 4.6.5) update-alternatives (1.22.5 -> 1.22.6) vim (9.1.0151 -> 9.1.0301) xfce4-branding-openSUSE (4.18.0+git1.8b02118 -> 4.18.0+git4.79f6d44) xorg-x11-server xz zxcvbn === Details === ==== apache2 ==== Version update (2.4.58 -> 2.4.59) - Update to 2.4.59: * ) mod_deflate: Fixes and better logging for handling various error and edge cases. [Eric Covener, Yann Ylavic, Joe Orton, Eric Norris <enorris etsy.com>] * ) Add CGIScriptTimeout to mod_cgi. [Eric Covener] * ) mod_xml2enc: Tolerate libxml2 2.12.0 and later. PR 68610 [ttachi <tachihara AT hotmail.com>] * ) mod_slotmem_shm: Use ap_os_is_path_absolute() to make it portable. [Jean-Frederic Clere] * ) mod_ssl: Use OpenSSL-standard functions to assemble CA name lists for SSLCACertificatePath/SSLCADNRequestPath. Names will now be consistently sorted. PR 61574. [Joe Orton] * ) mod_xml2enc: Update check to accept any text/ media type or any XML media type per RFC 7303, avoiding corruption of Microsoft OOXML formats. PR 64339. [Joseph Heenan <joseph.heenan fintechlabs.io>, Joe Orton] * ) mod_http2: v2.0.26 with the following fixes: - Fixed `Date` header on requests upgraded from HTTP/1.1 (h2c). Fixes <https://github.com/icing/mod_h2/issues/272>. - Fixed small memory leak in h2 header bucket free. Thanks to Michael Kaufmann for finding this and providing the fix. * ) htcacheclean: In -a/-A mode, list all files per subdirectory rather than only one. PR 65091. [Artem Egorenkov <aegorenkov.91 gmail.com>] * ) mod_ssl: SSLProxyMachineCertificateFile/Path may reference files which include CA certificates; those CA certs are treated as if configured with SSLProxyMachineCertificateChainFile. [Joe Orton] * ) htpasswd, htdbm, dbmmanage: Update help&docs to refer to "hashing", rather than "encrypting" passwords. [Michele Preziuso <mpreziuso kaosdynamics.com>] * ) mod_ssl: Fix build with LibreSSL 2.0.7+. PR 64047. [Giovanni Bechis, Yann Ylavic] * ) htpasswd: Add support for passwords using SHA-2. [Joe Orton, Yann Ylavic] * ) core: Allow mod_env to override system environment vars. [Joe Orton] * ) Allow mod_dav_fs to tolerate race conditions between PROPFIND and an operation which removes a directory/file between apr_dir_read() and apr_stat(). Current behaviour is to abort the connection which seems inferior to tolerating (and logging) the error. [Joe Orton] * ) mod_ldap: HTML-escape data in the ldap-status handler. [Eric Covener, Chamal De Silva] * ) mod_ssl: Disable the OpenSSL ENGINE API when OPENSSL_NO_ENGINE is set. Allow for "SSLCryptoDevice builtin" if the ENGINE API is not available, notably with OpenSSL >= 3. PR 68080. [Yann Ylavic, Joe Orton] * ) mod_ssl: Improve compatibility with OpenSSL 3, fix build warnings about deprecated ENGINE_ API, honor OPENSSL_API_COMPAT setting while defaulting to compatibitily with version 1.1.1 (including ENGINEs / SSLCryptoDevice). [Yann Ylavic] * ) mod_ssl: release memory to the OS when needed. [Giovanni Bechis] * ) mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch when some dollar substitution (backreference) happens in the hostname or port part of the URL. [Yann Ylavic] * ) mod_proxy: Allow to set a TTL for how long DNS resolutions to backend systems are cached. [Yann Ylavic] * ) mod_proxy: Add optional third argument for ProxyRemote, which configures Basic authentication credentials to pass to the remote proxy. PR 37355. [Joe Orton] ==== apache2-manual ==== Version update (2.4.58 -> 2.4.59) - Update to 2.4.59: * ) mod_deflate: Fixes and better logging for handling various error and edge cases. [Eric Covener, Yann Ylavic, Joe Orton, Eric Norris <enorris etsy.com>] * ) Add CGIScriptTimeout to mod_cgi. [Eric Covener] * ) mod_xml2enc: Tolerate libxml2 2.12.0 and later. PR 68610 [ttachi <tachihara AT hotmail.com>] * ) mod_slotmem_shm: Use ap_os_is_path_absolute() to make it portable. [Jean-Frederic Clere] * ) mod_ssl: Use OpenSSL-standard functions to assemble CA name lists for SSLCACertificatePath/SSLCADNRequestPath. Names will now be consistently sorted. PR 61574. [Joe Orton] * ) mod_xml2enc: Update check to accept any text/ media type or any XML media type per RFC 7303, avoiding corruption of Microsoft OOXML formats. PR 64339. [Joseph Heenan <joseph.heenan fintechlabs.io>, Joe Orton] * ) mod_http2: v2.0.26 with the following fixes: - Fixed `Date` header on requests upgraded from HTTP/1.1 (h2c). Fixes <https://github.com/icing/mod_h2/issues/272>. - Fixed small memory leak in h2 header bucket free. Thanks to Michael Kaufmann for finding this and providing the fix. * ) htcacheclean: In -a/-A mode, list all files per subdirectory rather than only one. PR 65091. [Artem Egorenkov <aegorenkov.91 gmail.com>] * ) mod_ssl: SSLProxyMachineCertificateFile/Path may reference files which include CA certificates; those CA certs are treated as if configured with SSLProxyMachineCertificateChainFile. [Joe Orton] * ) htpasswd, htdbm, dbmmanage: Update help&docs to refer to "hashing", rather than "encrypting" passwords. [Michele Preziuso <mpreziuso kaosdynamics.com>] * ) mod_ssl: Fix build with LibreSSL 2.0.7+. PR 64047. [Giovanni Bechis, Yann Ylavic] * ) htpasswd: Add support for passwords using SHA-2. [Joe Orton, Yann Ylavic] * ) core: Allow mod_env to override system environment vars. [Joe Orton] * ) Allow mod_dav_fs to tolerate race conditions between PROPFIND and an operation which removes a directory/file between apr_dir_read() and apr_stat(). Current behaviour is to abort the connection which seems inferior to tolerating (and logging) the error. [Joe Orton] * ) mod_ldap: HTML-escape data in the ldap-status handler. [Eric Covener, Chamal De Silva] * ) mod_ssl: Disable the OpenSSL ENGINE API when OPENSSL_NO_ENGINE is set. Allow for "SSLCryptoDevice builtin" if the ENGINE API is not available, notably with OpenSSL >= 3. PR 68080. [Yann Ylavic, Joe Orton] * ) mod_ssl: Improve compatibility with OpenSSL 3, fix build warnings about deprecated ENGINE_ API, honor OPENSSL_API_COMPAT setting while defaulting to compatibitily with version 1.1.1 (including ENGINEs / SSLCryptoDevice). [Yann Ylavic] * ) mod_ssl: release memory to the OS when needed. [Giovanni Bechis] * ) mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch when some dollar substitution (backreference) happens in the hostname or port part of the URL. [Yann Ylavic] * ) mod_proxy: Allow to set a TTL for how long DNS resolutions to backend systems are cached. [Yann Ylavic] * ) mod_proxy: Add optional third argument for ProxyRemote, which configures Basic authentication credentials to pass to the remote proxy. PR 37355. [Joe Orton] ==== apache2-prefork ==== Version update (2.4.58 -> 2.4.59) - Update to 2.4.59: * ) mod_deflate: Fixes and better logging for handling various error and edge cases. [Eric Covener, Yann Ylavic, Joe Orton, Eric Norris <enorris etsy.com>] * ) Add CGIScriptTimeout to mod_cgi. [Eric Covener] * ) mod_xml2enc: Tolerate libxml2 2.12.0 and later. PR 68610 [ttachi <tachihara AT hotmail.com>] * ) mod_slotmem_shm: Use ap_os_is_path_absolute() to make it portable. [Jean-Frederic Clere] * ) mod_ssl: Use OpenSSL-standard functions to assemble CA name lists for SSLCACertificatePath/SSLCADNRequestPath. Names will now be consistently sorted. PR 61574. [Joe Orton] * ) mod_xml2enc: Update check to accept any text/ media type or any XML media type per RFC 7303, avoiding corruption of Microsoft OOXML formats. PR 64339. [Joseph Heenan <joseph.heenan fintechlabs.io>, Joe Orton] * ) mod_http2: v2.0.26 with the following fixes: - Fixed `Date` header on requests upgraded from HTTP/1.1 (h2c). Fixes <https://github.com/icing/mod_h2/issues/272>. - Fixed small memory leak in h2 header bucket free. Thanks to Michael Kaufmann for finding this and providing the fix. * ) htcacheclean: In -a/-A mode, list all files per subdirectory rather than only one. PR 65091. [Artem Egorenkov <aegorenkov.91 gmail.com>] * ) mod_ssl: SSLProxyMachineCertificateFile/Path may reference files which include CA certificates; those CA certs are treated as if configured with SSLProxyMachineCertificateChainFile. [Joe Orton] * ) htpasswd, htdbm, dbmmanage: Update help&docs to refer to "hashing", rather than "encrypting" passwords. [Michele Preziuso <mpreziuso kaosdynamics.com>] * ) mod_ssl: Fix build with LibreSSL 2.0.7+. PR 64047. [Giovanni Bechis, Yann Ylavic] * ) htpasswd: Add support for passwords using SHA-2. [Joe Orton, Yann Ylavic] * ) core: Allow mod_env to override system environment vars. [Joe Orton] * ) Allow mod_dav_fs to tolerate race conditions between PROPFIND and an operation which removes a directory/file between apr_dir_read() and apr_stat(). Current behaviour is to abort the connection which seems inferior to tolerating (and