Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20230118 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: arphic-ukai-fonts bitstream-vera-fonts crda diffutils (3.8 -> 3.9) freeipmi libXpm libevent librsvg libstorage-ng (4.5.63 -> 4.5.64) manpages-l10n (4.16.0 -> 4.17.0) ncurses (6.4.20230107 -> 6.4.20230114) perl pipewire python-chardet python-configobj python-httpx (0.23.0 -> 0.23.3) python310-packaging (22.0 -> 23.0) rpm yast2-storage-ng (4.5.15 -> 4.5.16) === Details === ==== arphic-ukai-fonts ==== - amend license SUSE-Arphic to SPDX's Arphic-1999 ==== bitstream-vera-fonts ==== - amend license SUSE-Bitstream-Vera to SPDX's Bitstream-Vera ==== crda ==== - Replace transitional %usrmerged macro with regular version check (boo#1206798) ==== diffutils ==== Version update (3.8 -> 3.9) Subpackages: diffutils-lang - diffutils 3.9: * fixes for other platforms ==== freeipmi ==== Subpackages: libfreeipmi17 libipmiconsole2 libipmidetect0 - Remove obsolete ExclusiveArch ==== libXpm ==== Subpackages: libXpm-devel libXpm4 - U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch * needed by U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch - U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch * libXpm: Infinite loop on unclosed comments (CVE-2022-46285, bsc#1207029) - U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch * libXpm: Runaway loop on width of 0 and enormous height (CVE-2022-44617, bsc#1207030) - U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch * libXpm: compression commands depend on $PATH (CVE-2022-4883, bsc#1207031) - U_regression-bug1207029_1207030_1207031.patch * regression fix for above patches - U_regression2-bug1207029_1207030_1207031.patch * second regression fix: Use gzip -d instead of gunzip ==== libevent ==== - Disable the select backend, this can be easily done by lying to configure. This is done due to: * using fd number > 1024 on an fd_set results in a runtime fortify source assertion, preventing further doom. * select will not be changed to handle fd > 1024. * this limit is unreasonable low for this century. ==== librsvg ==== Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - update vendor tarball - actually run the testsuite for x86_64 (bsc#1207167) ==== libstorage-ng ==== Version update (4.5.63 -> 4.5.64) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#912 - allow both 'swap' and 'none' as path for swap in fstab - added testcase - 4.5.64 ==== manpages-l10n ==== Version update (4.16.0 -> 4.17.0) Subpackages: man-pages-cs man-pages-da man-pages-de man-pages-el man-pages-es man-pages-fr man-pages-hu man-pages-it man-pages-pl man-pages-pt_BR - Update to version 4.17.0: * Updated many translations. * Swedish is now actively maintained. * New language: Russian. ==== ncurses ==== Version update (6.4.20230107 -> 6.4.20230114) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20230114 + change RV to XR/xr, to avoid conflict with pre-existing usage in vim, to use RV/rv to denote DA2 and its response (discussion with Bram Moolenaar) -TD + add XF flag to xterm+focus so that termcap applications can be aware of terminals which may support focus in/out -TD + use xterm+focus in xterm-p370 and tmux -TD + improve configure-script macros vs compiler warnings. - Correct offsets of patches * ncurses-5.9-ibm327x.dif * ncurses-6.4.dif ==== perl ==== Subpackages: perl-base perl-doc - Replace usage of deprecated fgrep with grep -F. ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-lang pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add patch from upstream to avoid division by 0 and other issues with invalid values (glfo#pipewire/pipewire#2953): * 0001-alsa-guard-against-some-invalid-values.patch - Add patch from upstream to fix causing an overflow resulting in choppy sound in some cases (glfo#pipewire/pipewire#2680): * 0001-spa-Fix-audioconvert-overflow-when-scaling.patch - Add patch from upstream to fix a crash on arm: * 0001-cpu-arm-Fix-incorrect-free.patch ==== python-chardet ==== - skip python 3.6 builds ==== python-configobj ==== - require setuptools ==== python-httpx ==== Version update (0.23.0 -> 0.23.3) - Update to 0.23.3 * Version 0.23.2 accidentally included stricter type checking on query parameters. This shouldn've have been included in a minor version bump, and is now reverted. (#2523, #2539) - 0.23.2 (2nd Jan, 2023) * Support digest auth nonce counting to avoid multiple auth requests. (#2463) * Multipart file uploads where the file length cannot be determine now use chunked transfer encoding, rather than loading the entire file into memory in order to determine the `Content-Length`. (#2382) * Raise `TypeError` if content is passed a dict-instance. (#2495) * Partially revert the API breaking change in 0.23.1, which removed `RawURL`. We continue to expose a `url.raw` property which is now a plain named-tuple. This API is still expected to be deprecated, but we will do so with a major version bump. (#2481) - 0.23.1 (18th Nov, 2022) * *Note**: The 0.23.1 release should have used a proper version bump, rather than a minor point release. There are API surface area changes that may affect some users. See the "Removed" section of these release notes for details. [#]## Added * Support for Python 3.11. (#2420) * Allow setting an explicit multipart boundary in `Content-Type` header. (#2278) * Allow `tuple` or `list` for multipart values, not just `list`. (#2355) * Allow `str` content for multipart upload files. (#2400) * Support connection upgrades. See https://www.encode.io/httpcore/extensions/#upgrade-requests [#]## Fixed * Don't drop empty query parameters. (#2354) [#]## Removed * Upload files *must* always be opened in binary mode. (#2400) * Drop `.read`/`.aread` from `SyncByteStream`/`AsyncByteStream`. (#2407) * Drop `RawURL`. (#2241) ==== python310-packaging ==== Version update (22.0 -> 23.0) - Update to v23.0 * Remove unused LPAREN token from tokenizer by @hrnciar in #630 * Reorganise the project layout and version management by @pradyunsg in #626 * Correctly handle non-normalised specifiers in requirements by @pradyunsg in #634 * Use stable Python 3.11 in tests by @153957 in #641 * Fix typing for specifiers.BaseSpecifier.filter() by @henryiii in #643 * Correctly handle trailing whitespace on URL requirements by @pradyunsg in #642 * refactor _generic_api to use EXT_SUFFIX by @mattip in #607 * Allow "extra" to be None in the marker environment by @pradyunsg in #650 * Fix typos by @kianmeng in #648 * Update changelog for release by @pradyunsg in #656 ==== rpm ==== Subpackages: librpmbuild9 - Replace transitional %usrmerged macro with regular version check (boo#1206798) ==== yast2-storage-ng ==== Version update (4.5.15 -> 4.5.16) - Extended regexp to identify Dell BOSS storage devices (bsc#1200975) - 4.5.16