June 2023 - openSUSE Factory - openSUSE Mailing Lists

Re: tumbleweed snapshot download. is it mandatory?
by xtexchooser＠duck.com 10 Jun '23

10 Jun '23

I think yes Sent via t.me/gmailbot 2023-06-10 13:53 (GMT+00:00), vani jindam via openSUSE Factory <factory_at_lists.opensuse.org_xtexchooser(a)duck.com> said: > I am on tumbleweed. I regularly use # zypper update. > But today when i tried zypper update, it > suggested zypper dup. > Even i regularly do zypper up, i still > need to zypper dup for every release of snapshot? > Regards, > jindam >

1 0

New Tumbleweed snapshot 20230608 released!
by Dominique Leuenberger 10 Jun '23

10 Jun '23

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apparmor gtk4 (4.10.3 -> 4.10.4) kdump (1.0.2+git50.g4b01402 -> 1.0.3) libapparmor libnettle (3.9 -> 3.9.1) libp11 mozilla-nss (3.89 -> 3.89.1) postfix (3.8.0 -> 3.8.1) python-scour python-setuptools (67.7.2 -> 67.8.0) spice (0.15.1 -> 0.15.2) sushi (43.0 -> 44.2) vte (0.72.1 -> 0.72.2) xmlstarlet yast2-storage-ng (4.6.10 -> 4.6.11) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor - fix aa-status --json output (aa-status-fix-json-mr1046.patch, boo#1211980#c12) ==== gtk4 ==== Version update (4.10.3 -> 4.10.4) Subpackages: gtk4-lang gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.10.4: + GtkFileChooser: Fix some memory leaks + GtkUriLauncher: Validate the uri + GtkStack: Fix a crash + GtkGridView: Respect css border-spacing + GtkScrolledWindow: Propagate child measure size whenever possible + GtkPopoverMenu: Avoid unnecessary left padding + GtkSearchEntry: Improve size allocation for the clear icon + X11: - Avoid black flickering with xwayland window decorations - Trap XRandr errors + CSS: Various fixes to transitions + Updated translations. - Drop patches fixed upstream: + fix-gridview.patch + gtk4-correctly-refresh-after-delete.patch + 966a2350.patch ==== kdump ==== Version update (1.0.2+git50.g4b01402 -> 1.0.3) - bumped version update to v1.0.3 - Honor the KDUMP_VERBOSE setting in kdump-save - fix distro prefix for ALP - add calibrate values for ALP (copied from TW) ==== libapparmor ==== - fix aa-status --json output (aa-status-fix-json-mr1046.patch, boo#1211980#c12) ==== libnettle ==== Version update (3.9 -> 3.9.1) Subpackages: libhogweed6 libhogweed6-32bit libnettle8 libnettle8-32bit - Include the nettle library manual in HTML and PDF formats in the devel package. - update to 3.9.1: [bsc#1212112] * Fix bug in the new OCB code may be exploitable for denial of service or worse due to memory corruption ==== libp11 ==== - Add support for openSSL 3.1: + Add libp11-openssl-3.1.patch: handle openSSL 3.1 the same as 3.0 + Add libtool BuildRequires and call autoreconf: abobe patch touches the build system. + Add baselibs.conf ==== mozilla-nss ==== Version update (3.89 -> 3.89.1) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools - update to NSS 3.89.1 * bmo#1804505 - Update the technical constraints for KamuSM. * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates. ==== postfix ==== Version update (3.8.0 -> 3.8.1) - update to 3.8.1 * Optional: harden a Postfix SMTP server against remote SMTP clients that violate RFC 2920 (or 5321) command pipelining constraints. With "smtpd_forbid_unauth_pipelining = yes", the server disconnects a client immediately, after responding with "554 5.5.0 Error: SMTP protocol synchronization" and after logging "improper command pipelining" with the unexpected remote SMTP client input. This feature is disabled by default in Postfix 3.5-3.8 to avoid breaking home-grown utilities, but it is enabled by default in Postfix 3.9. A similar feature is enabled by default in the Exim SMTP server. * Optional: some OS distributions crank up TLS security to 11, and in doing so increase the number of plaintext email deliveries. This introduces basic OpenSSL configuration file support that may be used to override OS-level settings. Details are in the postconf(5) manpage under tls_config_file and tls_config_name. * Bugfix (defect introduced: Postfix 1.0): the command "postconf .. name=v1 .. name=v2 .." (multiple instances of the same parameter name) created multiple main.cf name=value entries with the same parameter name. It now logs a warning and skips the earlier name(s) and value(s). Found during code maintenance. * Bugfix (defect introduced: Postfix 3.3): the command "postconf - M name1/type1='name2 type2 ...'" died with a segmentation violation when the request matched multiple master.cf entries. The master.cf file was not damaged. Problem reported by SATOH Fumiyasu. * Bugfix (defect introduced: Postfix 2.11): the command "postconf - M name1/type1='name2 type2 ...'" could add a service definition to master.cf that conflicted with an already existing service definition. It now replaces all existing service definitions that match the service pattern 'name1/type1' or the service name and type in 'name2 type2 ...' with a single service definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu. * Bugfix (defect introduced: Postfix 3.8) the posttls-finger command could access uninitialized memory when reconnecting. This also fixes a malformed warning message when a destination contains ":service" information. Reported by Thomas Korbar. * Bugfix (defect introduced: Postfix 3.2): the MySQL client could return "not found" instead of "error" (for example, resulting in a 5XX SMTP status instead of 4XX) during the time that all MySQL server connections were turned down after error. Found during code maintenance. File: global/dict_mysql.c. This was already fixed in Postfix 3.4-3.7. ==== python-scour ==== - drop python 2 support, do not require six - added patches https://github.com/scour-project/scour/pull/306 + python-scour-no-python2.patch ==== python-setuptools ==== Version update (67.7.2 -> 67.8.0) - Update to 67.8.0: * #3128: In deprecated easy_install, reload and merge the pth file before saving. * #3915: Adequate tests to the latest changes in virtualenv for Python 3.12. ==== spice ==== Version update (0.15.1 -> 0.15.2) - Update to v0.15.2 release * This is a bug fix release with no upstream changelog ==== sushi ==== Version update (43.0 -> 44.2) Subpackages: sushi-lang - Update to version 44.2: + Fix loading certain documents in evince. + Updated translations. ==== vte ==== Version update (0.72.1 -> 0.72.2) Subpackages: libvte-2_91-0 typelib-1_0-Vte-2_91 vte-lang - Update to version 0.72.2: * emulation: Fix infinite loop on non-number OSC 104 param * widget: Don't consume right clicks on gtk4 - Drop 24547fb3.patch: Fixed upstream. ==== xmlstarlet ==== - Modernise spec file - Remove unused rpmlintrc filter ==== yast2-storage-ng ==== Version update (4.6.10 -> 4.6.11) - Prevent setting the volume label for a mounted btrfs or swap (bsc#1211337) - 4.6.11