logging) the error. [Joe Orton] * ) mod_ldap: HTML-escape data in the ldap-status handler. [Eric Covener, Chamal De Silva] * ) mod_ssl: Disable the OpenSSL ENGINE API when OPENSSL_NO_ENGINE is set. Allow for "SSLCryptoDevice builtin" if the ENGINE API is not available, notably with OpenSSL >= 3. PR 68080. [Yann Ylavic, Joe Orton] * ) mod_ssl: Improve compatibility with OpenSSL 3, fix build warnings about deprecated ENGINE_ API, honor OPENSSL_API_COMPAT setting while defaulting to compatibitily with version 1.1.1 (including ENGINEs / SSLCryptoDevice). [Yann Ylavic] * ) mod_ssl: release memory to the OS when needed. [Giovanni Bechis] * ) mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch when some dollar substitution (backreference) happens in the hostname or port part of the URL. [Yann Ylavic] * ) mod_proxy: Allow to set a TTL for how long DNS resolutions to backend systems are cached. [Yann Ylavic] * ) mod_proxy: Add optional third argument for ProxyRemote, which configures Basic authentication credentials to pass to the remote proxy. PR 37355. [Joe Orton] ==== apache2-utils ==== Version update (2.4.58 -> 2.4.59) - Update to 2.4.59: * ) mod_deflate: Fixes and better logging for handling various error and edge cases. [Eric Covener, Yann Ylavic, Joe Orton, Eric Norris <enorris etsy.com>] * ) Add CGIScriptTimeout to mod_cgi. [Eric Covener] * ) mod_xml2enc: Tolerate libxml2 2.12.0 and later. PR 68610 [ttachi <tachihara AT hotmail.com>] * ) mod_slotmem_shm: Use ap_os_is_path_absolute() to make it portable. [Jean-Frederic Clere] * ) mod_ssl: Use OpenSSL-standard functions to assemble CA name lists for SSLCACertificatePath/SSLCADNRequestPath. Names will now be consistently sorted. PR 61574. [Joe Orton] * ) mod_xml2enc: Update check to accept any text/ media type or any XML media type per RFC 7303, avoiding corruption of Microsoft OOXML formats. PR 64339. [Joseph Heenan <joseph.heenan fintechlabs.io>, Joe Orton] * ) mod_http2: v2.0.26 with the following fixes: - Fixed `Date` header on requests upgraded from HTTP/1.1 (h2c). Fixes <https://github.com/icing/mod_h2/issues/272>. - Fixed small memory leak in h2 header bucket free. Thanks to Michael Kaufmann for finding this and providing the fix. * ) htcacheclean: In -a/-A mode, list all files per subdirectory rather than only one. PR 65091. [Artem Egorenkov <aegorenkov.91 gmail.com>] * ) mod_ssl: SSLProxyMachineCertificateFile/Path may reference files which include CA certificates; those CA certs are treated as if configured with SSLProxyMachineCertificateChainFile. [Joe Orton] * ) htpasswd, htdbm, dbmmanage: Update help&docs to refer to "hashing", rather than "encrypting" passwords. [Michele Preziuso <mpreziuso kaosdynamics.com>] * ) mod_ssl: Fix build with LibreSSL 2.0.7+. PR 64047. [Giovanni Bechis, Yann Ylavic] * ) htpasswd: Add support for passwords using SHA-2. [Joe Orton, Yann Ylavic] * ) core: Allow mod_env to override system environment vars. [Joe Orton] * ) Allow mod_dav_fs to tolerate race conditions between PROPFIND and an operation which removes a directory/file between apr_dir_read() and apr_stat(). Current behaviour is to abort the connection which seems inferior to tolerating (and logging) the error. [Joe Orton] * ) mod_ldap: HTML-escape data in the ldap-status handler. [Eric Covener, Chamal De Silva] * ) mod_ssl: Disable the OpenSSL ENGINE API when OPENSSL_NO_ENGINE is set. Allow for "SSLCryptoDevice builtin" if the ENGINE API is not available, notably with OpenSSL >= 3. PR 68080. [Yann Ylavic, Joe Orton] * ) mod_ssl: Improve compatibility with OpenSSL 3, fix build warnings about deprecated ENGINE_ API, honor OPENSSL_API_COMPAT setting while defaulting to compatibitily with version 1.1.1 (including ENGINEs / SSLCryptoDevice). [Yann Ylavic] * ) mod_ssl: release memory to the OS when needed. [Giovanni Bechis] * ) mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch when some dollar substitution (backreference) happens in the hostname or port part of the URL. [Yann Ylavic] * ) mod_proxy: Allow to set a TTL for how long DNS resolutions to backend systems are cached. [Yann Ylavic] * ) mod_proxy: Add optional third argument for ProxyRemote, which configures Basic authentication credentials to pass to the remote proxy. PR 37355. [Joe Orton] ==== btrfsmaintenance ==== - Use full URL for Source0 (.gz compressed as upstream does not ship .bz2 ones). ==== emacs ==== Subpackages: emacs-el emacs-eln emacs-info emacs-nox etags - Modify patch emacs-25.1-custom-fonts.patch * include math.h for all kinds of fonts handling (boo#1222637) - Modify patch emacs-27.1-Xauthority4server.patch * Add After=graphical-session.target in emacs.service (boo#1222172) ==== emacs-jinx ==== Version update (1.4 -> 1.6) - Rebase 0001-Only-export-necessary-symbols.