Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20231017 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: gnome-sudoku (45.0 -> 45.1) gpg2 ncurses (6.4.20230909 -> 6.4.20231007) nghttp2 (1.55.1 -> 1.57.0) nodejs20 (20.8.0 -> 20.8.1) rubygem-rubocop (1.57.0 -> 1.57.1) rubygem-unicode-display_width (2.4.2 -> 2.5.0) xterm (385 -> 387) === Details === ==== gnome-sudoku ==== Version update (45.0 -> 45.1) Subpackages: gnome-sudoku-lang - Update to version 45.1: + Fix right click not opening earmark popover. + Updated translations. ==== gpg2 ==== Subpackages: dirmngr gpg2-lang - Fix Emacs EasyPG behavior when parsing output: * gpg: Report BEGIN_* status before examining the input. * Upstream task: https://dev.gnupg.org/T6481 * Add gnupg-Report-BEGIN_-status-before-examining-the-input.patch ==== ncurses ==== Version update (6.4.20230909 -> 6.4.20231007) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20231007 + improve loop-limit for get_position(). + improve manual description of immedok (Debian #1053603). + fix a few formatting issues with manpages (Debian #1053123). + improve formatting/style of manpages (patches by Branden Robinson). - Add ncurses patch 20231001 + modify setupterm to provide for using ANSI cursor-position report (in user6/user7 terminfo capabilities) to obtain screensize if neither environment variables or ioctl is used. The ncurses test-program with options "-E -T" demonstrates this feature. + improve error messages in tic (patch by Branden Robinson). + improve formatting/style of manpages (patches by Branden Robinson). + modify test/clip_printw.c to optionally test non-wrapped updates. + fix reallocation loop for vsnprintf() in _nc_sprintf_string() by copying the va_list variable (patch by Ian Abbott). - Add ncurses patch 20230923 + improve formatting of manpages (patches by Branden Robinson). + amend change to delscreen() to limit the windows which it creates to just those associated with the screen (report by Frederic Boiteux, cf: 20220813). - Add ncurses patch 20230918 + new tarball/errata (report by Sven Joachim). - Add ncurses patch 20230917 + improve formatting of manpages (integrated patches by Branden Robinson). + correct limit for name-length in write_entry.c (report/testcase by Luna Saphie Mittelbach). + limit delays to 30 seconds, i.e., padding delays in terminfo, as well as napms() and delay_output() functions. + improve a few pointer-checks. + improve parsing in _nc_msec_cost, allowing a single decimal point. ==== nghttp2 ==== Version update (1.55.1 -> 1.57.0) - version update to 1.57.0 [bsc#1216174] 1.57.0 * Fixes CVE-2023-44487 * Bump ngtcp2 by @tatsuhiro-t in #1944 * Add dependabot to update actions by @tatsuhiro-t in #1946 * Bump golang.org/x/net to v0.15.0 by @tatsuhiro-t in #1950 * Bump actions/setup-go from 3 to 4 by @dependabot in #1948 * Bump actions/checkout from 3 to 4 by @dependabot in #1949 * Bump actions/upload-artifact from 1 to 3 by @dependabot in #1947 * docker: Bump base image to debian 12 by @tatsuhiro-t in #1951 * nghttpx: Header field name must be lowercase by @tatsuhiro-t in #1953 * Bump quictls by @tatsuhiro-t in #1945 * Apps fix by @tatsuhiro-t in #1957 * nghttpx: Fix bug that --single-process does not work by @tatsuhiro-t in #1958 * Fix clang-format by @tatsuhiro-t in #1959 * Rework session management by @tatsuhiro-t in #1961 1.56.0 * doc: Bump boringssl by @tatsuhiro-t in #1928 * Fix memory leak by @tatsuhiro-t in #1930 * Return void by @tatsuhiro-t in #1931 * nghttpx: Rework sending and receiving ECN bits by @tatsuhiro-t in #1934 * CMSG_DATA does not necessarily return an aligned pointer by @tatsuhiro-t in #1935 * Bump quictls by @tatsuhiro-t in #1937 * Bump ngtcp2 and its dependencies by @tatsuhiro-t in #1939 * nghttpx: Simplify std::unique_ptr get and release by @tatsuhiro-t in #1940 * Bump llhttp to 926c982942eb53a13f01c1e9e6b19bd3b196e7dd by @tatsuhiro-t in #1941 * Bump libbpf to v1.2.2 by @tatsuhiro-t in #1942 * Update Dockerfile by @tatsuhiro-t in #1943 ==== nodejs20 ==== Version update (20.8.0 -> 20.8.1) Subpackages: npm20 - Security fixes relase 20.8.1 * (CVE-2023-44487, bsc#1216190): nghttp2 Security Release * (CVE-2023-45143, bsc#1216205): undici Security Release * (CVE-2023-39332, bsc#1216271): Path traversal through path stored in Uint8Array * (CVE-2023-39331, bsc#1216270): Permission model improperly protects against path traversal * (CVE-2023-38552, bsc#1216272): Integrity checks according to policies can be circumvented * (CVE-2023-39333, bsc#1216273): Code injection via WebAssembly export names - fix_ci_tests.patch: refreshed ==== rubygem-rubocop ==== Version update (1.57.0 -> 1.57.1) - updated to version 1.57.1 [#]# 1.57.1 (2023-10-13) [#]## Bug fixes * [#12271](https://github.com/rubocop/rubocop/issues/12271): Fix a false positive for `Lint/RedundantSafeNavigation` when using snake case constant receiver. ([@koic][]) * [#12265](https://github.com/rubocop/rubocop/issues/12265): Fix an error for `Layout/MultilineMethodCallIndentation` when usingarithmetic operation with block inside a grouped expression. ([@koic][]) * [#12177](https://github.com/rubocop/rubocop/pull/12177): Fix an incorrect autocorrect for `Style/RedundantException`. ([@ydah][]) * [#12261](https://github.com/rubocop/rubocop/issues/12261): Fix an infinite loop for `Layout/MultilineMethodCallIndentation` when multiline method chain with a block argument and method chain. ([@ydah][]) * [#12263](https://github.com/rubocop/rubocop/issues/12263): Fix false positives for `Style/RedundantDoubleSplatHashBraces` when method call for no hash braced double splat receiver. ([@koic][]) * [#12262](https://github.com/rubocop/rubocop/pull/12262): Fix an incorrect autocorrect for `Style/RedundantDoubleSplatHashBraces` when using double splat hash braces with `merge` method call twice. ([@koic][]) ==== rubygem-unicode-display_width ==== Version update (2.4.2 -> 2.5.0) - updated to version 2.5.0 [#]# 2.5.0 - Unicode 15.1 ==== xterm ==== Version update (385 -> 387) Subpackages: xterm-bin xterm-resize - update 387: * add DECRQUPSS and DECAUPSS * add DECRQDE * correct indexing expression in title-stack - includes changes from 386: * improve references in ctlseqs.ms * make the maximum amount of memory used for buffering DCS and OSC strings configurable with maxStringParse resource * improve performance of ReGIS when initializing the largest fontsize * fix regression in SIXEL colors * fix typo in --with-wtmp