1 0

New Tumbleweed snapshot 20230607 released!
by Dominique Leuenberger 09 Jun '23

09 Jun '23

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: busybox (1.36.0 -> 1.36.1) evolution (3.48.2 -> 3.48.3) evolution-data-server (3.48.2 -> 3.48.3) git (2.40.1 -> 2.41.0) gnome-shell (44.1 -> 44.2) gtk4 kernel-firmware (20230517 -> 20230531) kernel-source (6.3.4 -> 6.3.6) libXpresent libstorage-ng (4.5.115 -> 4.5.116) libzypp (17.31.11 -> 17.31.12) live555 (2023.01.19 -> 2023.05.10) llvm16 (16.0.4 -> 16.0.5) m17n-db (1.8.0 -> 1.8.2) mariadb mutter (44.1+2 -> 44.2) openssh (8.9p1 -> 9.3p1) openssh-askpass-gnome (8.9p1 -> 9.3p1) permissions (1699_20230516 -> 1699_20230602) polkit-default-privs (1550+20230517.ab68b2d -> 1550+20230606.5001571) qt6-base rubygem-ruby-dbus (0.22.1 -> 0.23.0.beta1) shim-leap suse-module-tools (16.0.30 -> 16.0.31) systemd-presets-branding-openSUSE yast2-trans (84.87.20230516.e4ba802a -> 84.87.20230602.240a95214f) === Details === ==== busybox ==== Version update (1.36.0 -> 1.36.1) Subpackages: busybox-static - update to 1.36.1: * fixes for line editing, detection of hardware sha1/sha256 support, unzip (do not create suid/sgid files unless -K), shell (printf and sleep with no args, handing of SIGINT in sleep), ed. ==== evolution ==== Version update (3.48.2 -> 3.48.3) Subpackages: evolution-lang evolution-plugin-spamassassin - Update to version 3.48.3: + Bugs fixed: - EShellSearchbar: Cannot clear search by deleting text. - Mail: . Preview content sometimes grows indefinitely. . Workaround recursion in iframe height computation. - Composer: Use 'Wrap quoted text in replies' option also for text/html parts. ==== evolution-data-server ==== Version update (3.48.2 -> 3.48.3) Subpackages: evolution-data-server-lang libcamel-1_2-64 libebackend-1_2-11 libebook-1_2-21 libebook-contacts-1_2-4 libecal-2_0-2 libedata-book-1_2-27 libedata-cal-2_0-2 libedataserver-1_2-27 libedataserverui-1_2-4 - Update to version 3.48.3: + Bug Fixed: EWebDAVSession: Claim also error nodes from propstat response. ==== git ==== Version update (2.40.1 -> 2.41.0) Subpackages: git-core git-email git-gui git-svn git-web gitk perl-Git - git 2.41.0: This update contains a number of compatible updates, improvements and extensions to multiple workflows. Some changes may break backwards compatibility: * The libsecret credential helper obsoletes direct GNOME keyring support, which was dropped (git-credential-gnome-keyring) * "git format-patch" has been taught to ignore end-user configuration ("diff.noprefix") and always use the standard prefixes, to avoid breaking the receiving end of the patch - drop sha256_clone_fix.patch ==== gnome-shell ==== Version update (44.1 -> 44.2) Subpackages: gnome-extensions gnome-shell-calendar gnome-shell-lang - Update to version 44.2: + Improve built-in screen recorder + Use user-defined names in bluetooth menu + Fix stuck authentication dialog in remote sessions + Fix glitches in calendar when using large-text option + Fix IM popup getting stuck on engine changes + Fixed crash + Misc. bug fixes and cleanups + Updated translations. ==== gtk4 ==== Subpackages: gtk4-lang gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Add fix-gridview.patch: Add border-spacing where it was missed. We were computing column widths without taking border-spacing into account, making them slightly too big (glgo#GNOME/nautilus#2980). ==== kernel-firmware ==== Version update (20230517 -> 20230531) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20230531 (git commit 9d4c9a52c237): * qcom: apq8016: add Dragonboard 410c WiFi and modem firmware * cirrus: Add firmware for new Asus ROG Laptops * brcm: Add symlinks from Pine64 devices to AW-CM256SM.txt * amdgpu: Update GC 11.0.1 and 11.0.4 * rtw89: 8851b: add firmware v0.29.41.0 * amdgpu: update yellow carp firmware for amd.5.5 release * amdgpu: update navi14 firmware for amd.5.5 release * amdgpu: update navi12 firmware for amd.5.5 release * amdgpu: update vega20 firmware for amd.5.5 release * amdgpu: update vega12 firmware for amd.5.5 release * amdgpu: update navi10 firmware for amd.5.5 release * amdgpu: update vega10 firmware for amd.5.5 release * amdgpu: update PSP 13.0.11 firmware for amd.5.5 release * amdgpu: update GC 11.0.4 firmware for amd.5.5 release * amdgpu: update SDMA 6.0.1 firmware for amd.5.5 release * amdgpu: update PSP 13.0.4 firmware for amd.5.5 release * amdgpu: update GC 11.0.1 firmware for amd.5.5 release * amdgpu: update 13.0.8 firmware for amd.5.5 release * amdgpu: update GC 10.3.7 firmware for amd.5.5 release * amdgpu: update vangogh firmware for amd.5.5 release * amdgpu: update VCN 4.0.4 firmware for amd.5.5 release * amdgpu: update SMU 13.0.7 firmware for amd.5.5 release * amdgpu: update PSP 13.0.7 firmware for amd.5.5 release * amdgpu: update GC 11.0.2 firmware for amd.5.5 release * amdgpu: update renoir firmware for amd.5.5 release * amdgpu: update VCN 4.0.0 firmware for amd.5.5 release * amdgpu: update SMU 13.0.0 firmware for amd.5.5 release * amdgpu: update PSP 13.0.0 firmware for amd.5.5 release * amdgpu: update GC 11.0.0 firmware for amd.5.5 release * amdgpu: update green sardine firmware for amd.5.5 release * amdgpu: update beige goby firmware for amd.5.5 release * amdgpu: update dimgrey cavefish firmware for amd.5.5 release * amdgpu: update arcturus firmware for amd.5.5 release * amdgpu: update vcn 3.1.2 firmware for amd.5.5 release * amdgpu: update psp 13.0.5 firmware for amd.5.5 release * amdgpu: update GC 10.3.6 firmware for amd.5.5 release * amdgpu: update navy flounder firmware for amd.5.5 release * amdgpu: update sienna cichlid firmware for amd.5.5 release * amdgpu: update aldebaran firmware for amd.5.5 release * amdgpu: DMCUB updates for various AMDGPU asics * ice: update ice DDP comms package to 1.3.40.0 * cxgb4: Update firmware to revision 1.27.3.0 - Fix the broken symlink targets for cirrus firmware: cirrus-WHENCE-link-fixes.patch - Clean up spec template to match with the actual output ==== kernel-source ==== Version update (6.3.4 -> 6.3.6) - Linux 6.3.6 (bsc#1012628). - netfilter: ctnetlink: Support offloaded conntrack entry deletion (bsc#1012628). - cpufreq: amd-pstate: Add ->fast_switch() callback (bsc#1012628). - cpufreq: amd-pstate: Update policy->cur in amd_pstate_adjust_perf() (bsc#1012628). - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (bsc#1012628). - net: phy: mscc: enable VSC8501/2 RGMII RX clock (bsc#1012628). - cpufreq: amd-pstate: Remove fast_switch_possible flag from active driver (bsc#1012628). - vfio/type1: check pfn valid before converting to struct page (bsc#1012628). - blk-mq: fix race condition in active queue accounting (bsc#1012628). - blk-wbt: fix that wbt can't be disabled by default (bsc#1012628). - bpf, sockmap: Incorrectly handling copied_seq (bsc#1012628). - bpf, sockmap: Wake up polling after data copy (bsc#1012628). - bpf, sockmap: TCP data stall on recv before accept (bsc#1012628). - bpf, sockmap: Handle fin correctly (bsc#1012628). - bpf, sockmap: Improved check for empty queue (bsc#1012628). - bpf, sockmap: Reschedule is now done through backlog (bsc#1012628). - bpf, sockmap: Convert schedule_work into delayed_work (bsc#1012628). - bpf, sockmap: Pass skb ownership through read_skb (bsc#1012628). - gpio-f7188x: fix chip name and pin count on Nuvoton chip (bsc#1012628). - net/mlx5: E-switch, Devcom, sync devcom events and devcom comp register (bsc#1012628). - Revert "net/mlx5: Expose vnic diagnostic counters for eswitch managed vports" (bsc#1012628). - Revert "net/mlx5: Expose steering dropped packets counter" (bsc#1012628). - net/mlx5e: TC, Fix using eswitch mapping in nic mode (bsc#1012628). - drm/i915: Fix PIPEDMC disabling for a bigjoiner configuration (bsc#1012628). - drm/i915: Disable DPLLs before disconnecting the TC PHY (bsc#1012628). - drm/i915: Move shared DPLL disabling into CRTC disable hook (bsc#1012628). - ASoC: Intel: avs: Fix module lookup (bsc#1012628). - cxl/port: Fix NULL pointer access in devm_cxl_add_port() (bsc#1012628). - net: fec: add dma_wmb to ensure correct descriptor values (bsc#1012628). - tls: rx: strp: don't use GFP_KERNEL in softirq context (bsc#1012628). - tls: rx: strp: preserve decryption status of skbs when needed (bsc#1012628). - tls: rx: strp: factor out copying skb data (bsc#1012628). - tls: rx: strp: force mixed decrypted records into copy mode (bsc#1012628). - tls: rx: strp: fix determining record length in copy mode (bsc#1012628). - tls: rx: strp: set the skb->len of detached / CoW'ed skbs (bsc#1012628). - tls: rx: device: fix checking decryption status (bsc#1012628). - gpiolib: fix allocation of mixed dynamic/static GPIOs (bsc#1012628). - bpf: netdev: init the offload table earlier (bsc#1012628). - platform/x86/amd/pmf: Fix CnQF and auto-mode after resume (bsc#1012628). - power: supply: rt9467: Fix passing zero to 'dev_err_probe' (bsc#1012628). - selftests/bpf: Fix pkg-config call building sign-file (bsc#1012628). - ARM: dts: imx6ull-dhcor: Set and limit the mode for PMIC buck 1, 2 and 3 (bsc#1012628). - coresight: perf: Release Coresight path when alloc trace id failed (bsc#1012628). - spi: spi-geni-qcom: Select FIFO mode for chip select (bsc#1012628). - firmware: arm_ffa: Fix usage of partition info get count flag (bsc#1012628). - firmware: arm_scmi: Fix incorrect alloc_workqueue() invocation (bsc#1012628). - commit f583ba4 - drm/amd/display: Only wait for blank completion if OTG active (https://gitlab.freedesktop.org/drm/amd/-/issues/2447) - commit fc379fb - Revert "Remove usrmerge compatibility symlink in buildroot (boo#1211796)" This reverts commit b8e00c5a84bcd75a1e2c491b6de601278e1572c7. It still breaks build as it needs support in kmod (SR#1089967). - commit 6db9c44 - Revert "Fix usrmerge error (boo#1211796)" This reverts commit da84579e78f4c4efa5b3b910484fdaedc79fefec. It still breaks build as it needs support in kmod (SR#1089967). - commit 4b4675f - Revert "Revert "Remove usrmerge compatibility symlink in buildroot (boo#1211796)"" This reverts commit d3cbce2379049d1657919d6ced51f6f5141f66fd, we will merge a fix from the packaging branch. - commit 07d1779 - Fix usrmerge error (boo#1211796) - commit da84579 - Revert "Remove usrmerge compatibility symlink in buildroot (boo#1211796)" ... changelog too long, skipping 225 lines ... - commit fc86ff2 ==== libXpresent ==== - Add -32bit package ==== libstorage-ng ==== Version update (4.5.115 -> 4.5.116) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.116 ==== libzypp ==== Version update (17.31.11 -> 17.31.12) - Do not unconditionally release a medium if provideFile failed (bsc#1211661) - libzypp.spec.cmake: remove duplicate file listing. - version 17.31.12 (22) ==== live555 ==== Version update (2023.01.19 -> 2023.05.10) Subpackages: libBasicUsageEnvironment2 libUsageEnvironment3 libgroupsock30 libliveMedia107 - update to 2023.5.10: * Fixed a minor memory leak in the "RTSPServer" code. * Calls to "send()" and "sendto()" now explicitly take "MSG_NOSIGNAL" rather than 0 as the 'flags' parameter. In most systems, 0 seems to work, but apparently not in