-Fixes-105.patch against 1.6 - Update to version 1.6: * Fix jinx-mode reentrancy issue #gh/minad/jinx#158 * Ensure that directory local variables work correctly with Jinx. It is possible to turn Jinx on or off via dir-locals, and also configure the language and local words. * jinx-mod: Add global ref Qcons * jinx-next: Unfold hidden misspelling ==== f2fs-tools ==== Version update (1.15.0 -> 1.16.0) - update to 1.16.0: * Various bug fixes in fsck and mkfs for zoned device support. ==== freerdp2 ==== Subpackages: libfreerdp2-2 libwinpr2-2 - Add patch to avoid unneeded dependencies when using winpr-devel: * 0001-Don-t-add-winpr-cli-tools-to-exported-CMake-targets.patch ==== gcr ==== Version update (4.2.1 -> 4.3.0) Subpackages: gcr-ssh-agent gcr-ssh-askpass gcr-viewer libgck-2-2 libgcr-4-4 typelib-1_0-Gck-2 typelib-1_0-Gcr-4 - Update to version 4.3.0: + certificate: Add API to retrieve version. + Bump required GnuTLS version to 3.8.5. + Avoid potential integer overflow spotted by UBSan> + Support GnuTLS as an alternative crypto backend. + Updated translations. ==== gettext-runtime ==== Subpackages: libtextstyle0 - Add missing Requires: find to gettext-tools ==== gnome-control-center ==== Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces gnome-control-center-users - Add gnome-control-center-datetime-Avoid-emitting-the-time-changed-signal.patch: Avoid emitting the time-changed signal (bsc#1222149, bsc#1221799, glgo#GNOME/gnome-control-center#2943). ==== gnome-online-accounts ==== Version update (3.50.0 -> 3.50.1) Subpackages: libgoa-1_0-0 libgoa-backend-1_0-2 - Update to version 3.50.1: + Fix translation domain in account dialogs. + Fix OAuth 2.0 URI handler for some users. + Fix crash in Kerberos/Fedora provider. + Improved WebDAV support for Fastmail and mailbox.org. + Fixes for WebDAV discovery. + OAuth 2.0 PKCE support. + Fix issues caught by static analysis. + Update Microsoft Client ID. + Updated translations. ==== gnome-text-editor ==== Version update (46.0 -> 46.1) - Update to version 46.1: + Remove DBusActicatable=true from the .desktop file to fix an issue where you could spawn Text Editor via D-Bus and not have the session restored at startup. + AppData fixes. + Updated translations. - Drop data-desktop-disable-DBusActivatable.patch: fixed upstream. ==== gobject-introspection ==== Subpackages: girepository-1_0 libgirepository-1_0-1 - gi-find-deps.sh: further expand on the java script scanner. ==== gom ==== Version update (0.5.0 -> 0.5.1) - Update to version 0.5.1: + Reduce object inflation overhead in GType system usage. + Avoid some allocations in hot paths. + Avoid hashtables for resourcegroup items. + Avoid use of weak pointers when unnecessary. ==== gptfdisk ==== Version update (1.0.9 -> 1.0.10) - Update to release 1.0.10 * Fix failure & crash of sgdisk when compiled with latest popt * Fix NULL dereference when duplicating string argument * Allow partition dynamically allocated by --largest-new to be referenced by other options * Truncate decimal inputs (e.g. "9.5G" becomes "9G") * New partition type codes from the Discoverable Partitions Specification - Delete 0001-Fix-failure-crash-of-sgdisk-when-compiled-with-lates.patch gptfdisk-1.0.9-libuuid.patch, gptfdisk-fix-null-pointer-dereference.patch (merged) ==== grep ==== - restore texinfo macros for SLE15 ==== gupnp ==== - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== jack ==== Subpackages: jack-dbus libjack0 - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== kernel-source ==== Version update (6.8.4 -> 6.8.5) - gcc-plugins/stackleak: Avoid .head.text section (git-fixes). - commit 542f698 - Linux 6.8.5 (bsc#1012628). - x86: set SPECTRE_BHI_ON as default (bsc#1012628). - KVM: x86: Add BHI_NO (bsc#1012628). - x86/bhi: Mitigate KVM by default (bsc#1012628). - x86/bhi: Add BHI mitigation knob (bsc#1012628 bsc#1217339 CVE-2024-2201). - Update config files (set SPECTRE_BHI_ON=y