Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20231013 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: freetype2 (2.13.1 -> 2.13.2) grub2 gtk3 libgcrypt libnvme libyui (4.6.0 -> 4.6.1) libyui-ncurses (4.6.0 -> 4.6.1) libyui-ncurses-pkg (4.6.0 -> 4.6.1) libyui-qt (4.6.0 -> 4.6.1) libyui-qt-graph (4.6.0 -> 4.6.1) libyui-qt-pkg (4.6.0 -> 4.6.1) microos-tools (2.21+git0 -> 2.21+git5) nvme-cli perl-CGI (4.57 -> 4.590.0) pipewire (0.3.80 -> 0.3.81) python-sniffio python-urllib3 qt6-base (6.5.3 -> 6.6.0) qt6-declarative (6.5.3 -> 6.6.0) qt6-imageformats (6.5.3 -> 6.6.0) qt6-translations (6.5.3 -> 6.6.0) qt6-wayland (6.5.3 -> 6.6.0) samba (4.19.0+git.306.19d2e214c58 -> 4.19.1+git.312.c912b3d2ef6) selinux-policy (20230728 -> 20231012) udisks2 wireplumber (0.4.14 -> 0.4.15) === Details === ==== freetype2 ==== Version update (2.13.1 -> 2.13.2) - Update to version 2.13.2: - Better support for CFF2 variation fonts. - TrueType interpreter version 38 (also known as 'Infinality') has been removed. - Improved OpenVMS support. ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Fix CVE-2023-4692 (bsc#1215935) - Fix CVE-2023-4693 (bsc#1215936) * 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch * 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch * 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch * 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch * 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch * 0006-fs-ntfs-Make-code-more-readable.patch - Bump upstream SBAT generation to 4 ==== gtk3 ==== Subpackages: gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-tigrigna gtk3-immodule-vietnamese gtk3-immodule-xim gtk3-lang gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Revert RPM ternary operations on SLE where rpm version is not ready. ==== libgcrypt ==== Subpackages: libgcrypt20 libgcrypt20-32bit - POWER: performance enhancements for cryptography [jsc#PED-5088] * Optimize Chacha20 and Poly1305 for PPC P10 LE: [T6006] - Chacha20/poly1305: Optimized chacha20/poly1305 for P10 operation [rC88fe7ac33eb4] - ppc: enable P10 assembly with ENABLE_FORCE_SOFT_HWFEATURES on arch-3.00 [rC2c5e5ab6843d] * Add patches: - libgcrypt-Chacha20-poly1305-Optimized-chacha20-poly1305.patch - libgcrypt-ppc-enable-P10-assembly-with-ENABLE_FORCE_SOF.patch ==== libnvme ==== Subpackages: libnvme-mi1 libnvme1 - Add missing jsc# tracking references to changelog ==== libyui ==== Version update (4.6.0 -> 4.6.1) - Qt Pkg: Show patterns order column if environment variable Y2_SHOW_PATTERNS_ORDER is set - Qt Pkg: Show invisible patterns if environment variable SHOW_INVISIBLE_PATTERNS is set - Qt Pkg: Fixed pattern categories order: Use first, not last pattern (bsc#1216093) https://github.com/libyui/libyui/pull/107 - 4.6.1 ==== libyui-ncurses ==== Version update (4.6.0 -> 4.6.1) - Qt Pkg: Show patterns order column if environment variable Y2_SHOW_PATTERNS_ORDER is set - Qt Pkg: Show invisible patterns if environment variable SHOW_INVISIBLE_PATTERNS is set - Qt Pkg: Fixed pattern categories order: Use first, not last pattern (bsc#1216093) https://github.com/libyui/libyui/pull/107 - 4.6.1 ==== libyui-ncurses-pkg ==== Version update (4.6.0 -> 4.6.1) - Qt Pkg: Show patterns order column if environment variable Y2_SHOW_PATTERNS_ORDER is set - Qt Pkg: Show invisible patterns if environment variable SHOW_INVISIBLE_PATTERNS is set - Qt Pkg: Fixed pattern categories order: Use first, not last pattern (bsc#1216093) https://github.com/libyui/libyui/pull/107 - 4.6.1 ==== libyui-qt ==== Version update (4.6.0 -> 4.6.1) - Qt Pkg: Show patterns order column if environment variable Y2_SHOW_PATTERNS_ORDER is set - Qt Pkg: Show invisible patterns if environment variable SHOW_INVISIBLE_PATTERNS is set - Qt Pkg: Fixed pattern categories order: Use first, not last pattern (bsc#1216093) https://github.com/libyui/libyui/pull/107 - 4.6.1 ==== libyui-qt-graph ==== Version update (4.6.0 -> 4.6.1) - Qt Pkg: Show patterns order column if environment variable Y2_SHOW_PATTERNS_ORDER is set - Qt Pkg: Show invisible patterns if environment variable SHOW_INVISIBLE_PATTERNS is set - Qt Pkg: Fixed pattern categories order: Use first, not last pattern (bsc#1216093) https://github.com/libyui/libyui/pull/107 - 4.6.1 ==== libyui-qt-pkg ==== Version update (4.6.0 -> 4.6.1) - Qt Pkg: Show patterns order column if environment variable Y2_SHOW_PATTERNS_ORDER is set - Qt Pkg: Show invisible patterns if environment variable SHOW_INVISIBLE_PATTERNS is set - Qt Pkg: Fixed pattern categories order: Use first, not last pattern (bsc#1216093) https://github.com/libyui/libyui/pull/107 - 4.6.1 ==== microos-tools ==== Version update (2.21+git0 -> 2.21+git5) - Update to version 2.21+git5: * 98selinux-microos: Set mount propagation properly * 98selinux-microos: Convert tabs to spaces * 98selinux-microos: Don't include setenforce unnecessarily * Add spec file * systemd-proxy-env: fix typos in setup-systemd-proxy-env - Use the .spec file from the repo ==== nvme-cli ==== Subpackages: nvme-cli-bash-completion - Add missing jsc# and bsc# tracking entries in change log. ==== perl-CGI ==== Version update (4.57 -> 4.590.0) - updated to 4.59 see /usr/share/doc/packages/perl-CGI/Changes 4.59 2023-10-02 [ FIX ] - Bring VERSION values inline 4.58 2023-10-02 [ FIX ] - Update cookie expires date format (GH #258 , thanks to robbiebow) ==== pipewire ==== Version update (0.3.80 -> 0.3.81) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add patches from upstream that fix pro-audio not producing any sound in 0.3.81: * 0001-alsa-add-api.alsa.auto-link-option.patch * 0002-acp-fix-compilation.patch * 0003-acp-only-join-and-link-when-1-capture-and-1-playback.patch * 0004-acp-only-disable-tsched-when-linking.patch - Add patch from upstream that fixes issues when PCM is stopped, which includes fixing sound in qemu: * 0001-alsa-dont-check-early-wakeup-when-PCM-stopped.patch - Pipewire now requires vulkan 1.3, so we have to disable vulkan support if this requirement is not fulfilled in order to build correctly in Leap. - Update to version 0.3.81: * Highlights - jackdbus support is now enabled by default. - IRQ based scheduling in ALSA was improved and enabled by default for Pro-Audio profile. It will also link the pcms together to get lower latency. This now matches what JACK does and gives equal latency to PipeWire for Pro-Audio profiles. - Support both old and new versions of webrtc-audio-processing to make the transition easier. - Forced quantum changes by nodes or metadata will now also force a suspend and resume of the graph, like the rate changes to make sure all nodes adapt to the new quantum. This is important for Pro-Audio nodes that need to reconfigure the hardware to a new period in IRQ-based scheduling. - Fix a regression in regex parsing. - Many bugfixes and improvements. * PipeWire - jackdbus is by default enabled now. The idea is that when jackdbus is installed, the real libjack.so is in the path and we can become a real JACK client. - Forces quantum changes by nodes or metadata will now also force a suspend and resume in the graph, like the rate changes to make sure all nodes adapt to the new quantum. This is important for Pro-Audio nodes that need to reconfigure the hardware to a new period. - The stream now has an EARLY_PROCESS option that can be used to implement custom buffer fill levels. - Fix a regression in regex parsing. - Fix a bug in position reporting in the driver node. - Destroying a link will now recalculate the graph correctly. - Fix the rate comparison for finding the best rate in the graph. - Use malloc_trim() when available to release memory. * Tools - pw-cat now supports DFF DSD files. - pw-cli avoid some NULL derefs in some cases. * Modules - The RAOP sink has seen some cleanups and improvements. It will now ask for feedback every 2 seconds to keep some devices alive. - A bug in filter-chain was fixed where it would fail to apply the gain when when mixing just one source. - The filter-chain can now pass the stream volume to a control in the filter-chain graph. - Improve volume handling in RAOP sink. * Pulse-server - Some cleanup in the pending_stream handling. - Fix a regression in the event emission code where it failed to emit a changed event when a node was linked. - Lower the realtime priority of pulseaudio clients. - Set pulse.module.id on the echo-cancel streams. * SPA - Support both old and new versions of webrtc-audio-processing to make the transition easier. - The ALSA driver now does the synch of all followers directly from the wakeup event. This results in more stable rate matching. - IRQ based scheduling in ALSA was improved and enabled by default for Pro-Audio profile. It will also link the pcms together to get lower latency. This now matches what JACK does and gives equal latency to PipeWire for Pro-Audio profiles. - GNU/Hurd support was added. - Some improvements to passthrough handling. * Bluetooth - Improvements to the codec handling when PipeWire is used as Audio Gateway. - Adapt to new Bluez API for BAP devices. * JACK - When the jack library is set in the default library path, avoid using LD_LIBRARY_PATH because this can cause confusion. - Handle clearing the latency on a port. - jack_property now always manages to actually change the metadata because it waits for a roundtrip before exiting. ==== python-sniffio ==== - Clean up the SPEC file ==== python-urllib3 ==== - Update Buildrequires to upstream list. ==== qt6-base ==== Version update (6.5.3 -> 6.6.0) Subpackages: libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6Sql6 libQt6Test6 libQt6Widgets6 qt6-network-tls qt6-platformtheme-gtk3 - Update to 6.6.0 * https://www.qt.io/blog/qt-6.6-released - Add patch to fix creation of -debuginfo packages for qmake builds: * 0001-Don-t-strip-binaries-when-building-with-qmake.patch ==== qt6-declarative ==== Version update (6.5.3 -> 6.6.0) Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlModels6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 qt6-declarative-imports - Update to 6.6.0 * https://www.qt.io/blog/qt-6.6-released ==== qt6-imageformats ==== Version update (6.5.3 -> 6.6.0) - Update to 6.6.0 * https://www.qt.io/blog/qt-6.6-released ==== qt6-translations ==== Version update (6.5.3 -> 6.6.0) - Update to 6.6.0 * https://www.qt.io/blog/qt-6.6-released ==== qt6-wayland ==== Version update (6.5.3 -> 6.6.0) Subpackages: libQt6WaylandClient6 libQt6WaylandCompositor6 libQt6WaylandEglClientHwIntegration6 libQt6WaylandEglCompositorHwIntegration6 libQt6WlShellIntegration6 - Update to 6.6.0 * https://www.qt.io/blog/qt-6.6-released ==== samba ==== Version update (4.19.0+git.306.19d2e214c58 -> 4.19.1+git.312.c912b3d2ef6) Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-32bit samba-client-libs samba-client-libs-32bit samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs samba-winbind-libs-32bit - CVE-2023-4091: samba: Client can truncate file with read-only permissions; (bsc#1215904); (bso#15439). - CVE-2023-42669: samba: rpcecho, enabled and running in AD DC, allows blocking sleep on request; (bso#1215905); (bso#15474). - CVE-2023-42670: samba: The procedure number is out of range when starting Active Directory Users and Computers; (bsc#1215906); (bso#15473). - CVE-2023-3961: samba: Unsanitized client pipe name passed to local_np_connect(); (bsc#1215907); (bso#15422). - CVE-2023-4154: samba: dirsync allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES; (bsc#1215908); (bso#15424). ==== selinux-policy ==== Version update (20230728 -> 20231012) Subpackages: selinux-policy-targeted - Update to version 20231012: * Allow sssd_t watch permission to net_conf_t dirs (bsc#1216052) * Revert fix for bsc#1205770 since it causes a regression for bsc#1214887 ==== udisks2 ==== Subpackages: libudisks2-0 libudisks2-0_btrfs udisks2-bash-completion udisks2-lang - fix mount failure on ntfs formatted usb disks (bsc#1216055) * add: 0001-doc-Clarify-the-Filesystem.Size-property-presence.patch 0001-tests-Mark-UDF-fstab-filesystem-tests-as-unstable.patch 0001-udiskslinuxfilesystem-Refactor-internal-whitelists.patch 0001-tests-Add-offline-and-online-filesystem-grow-tests.patch 0001-udiskslinuxfilesystem-Force-native-tools-for-mounted.patch ==== wireplumber ==== Version update (0.4.14 -> 0.4.15) Subpackages: libwireplumber-0_4-0 wireplumber-audio wireplumber-lang - Update to version 0.4.15: * Additions: - A new "DSP policy" module has been added; its purpose is to automatically load a filter-chain when a certain hardware device is present, so that audio always goes through this software DSP before reaching the device. This is mainly to support Apple M1/M2 devices, which require a software DSP to be always present - WpImplModule now supports loading module arguments directly from a SPA-JSON config file; this is mainly to support DSP configuration for Apple M1/M2 and will likely be reworked for 0.5 - Added support for automatically combining Bluetooth LE Audio device sets (e.g. pairs of earbuds) (!500) - Added command line options in wpctl to display device/node names and nicknames instead of descriptions - Added zsh completions file for wpctl - The device profile selection policy now respects the device.profile property if it is set on the device; this is useful to hand-pick a profile based on static configuration rules (alsa_monitor.rules) * Changes/Fixes: - Linking policy now sends an error to the client before destroying the node, if it determines that the node cannot be linked to any target; this fixes error reporting on the client side - Fixed a crash in suspend-node that could happen when destroying virtual sinks that were loaded from another process such as pw-loopback - Virtual machine default period size has been bumped to 1024 - Updated bluez5 default configuration, using bluez5.roles instead of bluez5.headset-roles now (!498) - Disabled Bluetooth autoconnect by default (!514) - Removed RestrictNamespaces option from the systemd services in order to allow libcamera to load sandboxed IPA modules - Fixed a JSON encoding bug with empty strings - Lua code can now parse strings without quotes from SPA-JSON - Added some missing \since annotations and made them show up in the generated gobject-introspection file, to help bindings generators - Add zsh-completion subpackage