Debian Linux. ==== llvm16 ==== Version update (16.0.4 -> 16.0.5) Subpackages: clang-tools clang16 libLLVM16 libclang-cpp16 libclang13 llvm16-gold - Update to version 16.0.5. * This release contains bug-fixes for the LLVM 16.0.0 release. This release is API and ABI compatible with 16.0.0. - Rebase patches: * llvm-do-not-install-static-libraries.patch * llvm-remove-clang-only-flags.patch - Enable ThinLTO on riscv64. ==== m17n-db ==== Version update (1.8.0 -> 1.8.2) Subpackages: m17n-db-lang - update to 1.8.2: * New input methods are added. * si-sayura.mim: Sinhala input method using the sayura transliteration system, see https://www.sayura.net/im/ * mr-gamabhana.mim: Marathi input method with GaMaBhaNa * bn-national-jatiya.mim: Bengali input method National Jatiya layout * hu-rovas-post: icon added. * kn-inscript.mim: Add mapping for ZWNJ * gu-itrans.mim: Fix e o mappings * bo-ewts.mim: Fix ld mapping * bo-ewts.mim: remove whitespace in rn and brn mapping * Changes in the build system. * pa-remington.mim: Punjabi input method for remington layout * ta-remington.mim: Tamil input method for Remington typewriter layout * as-inscript2.mim: Input method for enhanced inscript layout * bn-inscript2.mim: Input method for enhanced inscript layout * brx-inscript2-deva.mim: Input method for enhanced inscript layout * doi-inscript2-deva.mim: Input method for enhanced inscript layout * gu-inscript2.mim: Input method for enhanced inscript layout * hi-inscript2.mim: Input method for enhanced inscript layout * kn-inscript2.mim: Input method for enhanced inscript layout * kok-inscript2-deva.mim: Input method for enhanced inscript layout * ks-inscript2-deva.mim: Input method for enhanced inscript layout * mai-inscript2.mim: Input method for enhanced inscript layout * ml-inscript2.mim: Input method for enhanced inscript layout * mni-inscript2-beng.mim: Input method for enhanced inscript layout * mni-inscript2-mtei.mim: Input method for enhanced inscript layout * mr-inscript2.mim: Input method for enhanced inscript layout * ne-inscript2-deva.mim: Input method for enhanced inscript layout * or-inscript2.mim: Input method for enhanced inscript layout * pa-inscript2-guru.mim: Input method for enhanced inscript layout * sa-inscript2.mim: Input method for enhanced inscript layout * sat-inscript2-deva.mim: Input method for enhanced inscript layout * sat-inscript2-olck.mim: Input method for enhanced inscript layout * sd-inscript2-deva.mim: Input method for enhanced inscript layout * ta-inscript2.mim: Input method for enhanced inscript layout * te-inscript2.mim: Input method for enhanced inscript layout * ml-swanalekha.mim: Adjusted for the latest Unicode * unicode.mim: allow input of characters above the BMP * ar-kbd.mim: Use digits 0-9 on the 0-9 keys * ml-mozhi.mim: fix spurious ZWNJ being added (Resolves: https://savannah.nongnu.org/bugs/index.php?59681) ==== mariadb ==== Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - Skip test on s390x to fix build on ALP, bsc#1211859 - Update list of skipped tests ==== mutter ==== Version update (44.1+2 -> 44.2) Subpackages: mutter-lang - Update to version 44.2: + Fix DND in some server-side decorated windows + Fix redrawing regression in non-DMA remote sessions + Avoid race condition in xwayland-on-demand + Do not unminimize windows with initial IconicState + Fix mispositioning of some X11 fullscreen windows + Fix legacy fullscreen windows appearing on all monitors + Improve support for display-attached tablets + Fix stuck cursor in some clients + Avoid unexpected orientation changes around suspend/resume + Fix oversized input region around Xwayland windows + Fix X11 client input region issues + Plugged leak + Fixed crashes + Misc. bug fixes and cleanups + Updated translations. - Drop patches fixed upstream: + mutter-do-not-unminimize-windows-with-initial-iconic.patch + mutter-fix-wacom-tablet-crash.patch ==== openssh ==== Version update (8.9p1 -> 9.3p1) Subpackages: openssh-clients openssh-common openssh-server - Update to openssh 9.3p1: = Security * ssh-add(1): when adding smartcard keys to ssh-agent(1) with the per-hop destination constraints (ssh-add -h ...) added in OpenSSH 8.9, a logic error prevented the constraints from being communicated to the agent. This resulted in the keys being added without constraints. The common cases of non-smartcard keys and keys without destination constraints are unaffected. This problem was reported by Luci Stanescu. * ssh(1): Portable OpenSSH provides an implementation of the getrrsetbyname(3) function if the standard library does not provide it, for use by the VerifyHostKeyDNS feature. A specifically crafted DNS response could cause this function to perform an out-of-bounds read of adjacent stack data, but this condition does not appear to be exploitable beyond denial-of- service to the ssh(1) client. The getrrsetbyname(3) replacement is only included if the system's standard library lacks this function and portable OpenSSH was not compiled with the ldns library (--with-ldns). getrrsetbyname(3) is only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This problem was found by the Coverity static analyzer. = New features * ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm selection. bz3493 * sshd(8): add a `sshd -G` option that parses and prints the effective configuration without attempting to load private keys and perform other checks. This allows usage of the option before keys have been generated and for configuration evaluation and verification by unprivileged users. = Bugfixes * scp(1), sftp(1): fix progressmeter corruption on wide displays; bz3534 * ssh-add(1), ssh-keygen(1): use RSA/SHA256 when testing usability of private keys as some systems are starting to disable RSA/SHA1 in libcrypto. * sftp-server(8): fix a memory leak. GHPR363 * ssh(1), sshd(8), ssh-keyscan(1): remove vestigal protocol compatibility code and simplify what's left. * Fix a number of low-impact Coverity static analysis findings. These include several reported via bz2687 * ssh_config(5), sshd_config(5): mention that some options are not first-match-wins. * Rework logging for the regression tests. Regression tests will now capture separate logs for each ssh and sshd invocation in a test. * ssh(1): make `ssh -Q CASignatureAlgorithms` work as the manpage says it should; bz3532. * ssh(1): ensure that there is a terminating newline when adding a new entry to known_hosts; bz3529 = Portability * sshd(8): harden Linux seccomp sandbox. Move to an allowlist of mmap(2), madvise(2) and futex(2) flags, removing some concerning kernel attack surface. * sshd(8): improve Linux seccomp-bpf sandbox for older systems; bz3537 - Update to openssh 9.2p1: = Security * sshd(8): fix a pre-authentication double-free memory fault introduced in OpenSSH 9.1. This is not believed to be exploitable, and it occurs in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms. * ssh(8): in OpenSSH releases after 8.7, the PermitRemoteOpen option would ignore its first argument unless it was one of the special keywords "any" or "none", causing the permission list to fail open if only one permission was specified. bz3515 * ssh(1): if the CanonicalizeHostname and CanonicalizePermittedCNAMEs options were enabled, and the system/libc resolver did not check that names in DNS responses were valid, then use of these options could allow an attacker with control of DNS to include invalid characters (possibly including wildcards) in names added to known_hosts files when they were updated. These names would still have to match the CanonicalizePermittedCNAMEs allow-list, so practical exploitation appears unlikely. = Potentially-incompatible changes * ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that controls whether the client-side ~C escape sequence that provides a command-line is available. Among other things, the ~C command-line could be used to add additional port-forwards at runtime. This option defaults to "no", disabling the ~C command-line that was previously enabled by default. Turning off the command-line allows platforms that support sandboxing of the ssh(1) client (currently only OpenBSD) to use a stricter default sandbox policy. = New features * sshd(8): add support for channel inactivity timeouts via a new sshd_config(5) ChannelTimeout directive. This allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. * sshd(8): add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for a length of time. This complements the ChannelTimeout option above. * sshd(8): add a -V (version) option to sshd like the ssh client ... changelog too long, skipping 345 lines ... - wtmpdb.patch: add support for wtmpdb to sshd [jsc#PED-3144] ==== openssh-askpass-gnome ==== Version update (8.9p1 -> 9.3p1) - openssh-askpass-gnome: require only openssh-clients, not the full openssh (including -server), to avoid pulling in excessive dependencies when installing git on Gnome (boo#1211446) - Update to openssh 9.3p1 * No changes for askpass, see main package changelog for details ==== permissions ==== Version update (1699_20230516 -> 1699_20230602) Subpackages: chkstat permissions-config - Update to version 20230602: * profiles: remove dropped pppoe-wrapper ==== polkit-default-privs ==== Version update (1550+20230517.ab68b2d -> 1550+20230606.5001571) - Update to version 1550+20230606.5001571: * Whitelist org.freedesktop.systemd1.bypass-dump-ratelimit (bsc#1211978) - Update to version 1550+20230602.0c9c3c6: * profiles: drop dead mousepad action ==== qt6-base ==== Subpackages: libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6Sql6 libQt6Test6 libQt6Widgets6 qt6-network-tls qt6-platformtheme-gtk3 - Add patch for QTabBar regression in Qt 6.5.1 (QTBUG-114204) * 0001-tabbar-fix.patch ==== rubygem-ruby-dbus ==== Version update (0.22.1 -> 0.23.0.beta1) - 0.23.0.beta1 Bug fixes: * A service can now have more than one name (gh#mvidner/ruby-dbus#69). Connection#request_service is deprecated in favor of Connection#object_server and BusConnection#request_name API: * Remove Service, splitting it into ProxyService and ObjectServer * Split off BusConnection from Connection ==== shim-leap ==== - Update shim-install to support FDE + Read GRUB_CRYPTODISK_PASSWORD and GRUB_TPM2_SEALED_KEY to create the proper cryptomount command for grub.cfg + Save the PCR snapshot if grub2 supports the command + Support 'no_grub_install' to skip grub2-install + Detect the OS ID of openSUSE Leap ==== suse-module-tools ==== Version update (16.0.30 -> 16.0.31) Subpackages: suse-module-tools-scriptlets - Update to version 16.0.31: * rpm-script: skip run_bootloader check (boo#1208117) ==== systemd-presets-branding-openSUSE ==== - fix drkonqi entry, should end with .service ==== yast2-trans ==== Version update (84.87.20230516.e4ba802a -> 84.87.20230602.240a95214f) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sr yast2-trans-sv yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20230602.240a95214f: * New POT for text domain 'control'. * Translated using Weblate (Macedonian) * New POT for text domain 'autoinst'.