which is the default later). - x86/bhi: Enumerate Branch History Injection (BHI) bug (bsc#1012628). - x86/bhi: Define SPEC_CTRL_BHI_DIS_S (bsc#1012628). - x86/bhi: Add support for clearing branch history at syscall entry (bsc#1012628). - x86/syscall: Don't force use of indirect calls for system calls (bsc#1012628). - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (bsc#1012628). - x86/efistub: Remap kernel text read-only before dropping NX attribute (bsc#1012628). - x86/sev: Move early startup code into .head.text section (bsc#1012628). - x86/sme: Move early SME kernel encryption handling into .head.text (bsc#1012628). - x86/boot: Move mem_encrypt= parsing to the decompressor (bsc#1012628). - efi/libstub: Add generic support for parsing mem_encrypt= (bsc#1012628). - bpf: support deferring bpf_link dealloc to after RCU grace period (bsc#1012628). - bpf: put uprobe link's path and task in release callback (bsc#1012628). - Revert "x86/mpparse: Register APIC address only once" (bsc#1012628). - drm/xe: Rework rebinding (bsc#1012628). - drm/xe: Use ring ops TLB invalidation for rebinds (bsc#1012628). - drm/i915/gt: Enable only one CCS for compute workload (bsc#1012628). - drm/i915/gt: Do not generate the command streamer for all the CCS (bsc#1012628). - drm/i915/gt: Disable HW load balancing for CCS (bsc#1012628). - drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY < 13 (bsc#1012628). - drm/i915/mst: Reject FEC+MST on ICL (bsc#1012628). - drm/i915/mst: Limit MST+DSC to TGL+ (bsc#1012628). - smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1012628). - smb: client: fix potential UAF in smb2_is_network_name_deleted() (bsc#1012628). - smb: client: fix potential UAF in is_valid_oplock_break() (bsc#1012628). - smb: client: fix potential UAF in smb2_is_valid_lease_break() (bsc#1012628). - smb: client: fix potential UAF in smb2_is_valid_oplock_break() (bsc#1012628). - smb: client: fix potential UAF in cifs_dump_full_key() (bsc#1012628). - smb: client: fix potential UAF in cifs_stats_proc_show() (bsc#1012628). - smb: client: fix potential UAF in cifs_stats_proc_write() (bsc#1012628). - smb: client: fix potential UAF in cifs_debug_files_proc_show() (bsc#1012628). - smb3: retrying on failed server close (bsc#1012628). - smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex (bsc#1012628). - smb: client: handle DFS tcons in cifs_construct_tcon() (bsc#1012628). - smb: client: refresh referral without acquiring refpath_lock (bsc#1012628). - smb: client: guarantee refcounted children from parent session (bsc#1012628). - smb: client: fix UAF in smb2_reconnect_server() (bsc#1012628). - riscv: process: Fix kernel gp leakage (bsc#1012628). - riscv: Fix spurious errors from __get/put_kernel_nofault (bsc#1012628). - s390/entry: align system call table on 8 bytes (bsc#1012628). - selftests/mm: include strings.h for ffsl (bsc#1012628). - mm/secretmem: fix GUP-fast succeeding on secretmem folios (bsc#1012628). - arm64/ptrace: Use saved floating point state type to determine SVE layout (bsc#1012628). - riscv: Fix vector state restore in rt_sigreturn() (bsc#1012628). - aio: Fix null ptr deref in aio_complete() wakeup (bsc#1012628). - perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event (bsc#1012628). - x86/coco: Require seeding RNG with RDRAND on CoCo systems (bsc#1012628). - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (bsc#1012628). - x86/mm/pat: fix VM_PAT handling in COW mappings (bsc#1012628). - of: module: prevent NULL pointer dereference in vsnprintf() (bsc#1012628). - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals (bsc#1012628). - driver core: Introduce device_link_wait_removal() (bsc#1012628). - ASoC: SOF: Intel: hda: Compensate LLP in case it is not reset (bsc#1012628). - ASoC: SOF: ipc4-pcm: Correct the delay calculation (bsc#1012628). ... changelog too long, skipping 395 lines ... - commit f362b5c ==== lensfun ==== Subpackages: lensfun-data liblensfun1 - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== liblouis ==== Subpackages: liblouis-data liblouis20 python3-louis - Run python tests in %check ==== libquicktime ==== - Fix build with GCC 14, bsc#1221701 * fix-gcc14-build.patch ==== libssh ==== Subpackages: libssh-config libssh4 - Don't change the path for crypto-policies libssh.config (bsc#1222716) ==== miniupnpc ==== Version update (2.2.5 -> 2.2.6) - update to 2.2.6: * includes charset="utf-8" in Content-Type * fix memory allocation error in minissdpc.c * Make User-Agent compliant. * add new binary listdevices => upnp-listdevices - added %check section to run unit tests ==== multipath-tools ==== Version update (0.9.8+87+suse.f72b9f3 -> 0.9.8+88+suse.d504d83) Subpackages: kpartx libmpath0 - Update to version 0.9.8+88+suse.d504d83: * Revert "libmultipath: fix max_sectors_kb on adding path" (bsc#1222458) ==== openSUSE-build-key ==== - SLM 6.0 key (ALP / SLF1) RSA 4096 bit key - gpg-pubkey-09d9ea69-645b99ce.asc - 2024 SUSE Linux Enterprise 15 SP6 RSA 4096 bit key - gpg-pubkey-3fa1d6ce-63c9481c.asc - SLM 6.0 key (ALP / SLF1) RSA 4096 bit reserve key - gpg-pubkey-73f03759-626bd414.asc - 2024 SUSE Linux Enterprise 15 SP6 RSA 4096 bit reserve key - gpg-pubkey-d588dc46-63c939db.asc - obsoleted a incorrectly used DSA1024 key (used in Slowroll). ==== openSUSE-release ==== Version update (20240410 -> 20240414) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Fix duplicate loading of dropins. (boo#1222467) ==== ovmf ==== Subpackages: qemu-uefi-aarch64 - Add ovmf-EmbeddedPkg-Library-Support-SOURCE_DATE_EPOCH-in-Vir.patch Support SOURCE_DATE_EPOCH in VirtualRealTimeClockLib for reproducible. (bsc#1217704) ==== pam ==== Version update (1.6.0 -> 1.6.1) - Update to version 1.6.1 - pam_env: fixed --disable-econf --enable-vendordir support. - pam_unix: do not warn if password aging is disabled. - pam_unix: try to set uid to 0 before unix_chkpwd invocation. - pam_unix: allow empty passwords with non-empty hashes. - Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. - Remove backports: - pam_env-fix_vendordir.patch - pam_env-fix-enable-vendordir-fallback.patch - pam_env-remove-escaped-newlines.patch - pam_unix-fix-password-aging-disabled.patch ==== pam-config ==== Version update (2.11 -> 2.11+git.20240411) - Update to version 2.11+git.20240411: * Configure Himmelblau correctly w/ other services present * Configure other services correctly w/ Himmelblau present * Himmelblau session is only optional ==== pam-full-src ==== Version update (1.6.0 -> 1.6.1) - Update to version 1.6.1 - pam_env: fixed --disable-econf --enable-vendordir support. - pam_unix: do not warn if password aging is disabled. - pam_unix: try to set uid to 0 before unix_chkpwd invocation. - pam_unix: allow empty passwords with non-empty hashes. - Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. - Remove backports: - pam_env-fix_vendordir.patch - pam_env-fix-enable-vendordir-fallback.patch - pam_env-remove-escaped-newlines.patch - pam_unix-fix-password-aging-disabled.patch ==== patterns-kde ==== Subpackages: patterns-kde-kde patterns-kde-kde_edutainment patterns-kde-kde_games patterns-kde-kde_ide patterns-kde-kde_imaging patterns-kde-kde_internet patterns-kde-kde_multimedia patterns-kde-kde_office patterns-kde-kde_pim patterns-kde-kde_plasma patterns-kde-kde_utilities patterns-kde-kde_utilities_opt patterns-kde-kde_yast - xwaylandvideobridge has always been unversioned (boo#1222640) ==== perl ==== Subpackages: perl-base - Revert commit 7af2d2037375d58e700f9e1b217efb2c4db66133 as suggested by upstream perl * fixed locale being clobbered by perl [bsc#1220195] * new patch: perl-locale-backport.diff ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Move the jack spa plugin from the pipewire-spa-plugins-0_2 package to a new pipewire-spa-plugins-0_2-jack package. This allows to not Suggest the pipewire-libjack package from pipewire-spa-plugins-0_2 since that's only used to connect pipewire as a client to a jack server which is not common at all (boo#1222253). ==== postfix ==== - Move qshape(1) out of -doc, install it as a binary with the main package ==== python-Pillow ==== - Reenable tests for s390x and ppc, bsc#1222553 gh#python-pillow/Pillow#1204 ==== schily ==== Subpackages: libcdrdeflt1_0 libdeflt1_0 libfile1_0 libfind4_0 librmt1_0 librscg1_0 libscg1_0 libscgcmd1_0 libschily2_0 mkisofs spax star - Update to release 2024.03.21 * mkisofs: produce less scrollback when logging progress to ttys. ==== texlive ==== - Add patch source-dvipdfm-x.dif * dvipdfmx: repeated inclusion of the same image did not share the image data, but had separate copies for each inclusion. ==== transactional-update ==== Version update (4.6.0 -> 4.6.5) Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit - Version 4.6.5 - Rework soft-reboot support introduced in 4.6.0: - On transactional systems with systemd 254 the system could hang with with a soft-reboot, as /var and /etc have to be mounted in /run/nextroot explicitly. As a soft-reboot can also be triggered by an admin the mounting of the corresponding mount points was moved to a systemd service to be independent of t-u itself. - Support for systemd 255 - Don't decrease reboot level on multiple commands - Various other bugfixes - soft-reboot support is disabled by default now to gather more feedback - libtukit: Fix kexec reboot method to boot kernel / initrd of next snapshot - tukit: Don't clone lock file handle on exec [boo#1222411] - t-u: Always use zypper of installed system [bsc#1221346] - t-u: Remove remaining telemetrics references - Add prepare-nextroot-for-softreboot service - Add (empty) %check section ==== update-alternatives ==== Version update (1.22.5 -> 1.22.6) - Update to version 1.22.6. The changelog for this version isn't very large, so it's provided in full: * dpkg-deb: Fix up compressor parameters for default legacy format. * Perl modules: - Dpkg::Vendor::Debian: Make it possible to disable qa=-bug-implicit-func. - Dpkg::Vendor::Debian: Unconditionally set qa bug-implicit-func. * Documentation: - man: Document dpkg versions supporting SOURCE_DATE_EPOCH for various tools. * Code internals: - libdpkg: Use array access instead of pointer arithmetic for meminfo parser. - libdpkg: Use a macro to define the zstd default compression level. * Build system: - Test with minimal library dependencies in CI. - Add gen-release script. * Packaging: - Fix typo in man page reference in changelog. * Test suite: - Refactor OpenPGP backend and commands list. - Refactor certfile and keyfile filenames for OpenPGP test. - Skip OpenPGP tests if the backend does not have a verify command. * Localization: - Fix typos in Swedish man pages translations. - Fix typos in Swedish man pages translations. - Update Dutch man pages translations. - Update Portuguese man pages translations. - Update German man pages translation. ==== vim ==== Version update (9.1.0151 -> 9.1.0301) Subpackages: vim-data vim-data-common xxd - update to 9.1.0301 * Vim9: heredoc start may be recognized in string * Missing test for what patch v9.1.0285 fixes * Vim9: return type not set for a lambda assigned to script var * add runtime/doc/tags-* to ignore files * Updated translation * Update documentation * Patch 9.1.0296 causes too many issues * Fix a few issues with gvim.nsi * regexp: engines do not handle case-folding well * filetype: pip config files are not recognized * Text height function does not respect it's argument * filetype: lxqt config files are not recognized * filetype: XDG mimeapps.list file is not recognized * filetype: libreoffice config files are not recognized * filetype: xilinx files are not recognized * filetype: some TeX files are not recognized * Vim9: comment may be treated as heredoc start * Vim9: E1027 with defcompile for abstract methods * Still problems with cursor position for CTRL-D/U * fix inaccuracies in pandoc compiler * make testclean is not able to delete failed screendumps * Update base-syntax, no curly-brace names in Vim9 script * Several small issues in doc and tests * Finding highlighting attributes is inefficient * Update cuda keywords, remove uncommonly used enumeration constants * several issues with 'smoothscroll' support * filetype: roc files are not recognized * filetype: zathurarc files not recognized * Cannot highlight the Command-line * No pandoc syntax support * filetype: R history files are not recognized * filetype: keymap files are not recognized * autocmd may change cwd after :tcd and :lcd * Update syntax generator, autocmd event list parsing * Normalise builtin-function optional parameter formatting * Correctly distribute libsodium with the installer * a few minor issues to fix * Test for TextChanged is still flaky with ASAN * Two tests in test_filechanged.vim are slow * File name entered in GUI dialog is ignored * fix :compiler leaving behind a g:makeprg variable * Remove more fallback :CompilerSet definitions from compiler plugins * filetype: earthfile files are not recognized * console dialog cannot save unnamed buffers * Fill in a few details regarding :enums * Remove