1 0

kernel 6.3.3 breaks XFS
by Fritz Hudnut 09 Jun '23

09 Jun '23

> ---------- Forwarded message ---------- > From: ASSI <Stromeko(a)nexgo.de> > To: Richard Brown <rbrown(a)suse.de> > Cc: factory(a)lists.opensuse.org > Bcc: > Date: Sat, 27 May 2023 07:01:08 +0200 > Subject: Re: kernel 6.3.3 breaks XFS > Richard Brown writes: > > That said, the redhat bug report suggests it happens with the kernel > > version we already have out..so maybe moving forward would be the best > > thing to do. > > So, I thought I could get the kernel 6.2.12 back via tumbleweed-cli, but > of course it's already expired (would have been in 20230422). Any other > options? > > > Regards, > Achim. > -- > +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ > > Waldorf MIDI Implementation & additional documentation: > http://Synth.Stromeko.net/Downloads.html#WaldorfDocs > > > > ---------- Forwarded message ---------- > From: Emanuel Castelo <emanuel.castelo(a)icloud.com> > To: ASSI <Stromeko(a)nexgo.de> > Cc: Richard Brown <rbrown(a)suse.de>, OpenSuse-Factory <factory(a)lists.opensuse.org> > Bcc: > Date: Sat, 27 May 2023 04:40:42 -0400 > Subject: Re: kernel 6.3.3 breaks XFS > Btrfs snapshot assuming you have it enabled? Can you move it forward?? I had some issue with nvidia stuff in my Leap install and I believe it was Takashi at bugzilla recommended going to the newest kernel available at the "OBS" site, selecting an "lp" kernel . . . that did work to fix the problem. Didn't see the link for it just now, I'm in Bookworm for the morning. F

4 3

openSUSE:Factory - Build fail notification
by DimStar / Dominique Leuenberger 08 Jun '23

08 Jun '23

Dear Package maintainers and hackers. Below package(s) in openSUSE:Factory have had problems for at least 4 weeks. We tried to send out notifications to the configured bugowner/maintainers of the package(s), but so far no fix has been submitted. This probably means that the maintainer/bugowner did not yet find the time to look into the matter and he/she would certainly appreciate help to get this sorted. - matrix-synapse: Unresolvable - python-djvulibre: Fails to build - python-nss: Fails to build - python-sigal: Fails to build - python-weasyprint: Fails to build - traefik: Fails to build Unless somebody is stepping up and submitting fixes, the listed package(s) are going to be removed from openSUSE:Factory. Kind regards, DimStar / Dominique Leuenberger <dimstar(a)opensuse.org>

1 0

Why don't move to zram?
by Walddys Emmanuel Dorrejo Céspedes 08 Jun '23

08 Jun '23

Hello, In base of the next article https://dev.to/archerallstars/lets-fine-tune-your-zram-aka-free-ram-in-open…, which i found more practical zram for swappiness than the other alternatives. With how most users aren't settings the swap correctly or using the default partition of yast2 of 2 Gb when enabled swap or default template installation guided, it would be good to add to the default packages installed systemd-zram-services, which add the zramswapon with the recommendation from the article and at the same time disable by default swap creating when creating the partition layout in the installation process. This will create a zram of the same size of the ram of the user with compression improve the performance of the machine for those users with low ram, or with a lot of comsunption of ram.

8 10

openSUSE Release Engineering meeting 07.06.2023
by Lubos Kocman 07 Jun '23

07 Jun '23

All meeting minutes can be found here: https://etherpad.opensuse.org/p/ReleaseEngineering-meeting The meeting is hosted here https://meet.opensuse.org/ReleaseEngineeringMeeting ## Attendees lkocman, Sarah, rbrown, max, Guillaume_G, doug, anag, wengel ## Leap Leap 15.5 GA is today! "Marketing availability" at 12:00 UTC lkocman is in prg office for the Open House event in the Prague office Annoucement of 15.6 https://news.opensuse.org/2023/06/06/leap-15.6-annoucement/ We'll update article with link to my osc2023 "Leap 16.0?" talk as soon as recording is published. 4k key instructions for upgrade https://doc.opensuse.org/release-notes/x86_64/openSUSE/Leap/15.5/#security https://en.opensuse.org/SDB:System_upgrade#0._New_4096_bit_RSA_signing_key Leap 15.5 Retrospective is now open! https://survey.opensuse.org/ Leap 15.5 IPRQ re-re-re-escalated. This legal approval is currently the only known release blocker. Legal doesn't want to approve the non-OSS part, as they do not have access to contract/agremeents fort the non-oss packages. I did inform them that I'm waiving this particular task for 15.5, given the situation with SUES legal, but we'll push to have this "all in order" for 15.6. RN + doc-o-o all set SCC enablement requested https://sd.suse.com/servicedesk/customer/portal/1/SD-122920 Transition will happen automatically Security Audit requested https://bugzilla.opensuse.org/show_bug.cgi?id=1211143 Green Kicked few feature requests that were pending python3.11 update (yubikey-manager etc). The current RN is hosted here (will not be listed on doc-o-o until GA) https://doc.opensuse.org/release-notes/x86_64/openSUSE/Leap/15.5 Need to be able to rebuild doc-o-o locally and rsync it over in case that Frank would not be around. openh264-repo 4k key setup (15.5 requries re-upload as we were using key from 15.4, Severin confirmed that he'll work on it next week). 15.4 image respin based on QU2 - makes no longer sense with 15.5 GA scheduled next week. ## openSUSE Tumbleweed Not available Max: all botmaster pipelines were broken due to a pipine was hanging then all agents vanished. Max fixed it 30 minutes ago. openSUSE:Factory build fail stats: 28 failed 33 unresolvable (on 20230510: 79 / 11) https://tinyurl.com/ysy4nnnz * Preparations for python 3.11-as-default-interpreter are ongoing. A lot of work happened in the last two weeks (wich many face2face encounters) * systemd maintainer submitted preset handling macros with file triggers; no direct need to change spec files (the old macros are defined to %nil, so don't break) * openssl 3.1 update has been submitted that should address most of the remaining issues. This might happen soon * 2k key formally being revoked from TW setup - the openh264 repo has been republished, the 3k key is no longer shipped to TW users. lkocman: will drop email to known thirdparty repos not under our control ## Richard (Aeon) MicroOS Desktop (GNOME) has been renamed openSUSE Aeon https://aeondesktop.org Product already being bootstrapped in OBS, using it as a pathfinder for the ALP Build Design (see below) Prototypical image being built, challenges with things like repo layout will likely be best handled by the repos-via-rpms already pioneered by Leap Richard has been hands on with Agama, has identified a few things that need addressing before Aeon could use it happily..may use it anyway https://github.com/openSUSE/agama/issues/602 https://github.com/openSUSE/agama/issues/601 Experimenting with ALP-like encrypted images with FDE and TPM unlock using kiwi Self-Installer. May be the 'one true way' of installing Aeon in the future, has far less options, isn't as pretty as Agama, but does the job we want it done the way we want it done. Much of this is dependant on ALP stuff getting into Factory which is WIP ## Richard (ALP Architecture) Prelimary ALP Build Design documented https://en.opensuse.org/openSUSE:ALP/BuildDesign ALP Architecture team is being bootstrapped https://en.opensuse.org/openSUSE:ALP/ArchitectureTeam Team will plan, design, experiment with ideas for future ALP-based openSUSE distros Efforts currently on hold/casually progressing with high-level discussions Will progress in earnist after SUSEcon when the current state of ALP can be fully shared ## Max Leap 15.5 * Disabled all 15.5 pipeline on botmaster * Disabled Leap, Leap-NonFree and Backports project * Set project attributes for maint update, OBS:RejectRequest and OBS:UpdateProject ## Guillaume - Arm Tumbleweed: * Still blocked on a plasma bug. openSUSE theme is not set on 1st boot (while installed and selected) which breaks openQA needles matching - https://bugzilla.opensuse.org/show_bug.cgi?id=1211628 Considering a workaround in openQA to unblock Tumbleweed Leap: * No update ALP: * shim not signed by MS (at least for aarch64, not sure for x86_64) - jsc#ARM-100 WSL: * Works with x86 emulator since appx installer is x86-64, but this is not really an issue since arm64 Win11 includes x86 emulator by default. Team is ok to publish it on Microsoft store anyway, but this would require some testing in openQA which is currently not possible (due to technical issues and MS licensing issues) https://progress.opensuse.org/issues/126083. Steps documented on the wiki to install the appx from download.o.o: https://en.opensuse.org/openSUSE:WSL#With_Appx_from_openSUSE_download_server ## Sarah - s390x Tumbleweed * release is rolling Leap: * working * waitingSubmissisions with fixes for gtkd and gnu-cobol: https://build.opensuse.org/request/show/1072852 https://build.opensuse.org/request/show/1078385 Sarah gave 2 talks at the openSUSE Conference The SUSE/openSUSE zSystems BBQ meeting will be 7th July 2023. The bi-weeky openSUSE zSystems meeting will switch from 18:00 to 19:00. ## Doug * Published a few articles submitted for news.o.o * openSUSE.Asia Summit * CfP should begin in the next two weeks * openSUSE Conference * videos are expected to be released at the end of June * Includes oSC23 & oSC22 (data was transfered) * Still processing some TSP submissions * Leap 15.5 release * Sent out info to press about release * Publishing social media posts about release * Still need future storage location * Contents have been isolated in one storage area to be transfered to knew location when that is available * Fedora flock CfP is open - https://cfp.fedoraproject.org/login * AI topics (static) *LFNW 2023 https://sessionize.com/lfnw2023 Looking for a volunteer to talk about ALP. ## Dirk Not available Further poking on the CDN / Fastly contract Submitted a few dozen python package updates * also todo announce tumbleweed maintainer policy draft currently working on testing those in a private staging test project * Started ALP:RISCV:* builds in the new build setup Biggest speedup can be observed by switching zlib to zlib-ng, so looked into fixing the build failures caused by switching to zlibo-ng- compat ## Wolfgang (Package Hub), Scott Bahling no news ## Maintenance team (Marcus or Maurizio (m4u)) Not available on the call openQA is stuck due to a regression - https://bugzilla.suse.com/show_bug.cgi?id=1211459 Leap Micro 5.4 maint-setup is active. Leap 15.5 setup is done, SLE export channel is still being refreshed occasionaly. 15.5 GA is currently scheduled for the 7th of June Key rotation: openSUSE:Leap:15.5 is done, Backports are bit more challenging because of SLES. Wolfgang: we're injecting the key. Marcus we probably want to do only Backports 15 SP5 for now. Backports 15SP5 key change, we have labs next week, so nobody would even notice a full rebuild :-) Wolfgang: do we add or replace key completely? The key will be kept on users Marcus was aiming for replacing the key, it would appear as added on existing systems. Marcus is working also on the SLES side, the update of package with the new key was released last week, it's just not activated yet, but it will be already trusted by Leap 15.5 systems. Leap 15.4 is working Leap Micro 5.3 is working Leap Micro 5.4 testing is now passing as well Leap 16.0 - we should revisit the update/sle repo as the current setup not exactly mirror friendly. Solutions could be dropping not so popular architectures or split repositories per architecture. securebootkey for SLES was rotated, it should be autotrusted and not noticeable. This will be in QU3, QU2 is already done. lkocman: 15.3 EOL could lead to stopping our physical Source DVD effort, as it seems we will not produce. As this was the last release which you could still get on a physical media. Lkocman: anything against decomissioning it? Not a single valid request since I've joined SUSE. We did receive only requests for binary install media which are not subject to ^. We do not plan to offer this for any new releases. ## Adrian - OBS Not available OBS build power is back to normal after fixing misconfiguration which kept workers busy. ## Open Floor

1 0

New Factory inclusion : topgrade
by Nicolas Formichella 06 Jun '23

06 Jun '23

Hello, I packaged[1] topgrade[2] (a upgrader tool that supports a ton of package managers (from zypper to git submodules and vim packages)) written in Rust It only currently builds on TW and on 15.5 (15.4 hasn't a new enough Rust version in the repos to make a dep function) and will be submitted for Factory inclusion in a bit. I'm, of course, open to suggestions. Regards, Nicolas FORMICHELLA [1]: https://github.com/topgrade-rs/topgrade [2]: https://build.opensuse.org/package/show/utilities/topgrade