fallback :CompilerSet definition from compiler plugins * libgpm may delete some signal handlers * Improve the matching of contextual keywords * Vim9: Problem with lambda blocks in enums and classes * Test for TextChanged is flaky with ASAN * Vim9: protected class and funcrefs accessible outside the class * Problems with "zb" and scrolling to new topline with 'smoothscroll' * filetype not detected when editing remote files * sort filetype.txt in the alphabetical order * Normal mode TextChanged isn't tested properly * half-page scrolling broke backward compatibility * Vim9: :call may not find imported class members * Finding autocmd events is inefficient * Vim9: no indication of script nr in stack trace of classes * [security]: Heap buffer overflow when calling complete_add() in 'cfu' * filetype: typespec files are not recognized * improve syntax highlighting for YAML * Vim9: segfault with static in super class * Filetype test fails * update syntax * filetype: ldscripts cannot be recognized * filetype: rock_manifest and config.ld files are not recognized * filetype: yarn lock files are not recognized * filetype: bundle config files are not recognized * filetype: fontconfig files are not recognized * filetype: zsh theme, history and zunit files are not recognized * filetype: bash history files are not recognized * filetype: netrw history file is not recognized * filetype: octave history files are not recognized * filetype: mysql history files are not recognized * filetype: some python tools config files are not recognized * filetype: gnuplot history files are not recognised * filetype: jupyterlab and sublime config are not recognized * filetype: mplstyle files are not recognized * filetype: texlua files are not recognized * filetype: supertux files are not recognized * filetype: support for Intel HEX files is lacking * Vim9: string() output of enum is problematic * Conceal test fails when rightleft feature is disabled * Filetype may be undetected when SwapExists sets ft in other buf * TextChanged autocommand not triggered under some circumstances * ensure compiler! sets global options * Distinguish Vim9 builtin object methods from namesake builtin functions * add support for Debian specific @includes * Error E877 is not translated * fix path of uganda.nsis.txt in german.nsi file * Two unrelated things are tested by a single test * Improve docs for empty(), len(), and string() on objects * Recording may still be wrong in Select mode * Not able to assign enum values to an enum static variable * test_matchparen not run in CI * cursor may move too many lines over "right" & "below" virt text * code duplication in loop to add active text properties ... changelog too long, skipping 119 lines ... * Coverity complains about ignoring return value ==== xfce4-branding-openSUSE ==== Version update (4.18.0+git1.8b02118 -> 4.18.0+git4.79f6d44) Subpackages: libgarcon-branding-openSUSE libxfce4ui-branding-openSUSE thunar-volman-branding-openSUSE xfce4-notifyd-branding-openSUSE xfce4-panel-branding-openSUSE xfce4-power-manager-branding-openSUSE xfce4-session-branding-openSUSE xfce4-settings-branding-openSUSE xfdesktop-branding-openSUSE xfwm4-branding-openSUSE - Update to version 4.18.0+git4.79f6d44: * Fix wallpaper folder structure * Better split tumbleweed and leap wallpapers * Added old wallpaper symlinks still needed by leap ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - U_render-Avoid-possible-double-free-in-ProcRenderAddGl.patch * fixes regression for security fix for CVE-2024-31083 (bsc#1222312, boo#1222442, gitlab xserver issue #1659) ==== xz ==== Subpackages: liblzma5 - revert the switch to tar_scm which dropped the signature validation - switch back to tarballs because the upstream tarballs are not gone - reinstanciate keyring from Lasse - go back to the last release signed by Lasse (5.4.2) - revert multibuild, drop service and rpmlintrc - use real_ver for the Source, move everything else back to %version like before the hectic XZ downgrade - remove payload setting, we are using zstd now - Switch to using tar_scm for fetching the sources as the upstream tarballs on github are gone - introduce _multibuild to allow building the translations outside of Ring0 and everything else in Ring0 - add rpmlintrc to silence harmless warnings ==== zxcvbn ==== - Make use of distro build flags