4 3

New Tumbleweed snapshot 20230605 released!
by Dominique Leuenberger 06 Jun '23

06 Jun '23

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: ImageMagick (7.1.1.10 -> 7.1.1.11) MozillaFirefox-branding-openSUSE apparmor (3.1.3 -> 3.1.4) bcm43xx-firmware binutils ceph checkmedia (6.1 -> 6.2) cppcheck cups curl (8.1.1 -> 8.1.2) dav1d (1.2.0 -> 1.2.1) freerdp gc (8.2.2 -> 8.2.4) glslang (12.1.0 -> 12.2.0) gnome-mahjongg (3.38.3 -> 3.40.0) gnutls imlib2 (1.11.0 -> 1.11.1) javapackages-tools kio-extras5 kyotocabinet libX11 (1.8.4 -> 1.8.5) libapparmor (3.1.3 -> 3.1.4) libgsasl libmfx (22.6.5 -> 23.2.2) libproxy libproxy-plugins libreoffice (7.5.3.2 -> 7.5.4.1) librsvg (2.56.0 -> 2.56.1) libserf (1.3.9 -> 1.3.10) libstorage-ng (4.5.112 -> 4.5.115) libvirt (9.3.0 -> 9.4.0) libxcrypt (4.4.33 -> 4.4.34) libyui (4.5.2 -> 4.6.0) libyui-ncurses (4.5.2 -> 4.6.0) libyui-ncurses-pkg (4.5.2 -> 4.6.0) libyui-qt (4.5.2 -> 4.6.0) libyui-qt-graph (4.5.2 -> 4.6.0) libyui-qt-pkg (4.5.2 -> 4.6.0) lua54 (5.4.4 -> 5.4.6) man-pages (6.02 -> 6.04) manpages-l10n (4.18.1 -> 4.19.0) mariadb-connector-c (3.3.4 -> 3.3.5) mozilla-nss ncurses (6.4.20230506 -> 6.4.20230520) opensc openssl-1_1 (1.1.1t -> 1.1.1u) openssl-3 (3.0.8 -> 3.1.1) openssl (3.0.8 -> 3.1.1) perl-Bootloader (1.1 -> 1.2) perl-IO-Socket-SSL (2.081 -> 2.083) perl-Mojolicious (9.31 -> 9.32) perl-Net-DNS (1.37 -> 1.38) perl-libwww-perl (6.68 -> 6.70) python-argcomplete python-gevent python-libvirt-python (9.3.0 -> 9.4.0) python-rich (13.3.5 -> 13.4.1) python-rpm python-tornado6 (6.2 -> 6.3.2) python-zope.event qemu (8.0.0 -> 8.0.2) qt6-base rp-pppoe rpm rubygem-rack-2.2 (2.2.6.4 -> 2.2.7) sdl12_compat (1.2.60 -> 1.2.64) sendmail shaderc (2023.2 -> 2023.4) texlive tracker (3.5.2 -> 3.5.3) virtiofsd vulkan-loader (1.3.247 -> 1.3.250.0) vulkan-tools (1.3.247 -> 1.3.250.0) webkit2gtk3 (2.40.1 -> 2.40.2) webkit2gtk3-soup2 (2.40.1 -> 2.40.2) xfce4-power-manager (4.18.1 -> 4.18.2) xfce4-pulseaudio-plugin (0.4.6 -> 0.4.7) xfce4-screensaver (4.18.1 -> 4.18.2) xfce4-session (4.18.2 -> 4.18.3) yast2-apparmor (4.6.0 -> 4.6.1) yast2-auth-server (4.6.1 -> 4.6.2) yast2-control-center (4.6.0 -> 4.6.1) === Details === ==== ImageMagick ==== Version update (7.1.1.10 -> 7.1.1.11) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.1.11 * upstream changelog: https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-11---2023… ==== MozillaFirefox-branding-openSUSE ==== - add sle_version 150500 check - add some useful links about openSUSE in the about:newtab page - add sle_version 150300 and 150400 check ==== apparmor ==== Version update (3.1.3 -> 3.1.4) Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor - update to AppArmor 3.1.4 - parser: fix mount rules encoding (CVE-2016-1585) - aa-logprof: fix error when choosing named exec with plain profile names - aa-status: fix json output - several fixes for profiles and abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4 for the full upstream changelog ==== bcm43xx-firmware ==== - refresh BCM4345C[05].hcd from upstream URL ==== binutils ==== Subpackages: libctf-nobfd0 libctf0 - riscv-dynamic-tls-reloc-pie.patch: Backport for PR ld/22263 and PR ld/25694 - riscv-pr22263-1.patch: Backport for PR ld/22263 ==== ceph ==== Subpackages: librados2 librbd1 - Add "#!BuildConstraint" to spec files for compatibility with _multibuild ==== checkmedia ==== Version update (6.1 -> 6.2) Subpackages: libmediacheck6 - merge gh#openSUSE/checkmedia#17 - do not select EFI System Partition for digest calculation (bsc#1211953) - use default for SKIPSECTORS only for RH media - add man pages for checkmedia and tagmedia - add spec file for OBS - 6.2 ==== cppcheck ==== - test suite quirks: * Add patch disable-some-tests-about-char-signedness.patch, taken from Debian, to disable test "TestCondition::alwaysTrueContainer" which fails on "unsigned char" archs (arm, ppc) * Run test suite with "-j1", as TestProcessExecutor test is flaky otherwise ==== cups ==== Subpackages: cups-client cups-config libcups2 libcupsimage2 - cups-2.4.2-CVE-2023-32324.patch fixes CVE-2023-32324 "Heap buffer overflow in cupsd" https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 bsc#1211643 ==== curl ==== Version update (8.1.1 -> 8.1.2) Subpackages: libcurl4 - Update to 8.1.2: * Bugfixes: - configure: quote the assignments for run-compiler - configure: without pkg-config and no custom path, use -lnghttp2 - curl: cache the --trace-time value for a second - http2: fix EOF handling on uploads with auth negotiation - http3: send EOF indicator early as possible - lib1560: verify more scheme guessing - lib: remove unused functions, make single-use static - libcurl.m4: remove trailing 'dnl' that causes this to break autoconf - libssh: when keyboard-interactive auth fails, try password - misc: fix spelling mistakes - page-header: mention curl version and how to figure out current release - page-header: minor wording polish in the URL segment - scripts/singleuse.pl: add more API calls - urlapi: remove superfluous host name check ==== dav1d ==== Version update (1.2.0 -> 1.2.1) - Update to version 1.2.1 * Fix a threading race on task_thread.init_done * NEON z2 8bpc and high bit-depth optimizations * SSSE3 z2 high bit-depth optimziations * Fix a desynced luma/chroma planes issue with Film Grain * Reduce memory consumption * Improve dav1d_parse_sequence_header() speed * OBU: Improve header parsing and fix potential overflows * OBU: Improve ITU-T T.35 parsing speed * Misc buildsystems, CI and headers fixes - Add to description some performance mentions that set it apart from other packages e.g. gav1. ==== freerdp ==== Subpackages: libfreerdp2-2 libwinpr2-2 - Don't compile shared objects with -fPIE and use -pie only for executables - Reenable LTO on ARM ==== gc ==== Version update (8.2.2 -> 8.2.4) - Update to release 8.2.4 * Avoid potential race between realloc and GC_block_was_dirty * Fix comparisons to heap boundary in GC_get_back_ptr_info and GC_mark_from * Fix data race in GC_heapsize_at_forced_unmap variable * Workaround a malfunction of soft-dirty bits clearing on Power9 ==== glslang ==== Version update (12.1.0 -> 12.2.0) - Update to release 12.2.0 * Support GLSL_EXT_shader_tile_image, GL_EXT_ray_tracing_position_fetch, and custom include callbacks via the C API * Add preamble-text command-line option * Accept variables as parameters of spirv_decorate_id ==== gnome-mahjongg ==== Version update (3.38.3 -> 3.40.0) Subpackages: gnome-mahjongg-lang - Update to version 3.40.0: + Port to GTK4 and libadwaita + Build fixes + Fix hints + Translate scores dialog + help-overlay.ui: Remove ctrl+f1 shortcut + Updated translations. - Drop patches fixed upstream: + 26.patch + fix-new-cairo-select-tile.patch - Changes in BuildRequires following upstreams changes: + Dropped: hicolor-icon-theme, yelp-tools and pkgconfig(gtk+-3.0). + Added: appstream-glib, desktop-file-utils, itstool, pkgconfig(gtk4) and pkgconfig(libadwaita-1). - Stop passing compile-schemas and update-icon-cache to meson, no longer needed, nor recognized. - Add check section and run meson_test macro during build, validate appdata and desktop files. ==== gnutls ==== Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit - FIPS: Fix baselibs.conf to mention libgnutls30-hmac [bsc#1211476] Extend also the checks in gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch ==== imlib2 ==== Version update (1.11.0 -> 1.11.1) Subpackages: imlib2-loaders libImlib2-1 - update to 1.11.1: * imlib2: added loader for y4m files (uses liby4m and libyuv) * imlib2: add y4m test examples * Y4M loader: Various minor changes * autofoo: Tweak PACKAGE_DATA_DIR definition * XPM loader: Add rgb.txt * loaders: Fix loaders potentially being loaded more than once * loaders: Change method used to not unload loaders * Add JXL saver * loaders: Cosmetics ==== javapackages-tools ==== Subpackages: javapackages-filesystem - Enable the tests also for older distributions - Require python3-xml (python-xml for distributions that use versioned modules), since module xml needed by some scripts. ==== kio-extras5 ==== Subpackages: kio-extras5-lang libkioarchive5 - Add some missing BuildRequires (boo#1211933) ==== kyotocabinet ==== - Update url to new website. ==== libX11 ==== Version update (1.8.4 -> 1.8.5) Subpackages: libX11-6 libX11-data libX11-xcb1 - Update to version 1.8.5 * gitlab CI: Add libtool to required packages * configure: raise minimum autoconf requirement to 2.70 * configure: replace deprecated AC_HELP_STRING with AS_HELP_STRING * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * gitlab CI: add workflow rules * nls: delete compose sequences that pointlessly mix upper and lower case * nls: remove four hundred and sixty untypable Greek compose sequences * nls: remove twenty two untypable Greek compose sequences * XSetScreenSaver.man: restore the part that was accidentally snipped * nls: make the Amharic compose sequences use the dead-vowel symbols * nls: sort three sequences alphabetically in their group, like all others * nls: delete six compose sequences that cannot be typed * nls: use a slash instead of a combining solidus in compose sequences * NLS: move long S compositions to respective blocks * NLS: implement the expansion of the six Breton N-graph keysyms * NLS: move dead-caron subscript compositions to the relevant Unicode block * NLS: Remove strange dead_cedilla cedi sign sequences * nls: add compose sequence for capital schwa, and delete a deviant one - Users of the Amharic (am_ET.UTF-8) compose key sequences provided by libX11 will also want to upgrade to xkeyboard-config 2.39 (releasing soon), in order to keep those sequeunces working with this release. ==== libapparmor ==== Version update (3.1.3 -> 3.1.4) - update to AppArmor 3.1.4 - parser: fix mount rules encoding (CVE-2016-1585) - aa-logprof: fix error when choosing named exec with plain profile names - aa-status: fix json output - several fixes for profiles and abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4 for the full upstream changelog ==== libgsasl ==== Subpackages: libgsasl-lang libgsasl7 - Remove URLs from keyring and generated patch as these can change at whim of upstream servers. Keep the references in comments so they are still references for the humans - fixes compilation on s390x by not turning on additional compilation warnings which in turn results in -fanalyze resulting false analysis ==== libmfx ==== Version update (22.6.5 -> 23.2.2) - update to 23.2.2: * [Encode] Fix JPEG payload insertion on Linux * Update checking of bitsream left size (#3033) * [Decode] Fix memory out-of-bounds issue for VP9 * [Decode] Fix memory out-of-bounds issue for VP8 * [Decode]Remove AVC level 6.0 check * [Decode]Fix hevc decode issue * hevce: use Low Power mode for RGB encoding by default ==== libproxy ==== - Only build mono support on openSUSE, not SLE nor SUSE ALP. ==== libproxy-plugins ==== Subpackages: libproxy1-config-gnome3 libproxy1-config-kde libproxy1-networkmanager libproxy1-pacrunner-duktape - Only build mono support on openSUSE, not SLE nor SUSE ALP. ==== libreoffice ==== Version update (7.5.3.2 -> 7.5.4.1) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Update to 7.5.4.1: https://wiki.documentfoundation.org/Releases/7.5.4/RC1 - Update bundled dependencies: * gpgme-1.16.0.tar.bz2 -> gpgme-1.18.0.tar.bz2 * curl-7.86.0.tar.xz -> curl-8.0.1.tar.xz * icu4c-71_1-src.tgz -> icu4c-72_1-src.tgz * icu4c-71_1-data.zip -> icu4c-72_1-data.zip ==== librsvg ==== Version update (2.56.0 -> 2.56.1) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Update to version 2.56.1: + The minimum supported Rust version (MSRV) is 1.65. Unfortunately the assert_cmd crate, used in the test suite, bumped its MSRV and is forcing us to do the same. + Shrink the shared library by telling the linker to omit unused code. + Updates to dependencies. ==== libserf ==== Version update (1.3.9 -> 1.3.10) - update to 1.3.10: * Fix handling of invalid chunk lengths in the dechunk bucket * Fix an endless loop in the deflate bucket with truncated input * Fix BIO control handlers to support BIO_CTRL_EOF * Fix a CRT mismatch issue caused by using certain OpenSSL functions - drop upstream patches: * libserf-python3-2.patch * libserf-python3.patch * openssl3.patch ==== libstorage-ng ==== Version update (4.5.112 -> 4.5.115) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.115 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.114 - Translated using Weblate (Indonesian) (bsc#1149754) - 4.5.113 ==== libvirt ==== Version update (9.3.0 -> 9.4.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-proxy libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - Update to libvirt 9.4.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v9-4-0-2023-06-01 ==== libxcrypt ==== Version update (4.4.33 -> 4.4.34) Subpackages: libcrypt1 libcrypt1-32bit libxcrypt-devel - Update to 4.4.34 * Optimize some cast operation for performance in lib/alg-yescrypt-platform.c. * Add SHA-2 Maj() optimization proposed by Wei Dai in lib/alg-sha512.c. * Explicitly clean the stack and context state after computation in lib/alg-gost3411-2012-hmac.c, lib/alg-hmac-sha1.c, and lib/alg-sha256.c (issue #168). ==== libyui ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong <wangzichong(a)deepin.org> ==== libyui-ncurses ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong <wangzichong(a)deepin.org> ==== libyui-ncurses-pkg ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong <wangzichong(a)deepin.org> ==== libyui-qt ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong <wangzichong(a)deepin.org> ==== libyui-qt-graph ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong <wangzichong(a)deepin.org> ==== libyui-qt-pkg ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong <wangzichong(a)deepin.org> ==== lua54 ==== Version update (5.4.4 -> 5.4.6) - Library is always liblua5_4-5: due to SOVERSION leading digit being 5 - Final release of 5.4.6. No change in the changelog. - Experimenting with lua 5.4.6-rc1 (release 5.4.5 has been effectively withdrawn). - Update to 5.4.5: - this is a bug-fix release. - Lua 5.4.5 also contains several internal improvements and includes a revised reference manual - Remove upstreamed patches: - luabugs1.patch - luabugs10.patch - luabugs11.patch - luabugs2.patch - luabugs3.patch - luabugs4.patch - luabugs5.patch - luabugs6.patch - luabugs7.patch - luabugs8.patch - luabugs9.patch ==== man-pages ==== Version update (6.02 -> 6.04) - update to 6.04: * Newly documented interfaces in existing pages * proc.5 KPF_PGTABLE (Linux 4.18) * landlock.7 LANDLOCK_ACCESS_FS_REFER (Linux 5.19) * udp.7 UDP_GRO (Linux 5.0) UDP_SEGMENT (Linux 4.18) * Changes to individual pages ==== manpages-l10n ==== Version update (4.18.1 -> 4.19.0) Subpackages: man-pages-cs man-pages-da man-pages-de man-pages-el man-pages-es man-pages-fr man-pages-hu man-pages-it man-pages-pl man-pages-pt_BR man-pages-ru - Update to version 4.19.0: Updated and added many translations. ==== mariadb-connector-c ==== Version update (3.3.4 -> 3.3.5) - update to 3.3.5: * https://mariadb.com/kb/en/mariadb-connector-c-3-3-5-release-notes/ ==== mozilla-nss ==== Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools - Move testsuite to %check-section and move env-variables to files for easier chroot-debugging ==== ncurses ==== Version update (6.4.20230506 -> 6.4.20230520) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20230520 + fixes for compiler warnings in MinGW environments. - Add ncurses patch 20230514 + modify test-package "ncurses6-doc" to use manpage-aliases, which in turn required a change to the configure script to factor in the extra-suffix option when deriving alias names. + add mode 1004 to xterm+sm+1006 from xterm #380 -TD - Port and correct offsets of patch ncurses-6.4.dif ==== opensc ==== - Security Fix: [CVE-2023-2977, bsc#1211894] * opensc: out of bounds read in pkcs15 cardos_have_verifyrc_package() * Add opensc-CVE-2023-2977.patch ==== openssl-1_1 ==== Version update (1.1.1t -> 1.1.1u) Subpackages: libopenssl1_1 - Update to 1.1.1u: * Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic OBJECT IDENTIFIER sub-identifiers to canonical numeric text form. OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical numeric text form. For gigantic sub-identifiers, this would take a very long time, the time complexity being O(n^2) where n is the size of that sub-identifier. (CVE-2023-2650, bsc#1211430) To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT IDENTIFIER to canonical numeric text form if the size of that OBJECT IDENTIFIER is 586 bytes or less, and fail otherwise. The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at most 128 sub-identifiers, and that the maximum value that each sub- identifier may have is 2^32-1 (4294967295 decimal). For each byte of every sub-identifier, only the 7 lower bits are part of the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with these restrictions may occupy is 32 * 128 / 7, which is approximately 586 bytes. Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 * Reworked the Fix for the Timing Oracle in RSA Decryption (CVE-2022-4304, bsc#1207534). The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case compared to 1.1.1s. The new fix uses existing constant time code paths, and restores the previous performance level while fully eliminating all existing timing side channels. The fix was developed by Bernd Edlinger with testing support by Hubert Kario. * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that it does not enable policy checking. Thanks to David Benjamin for discovering this issue. (CVE-2023-0466, bsc#1209873) * Fixed an issue where invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. (CVE-2023-0465, bsc#1209878) * Limited the number of nodes created in a policy tree to mitigate against CVE-2023-0464. The default limit is set to 1000 nodes, which should be sufficient for most installations. If required, the limit can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build time define to a desired maximum number of nodes or zero to allow unlimited growth. (CVE-2023-0464, bsc#1209624) * Rebased patch openssl-1_1-openssl-config.patch * Removed patches: - openssl-CVE-2023-0464.patch - openssl-CVE-2023-0465.patch - openssl-CVE-2023-0466.patch * Update openssl.keyring with key A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C (Tomas Mraz) - FIPS: Merge libopenssl1_1-hmac package into the library [bsc#1185116] ==== openssl-3 ==== Version update (3.0.8 -> 3.1.1) Subpackages: libopenssl3 libopenssl3-32bit - Update to 3.1.1: * Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate (CVE-2023-2650, bsc#1211430) * Multiple algorithm implementation fixes for ARM BE platforms. * Added a -pedantic option to fipsinstall that adjusts the various settings to ensure strict FIPS compliance rather than backwards compatibility. * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can trigger a crash of an application using AES-XTS decryption if the memory just after the buffer being decrypted is not mapped. Thanks to Anton Romanov (Amazon) for discovering the issue. (CVE-2023-1255, bsc#1210714) * Add FIPS provider configuration option to disallow the use of truncated digests with Hash and HMAC DRBGs (q.v. FIPS 140-3 IG D.R.). The option '-no_drbg_truncated_digests' can optionally be supplied to 'openssl fipsinstall'. * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that it does not enable policy checking. Thanks to David Benjamin for discovering this issue. (CVE-2023-0466, bsc#1209873) * Fixed an issue where invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. (CVE-2023-0465, bsc#1209878) * Limited the number of nodes created in a policy tree to mitigate against CVE-2023-0464. The default limit is set to 1000 nodes, which should be sufficient for most installations. If required, the limit can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build time define to a desired maximum number of nodes or zero to allow unlimited growth. (CVE-2023-0464, bsc#1209624) * Update openssl.keyring with key A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C (Tomas Mraz) * Rebased patches: - openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch - openssl-Add_support_for_Windows_CA_certificate_store.patch * Removed patches: - openssl-CVE-2023-0464.patch - openssl-Fix-OBJ_nid2obj-regression.patch - openssl-CVE-2023-0465.patch - openssl-CVE-2023-0466.patch - FIPS: Merge libopenssl3-hmac package into the library [bsc#1185116] - Add support for Windows CA certificate store [bsc#1209430] https://github.com/openssl/openssl/pull/18070 * Add openssl-Add_support_for_Windows_CA_certificate_store.patch - Security Fix: [CVE-2023-0465, bsc#1209878] * Invalid certificate policies in leaf certificates are silently ignored * Add openssl-CVE-2023-0465.patch - Security Fix: [CVE-2023-0466, bsc#1209873] * Certificate policy check not enabled * Add openssl-CVE-2023-0466.patch - Fix regression in the OBJ_nid2obj() function: [bsc#1209430] * Upstream https://github.com/openssl/openssl/issues/20555 * Add openssl-Fix-OBJ_nid2obj-regression.patch - Fix compiler error "initializer element is not constant" on s390 * Add openssl-z16-s390x.patch - Security Fix: [CVE-2023-0464, bsc#1209624] * Excessive Resource Usage Verifying X.509 Policy Constraints * Add openssl-CVE-2023-0464.patch - Pass over with spec-cleaner - Update to 3.1.0: * Add FIPS provider configuration option to enforce the Extended Master Secret (EMS) check during the TLS1_PRF KDF. The option '-ems-check' can optionally be supplied to 'openssl fipsinstall'. * The FIPS provider includes a few non-approved algorithms for backward compatibility purposes and the "fips=yes" property query must be used for all algorithm fetches to ensure FIPS compliance. The algorithms that are included but not approved are Triple DES ECB, Triple DES CBC and EdDSA. * Added support for KMAC in KBKDF. * RNDR and RNDRRS support in provider functions to provide random number generation for Arm CPUs (aarch64). * s_client and s_server apps now explicitly say when the TLS version does not include the renegotiation mechanism. This avoids confusion between that scenario versus when the TLS version includes secure renegotiation but the peer lacks support for it. * AES-GCM enabled with AVX512 vAES and vPCLMULQDQ. * The various OBJ_* functions have been made thread safe. * Parallel dual-prime 1536/2048-bit modular exponentiation for AVX512_IFMA capable processors. * The functions OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio, OPENSSL_LH_node_stats_bio and OPENSSL_LH_node_usage_stats_bio are now marked deprecated from OpenSSL 3.1 onwards and can be disabled by defining OPENSSL_NO_DEPRECATED_3_1. The macro DEFINE_LHASH_OF is now deprecated in favour of the macro DEFINE_LHASH_OF_EX, which omits the corresponding type-specific function definitions for these functions regardless of whether OPENSSL_NO_DEPRECATED_3_1 is defined. Users of DEFINE_LHASH_OF may start receiving deprecation warnings for these functions regardless of whether they are using them. It is recommended that users transition to the new macro, DEFINE_LHASH_OF_EX. * When generating safe-prime DH parameters set the recommended private key length equivalent to minimum key lengths as in RFC 7919. * Change the default salt length for PKCS#1 RSASSA-PSS signatures to the maximum size that is smaller or equal to the digest length to comply with FIPS 186-4 section 5. This is implemented by a new option OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX ("auto-digestmax") for the rsa_pss_saltlen parameter, which is now the default. Signature verification is not affected by this change and continues to work as before. * Update openssl.keyring with key 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 (Matt Caswell) ==== openssl ==== Version update (3.0.8 -> 3.1.1) - Update to 3.1.1 - Update to 3.1.0 ==== perl-Bootloader ==== Version update (1.1 -> 1.2) - merge gh#openSUSE/perl-bootloader#148 - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - 1.2 ==== perl-IO-Socket-SSL ==== Version update (2.081 -> 2.083) - updated to 2.083 see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes 2.083 2023/05/18 - fix t/protocol_version.t for OpenSSL versions which don't support SECLEVEL (regression from #122) 2.082 2023/05/17 - SSL_version default now TLS 1.2+ since TLS 1.1 and lower deprecated #122 - fix output of alert string when debugging #132 - improve regex for hostname validation #130, #126 - add can_ciphersuites subroutine for feature checking #127 - Utils::CERT_create - die if unexpected arguments are given instead of ignoring these ==== perl-Mojolicious ==== Version update (9.31 -> 9.32) - updated to 9.32 see /usr/share/doc/packages/perl-Mojolicious/Changes 9.32 2022-05-09 - Improved file and line number details in async/await exceptions. (batman) - Fixed various CSS selector equation bugs in Mojo::DOM::CSS. (mauke) - Fixed exceptions being added to the stash for formats other than HTML. (rawleyfowler) - Fixed context sensitivity issue. (Grinnz) ==== perl-Net-DNS ==== Version update (1.37 -> 1.38) - updated to 1.38 see /usr/share/doc/packages/perl-Net-DNS/Changes ==== perl-libwww-perl ==== Version update (6.68 -> 6.70) - updated to 6.70 see /usr/share/doc/packages/perl-libwww-perl/Changes 6.70 2023-04-30 13:22:56Z - Add cookie_jar_class attribute to allow different cookie jar modules to be used more easily (GH#91) (Tom Hukins, Julien Fiegehenn) - POD now contains all default attributes (GH#428) (Julien Fiegehenn) 6.69 2023-04-29 13:14:31Z - Timeouts for cached connections now update (GH#73) (Eric Johnson) - The conn_cache() can now be unset (GH#424) (Julien Fiegehenn) - LWP::Protocol now only attempts to load modules once (GH#62) (Burak Gursoy) - Fix a bug in no_proxy that allowed partial matches to a proxy address to disable a proxy (GH#421) (Julien Fiegehenn) ==== python-argcomplete ==== - bash-repl.patch: Use correct place for auxiliary bashrc.sh file from pexpect ==== python-gevent ==== - handle-python-ssl-changes.patch: refresh to handle ssl.shared_ciphers() behavior change in python 3.11 as well ==== python-libvirt-python ==== Version update (9.3.0 -> 9.4.0) - Update to 9.4.0 - Add all new APIs and constants in libvirt 9.4.0 ==== python-rich ==== Version update (13.3.5 -> 13.4.1) - update to 13.4.1: * Fixed typing extensions import in markdown #2979 - update to 13.4.0: * Added support for tables in Markdown #2977 ==== python-rpm ==== - add _multibuild for multiple .spec-files ==== python-tornado6 ==== Version update (6.2 -> 6.3.2) - New upstream release 6.3.2 - Security improvements - Fixed an open redirect vulnerability in StaticFileHandler under certain configurations. - ``tornado.web`` - `.RequestHandler.set_cookie` once again accepts capitalized keyword arguments for backwards compatibility. This is deprecated and in Tornado 7.0 only lowercase arguments will be accepted. - What's new in Tornado 6.3.0 - The new `.Application` setting ``xsrf_cookie_name`` can now be used to take advantage of the ``__Host`` cookie prefix for improved security. To use it, add ``{"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs": {"secure": True}}`` to your `.Application` settings. Note that this feature currently only works when HTTPS is used. - `.WSGIContainer` now supports running the application in a ``ThreadPoolExecutor`` so the event loop is no longer blocked. - `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2, are no longer deprecated. - WebSockets are now much faster at receiving large messages split into many fragments. - General changes - Python 3.7 is no longer supported; the minimum supported . Python version is 3.8 Python 3.12 is now supported . - To avoid spurious deprecation warnings, users of Python 3.10 should upgrade to at least version 3.10.9, and users of Python 3.11 should upgrade to at least version 3.11.1. - Tornado submodules are now imported automatically on demand. This means it is now possible to use a single ``import tornado`` statement and refer to objects in submodules such as `tornado.web.RequestHandler`. - Deprecation notices - In Tornado 7.0, `tornado.testing.ExpectLog` will match ``WARNING`` and above regardless of the current logging configuration, unless the ``level`` argument is used. - `.RequestHandler.get_secure_cookie` is now a deprecated alias for `.RequestHandler.get_signed_cookie`. `.RequestHandler.set_secure_cookie` is now a deprecated alias for `.RequestHandler.set_signed_cookie`. - `.RequestHandler.clear_all_cookies` is deprecated. No direct replacement is provided; `.RequestHandler.clear_cookie` should be used on individual cookies. - Calling the `.IOLoop` constructor without a ``make_current`` argument, which was deprecated in Tornado 6.2, is no longer deprecated. - `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2, are no longer deprecated. - `.AsyncTestCase.get_new_ioloop` is deprecated. - ``tornado.auth`` - New method `.GoogleOAuth2Mixin.get_google_oauth_settings` can now be overridden to get credentials from a source other than the `.Application` settings. - ``tornado.gen`` - `contextvars` now work properly when a ``(a)gen.coroutine`` calls a native coroutine. - ``tornado.options`` - `~.OptionParser.parse_config_file` now recognizes single comma-separated strings (in addition to lists of strings) for options with ``multiple=True``. - ``tornado.web`` - New `.Application` setting ``xsrf_cookie_name`` can be used to change the name of the XSRF cookie. This is most useful to take advantage of the ``__Host-`` cookie prefix. - `.RequestHandler.get_secure_cookie` and `.RequestHandler.set_secure_cookie` (and related methods and attributes) have been renamed to `~.RequestHandler.get_signed_cookie` and `~.RequestHandler.set_signed_cookie`. This makes it more explicit what kind of security is provided, and avoids confusion with the ``Secure`` cookie attribute and ``__Secure-`` cookie prefix. The old names remain supported as deprecated aliases. - `.RequestHandler.clear_cookie` now accepts all keyword arguments accepted by `~.RequestHandler.set_cookie`. In some cases clearing a cookie requires certain arguments to be passed the same way in which it was set. - `.RequestHandler.clear_all_cookies` now accepts additional keyword arguments for the same reason as ``clear_cookie``. However, since the requirements for additional arguments mean that it cannot reliably clear all cookies, this method is now deprecated. - ``tornado.websocket`` - It is now much faster (no longer quadratic) to receive large messages that have been split into many fragments. - `.websocket_connect` now accepts a ``resolver`` parameter. - ``tornado.wsgi`` - `.WSGIContainer` now accepts an ``executor`` parameter which can be used to run the WSGI application on a thread pool. - What's new in Tornado 6.2.0 - Deprecation notice - Python 3.10 has begun the process of significant changes to the APIs for managing the event loop. Calls to methods such as `asyncio.get_event_loop` may now raise `DeprecationWarning` if no event loop is running. This has significant impact on the patterns for initializing ... changelog too long, skipping 101 lines ... - Remove upstreamed ignore-py310-deprecation-warnings.patch ==== python-zope.event ==== - Switch documentation to be within the main package. ==== qemu ==== Version update (8.0.0 -> 8.0.2) Subpackages: qemu-accel-tcg-x86 qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-ipxe qemu-ksm qemu-lang qemu-microvm qemu-seabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-x86 - Update to version 8.0.2: * Stability, security and bug fixes - Patch added: * [openSUSE][RPM] Update to version 8.0.2 ==== qt6-base ==== Subpackages: libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6Sql6 libQt6Test6 libQt6Widgets6 qt6-network-tls qt6-platformtheme-gtk3 - Add upstream changes (CVE-2023-34410, boo#1211994): * 0001-Schannel-Reject-certificate-not-signed-by-a-configur.patch * 0001-Ssl-Copy-the-on-demand-cert-loading-bool-from-defaul.patch ==== rp-pppoe ==== - Removed remains of permissions setting for the pppoe-wrapper setuid binary. The major update to 4.0 dropped this. ==== rpm ==== Subpackages: librpmbuild9 - add _multibuild for multiple .spec-files ==== rubygem-rack-2.2 ==== Version update (2.2.6.4 -> 2.2.7) - update to version 2.2.7 * Correct the year number in the changelog (https://github.com/rack/rack/pull/2015) * Support underscore in host names for Rack 2.2 (https://github.com/rack/rack/pull/2071) ==== sdl12_compat ==== Version update (1.2.60 -> 1.2.64) - Update to release 1.2.64 * Some games started working: Steel Storm Burning Retribution, Maelstrom, Quake 2 XP, boswars, pink-pony, Sid Meier's Alpha Centauri (Loki version), xrick, grafx2, MLT, tuxfootball, freedroid. ==== sendmail ==== Subpackages: libmilter1_0 - Use the bash intrinsic virtual file /dev/tcp/localhost/<port> to check for MTA port - Avoid fuser for detecting if sendmail is listen on MTA port ==== shaderc ==== Version update (2023.2 -> 2023.4) - Update to release 2023.4 * Add option to preserve bindings * Add options to control mesh shading limits ==== texlive ==== Subpackages: libkpathsea6 libsynctex2 - Move the provides of pdfjam to its usecase (boo#1211877) ==== tracker ==== Version update (3.5.2 -> 3.5.3) Subpackages: libtracker-sparql-3_0-0 tracker-data-files tracker-lang typelib-1_0-Tracker-3_0 - Update to version 3.5.3: + Build fixes around strftime() bug workarounds on some architectures/platforms. + Improved compatibility of JSON cursor readers. + Leaks plugged. - Drop 63ea8f1a.patch: Fixed upstream. - Drop %systemd_user_postun_with_restart macro from the %postun directive. It's been deprecated and emptied (expands to nil) on both Tumbleweed and Leap already. - Comment unneded "/usr/bin/env python3" shebang line on utils/ trackertestutils/__main__.py Python script. - Change tracker-data-files package's architecture to noarch, as it doesn't contain any binaries. ==== virtiofsd ==== - Add qemu config file to ensure qemu is aware of the virtiofsd executable - https://www.reddit.com/r/suse/comments/13xmote/vm_with_virtiofs_does_not_st… ==== vulkan-loader ==== Version update (1.3.247 -> 1.3.250.0) - Update to release SDK-1.3.250.0 * No changes over 1.3.247 [SDK-250 is a branch of regular-243 with some cherry-picks bringing it to roughly regular-247; there is little relation to regular-250] ==== vulkan-tools ==== Version update (1.3.247 -> 1.3.250.0) - Update to release SDK-1.3.250.0 * vulkaninfo: Issue flush before exiting ==== webkit2gtk3 ==== Version update (2.40.1 -> 2.40.2) Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.40.2 (boo#1211846): + Fix scrollbar jumping to top when drag released outside window in GTK4. + Fix video rendering when GL is disabled. + Fix flickering on looped videos when starting again. + Fix CPU usage on autoplaying videos. + Choose amount of painting threads depending on available CPU cores on GTK4. + Fix several crashes and rendering issues. + Security fixes: CVE-2023-28204 CVE-2023-32373 (boo#1211658 boo#1211659). - Drop gcc13-fix.patch: fixed upstream. ==== webkit2gtk3-soup2 ==== Version update (2.40.1 -> 2.40.2) Subpackages: WebKitGTK-4.0-lang libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update to version 2.40.2 (boo#1211846): + Fix scrollbar jumping to top when drag released outside window in GTK4. + Fix video rendering when GL is disabled. + Fix flickering on looped videos when starting again. + Fix CPU usage on autoplaying videos. + Choose amount of painting threads depending on available CPU cores on GTK4. + Fix several crashes and rendering issues. + Security fixes: CVE-2023-28204 CVE-2023-32373 (boo#1211658 boo#1211659). - Drop gcc13-fix.patch: fixed upstream. ==== xfce4-power-manager ==== Version update (4.18.1 -> 4.18.2) Subpackages: xfce4-power-manager-lang xfce4-power-manager-plugin - Update to version 4.18.2 * Fix typos in previous backported commit * Keep "lock-on-sleep" in sync with other components via XfceScreensaver * power: Fix old typo * Do not check repeatedly for logind running * Write on stderr when appropriate * build: Require gio-unix-2.0 * settings: Keep a ref on device to avoid use-after-free (Fixes #56) * dpms: Add missing sanity checks (Fixes #163) * Fix Xfconf memory management * Update bug report address * Translation Updates ==== xfce4-pulseaudio-plugin ==== Version update (0.4.6 -> 0.4.7) Subpackages: xfce4-pulseaudio-plugin-lang - Update to version 0.4.7 * Fix crash when D-Bus connection is lost before it's connected * Fix copyright info * MPRIS: Control recently open/used player using multimedia keys * Deduplicate key binding code * Bind all possible keys * Update about authors * MPRIS: Remove old settings when clearing known players * MPRIS: Ignore multimedia keys for blacklisted players * MPRIS: Add possibility to hide inactive players, improve config storage * MPRIS: Remove pulseaudio_mpris_player_can_launch function * MPRIS: Fix memory leak in player finalize * MPRIS: Remove unused pulseaudio_mpris_player_is_equal function * MPRIS: Refactor player connection lost and finalize * MPRIS: Deduplicate find_desktop_entry function * MPRIS: Make pulseaudio_mpris_get_available_players static * MPRIS: Check for filename before launching the player * Improve connection/disconnection with server * Menu: Don't clear structure, it's not needed * MPRIS: Reduce player_is_usable timeout to 5 sec * MPRIS: Memory management fixes * MPRIS: Don't initialize struct members, GLib is doing it * MPRIS: Micro-optimization * MPRIS: Check for is_playing in set_can_play function * Subscribe NameOwnerChanged to watch MPRIS changes instead of timer * Fix removing blacklisted MPRIS players from config * Improve run mixer button sensitivity * Display default device name in tooltip * Don't set has-tooltip property twice * Don't show recording indicator for non-default monitors * Make run mixer button sensitive for any path * Show unplugged devices as insensitive * Don't show rec icon if the source output doesn't belong to any client * Don't show recording indicator when it's not connected to the source * Fix mistake in comment * Don't reset recording value in callback * Allow maximum volume configuration in dialog * Improve volume step size text * Translation Updates - Remove _service file ==== xfce4-screensaver ==== Version update (4.18.1 -> 4.18.2) - Update to version 4.18.2 * screensaver-configure: Ensure consistent dialog positioning * screensaver-configure: Remove dead code * screensaver-configure: Improve some strings * screensaver-configure: Print errors on stderr without translating * screensaver-configure: Replace single quotes with double quotes in _() * screensaver-configure: Get translated strings from desktop files * screensaver-configure: Fix broken translations * screensaver-configure: Set dialogs modal * Revert "prefs-dialog: Grey out prefs button for popsquares (no prefs)" * screensaver-configure: Fix broken prefs * screensaver-configure: Fix critical when closing dialog * prefs-dialog: Grey out prefs button for popsquares (no prefs) * Bump GTK version and remove dead code * Keep "lock-on-sleep" in sync with other components via XfceScreensaver * *.desktop: Distinguishing our screensaver from others (Fixes #17) * Use GLib wrappers for memory allocation * Fix unix.Malloc warnings from scan-build 15.0.7 * Fix core.uninitialized.Assign warnings from scan-build 15.0.7 * Fix deadcode.DeadStores warnings from scan-build 15.0.7 * Avoid duplicated code * manager: Do not discard monitors without model and manufacturer * Translation Updates - Remove xfce4-screensaver-manager-efifb-lockup-fix.patch ==== xfce4-session ==== Version update (4.18.2 -> 4.18.3) Subpackages: xfce4-session-lang - Update to version 4.18.3 * shutdown: Do not set an error when returning TRUE * logout-dialog: Fix use-after-free * Use glib wrappers for memory allocation * build: Fix build when there is no suspend/hibernate support * build: Add suspend support for Solaris * startxfce4: Fix xinit arguments order * manager: Always use xfsm_manager_save_yourself_dbus() (Fixes #106) * settings: Remove useless tooltip * xflock4: Update fallback list * logout-dialog: Lower warning level * shutdown: Keep error NULL when unused * cleanup: Remove dead polkit code * Revert "Fallback to old method for shutdown (bug #8630)." * Use g_critical() instead of g_error() * Use GLib logging functions or g_printerr() instead of g_print() * Use GLib logging functions instead of g_printerr() * build: Fix untranslated policykit file * Escape/unescape string list delimiter when saving/restoring session * Replace XfceRc with GKeyFile for session file parsing * Translation Updates ==== yast2-apparmor ==== Version update (4.6.0 -> 4.6.1) - Added missing textdomain (bsc#1211980) - 4.6.1 ==== yast2-auth-server ==== Version update (4.6.1 -> 4.6.2) - Add deprecation notice to this tool (bsc#1211734). - 4.6.2 ==== yast2-control-center ==== Version update (4.6.0 -> 4.6.1) Subpackages: yast2-control-center-qt - Require xdg-utils since it's no longer required by desktop-data-openSUSE and yast-control-center-qt needs it to start modules with 'xdg-su'. (bsc#1211869) - 4.6.1

1 0

Where is the Tumbleweed snapshot changes page?
by Silviu C. 06 Jun '23

06 Jun '23

Hello, I've been using this URL to check what changes were made or were coming next for Tumbleweed. But it does not work anymore. What happened? URL: https://openqa.opensuse.org/snapshot-changes/opensuse/Tumbleweed/

3 5