Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20240117 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: baobab bash (5.2.21 -> 5.2.26) elfutils (0.189 -> 0.190) elfutils-debuginfod (0.189 -> 0.190) eog evince fwupd gnome-logs gnome-music grub2 gtksourceview libgsf libosinfo live555 (2023.05.10 -> 2023.11.30) llvm17 memtest86+ mosh orca (45.1 -> 45.2) polari python-flufl.i18n python-lxml (4.9.4 -> 5.1.0) python-numpy python-redis python-zope.component readline (8.2 -> 8.2.10) shadow (4.14.2 -> 4.14.3) telepathy-logger upower xorg-x11-server (21.1.9 -> 21.1.11) xwayland (23.2.2 -> 23.2.4) === Details === ==== baobab ==== Subpackages: baobab-lang - Convert to source service for easier updating. ==== bash ==== Version update (5.2.21 -> 5.2.26) Subpackages: bash-doc bash-lang bash-sh - Add upstream patches * bash52-022 It's possible for readline to try to zero out a line that's not null-terminated, leading to a memory fault. * bash52-023 Running `local -' multiple times in a shell function would overwrite the original saved set of options. * bash52-024 Fix bug where associative array compound assignment would not expand tildes in values. * bash52-025 Make sure a subshell checks for and handles any terminating signals before exiting (which might have arrived after the command completed) so the parent and any EXIT trap will see the correct value for $?. ==== elfutils ==== Version update (0.189 -> 0.190) Subpackages: elfutils-lang libasm1 libdw1 libelf1 - Update to version 0.190: * libelf: Add RELR support. * libdw: Recognize .debug_[ct]u_index sections * readelf: - Support readelf -Ds, --use-dynamic --symbol. - Support .gdb_index version 9 * scrlines: New tool that compiles a list of source files associated with a specified dwarf/elf file. * backends: Various LoongArch updates. ==== elfutils-debuginfod ==== Version update (0.189 -> 0.190) Subpackages: debuginfod-client debuginfod-profile libdebuginfod1 - Update to version 0.190 * Schema change (reindexing required, sorry!) for a 60% compression in filename representation, which was a large part of the sqlite index; also, more deliberate sqlite - wal management during scanning using the - -scan-checkpoint option. ==== eog ==== Subpackages: eog-lang - Convert to source service for easier updating. - Own /usr/share/gtk-doc: glib no longer uses gtk-doc and as a consequence cannot be held responsible to deliver that basic directory structure. ==== evince ==== Subpackages: evince-lang evince-plugin-comicsdocument evince-plugin-djvudocument evince-plugin-dvidocument evince-plugin-pdfdocument evince-plugin-tiffdocument evince-plugin-xpsdocument libevdocument3-4 libevview3-3 typelib-1_0-EvinceDocument-3_0 typelib-1_0-EvinceView-3_0 - Convert to source service for easier updating. ==== fwupd ==== Subpackages: fwupd-bash-completion fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0 - Fix build failure on s390x and ppc64le + This release modifies spec file - add s390x and ppc64le into default 'with efi_fw_update' so that old dbxtool version can be obsoleted. ==== gnome-logs ==== Subpackages: gnome-logs-lang - Convert to source service for easier updating. ==== gnome-music ==== Subpackages: gnome-music-lang - Convert to source service for easier updating. ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Resolved XFS regression leading to the "not a correct XFS inode" error by temporarily reverting the problematic commit (bsc#1218864) * 0001-Revert-fs-xfs-Fix-XFS-directory-extent-parsing.patch ==== gtksourceview ==== Subpackages: gtksourceview-lang libgtksourceview-3_0-1 typelib-1_0-GtkSource-3_0 - Own /usr/share/gtk-doc: glib no longer uses gtk-doc and as a consequence cannot be held responsible to deliver that basic directory structure. ==== libgsf ==== Subpackages: gsf-office-thumbnailer libgsf-1-114 libgsf-lang - Own /usr/share/gtk-doc: glib no longer uses gtk-doc and as a consequence cannot be held responsible to deliver that basic directory structure. ==== libosinfo ==== Subpackages: libosinfo-1_0-0 libosinfo-lang typelib-1_0-Libosinfo-1_0 - Own /usr/share/gtk-doc: glib no longer uses gtk-doc and as a consequence cannot be held responsible to deliver that basic directory structure. ==== live555 ==== Version update (2023.05.10 -> 2023.11.30) Subpackages: libBasicUsageEnvironment2 libUsageEnvironment3 libgroupsock30 - update up to 2023.11.30: * In the implementation of the "MPEGVideoStreamFramer" class, gave "TimeCode::operator==()" the "const" qualifier, to make some compilers happy. * Performed the annual update of the copyright years near the start of each file - update to 2023.11.08: * Changed the signature to the virtual function "getRTPSinkandRTCP()" (in "ServerMediaSubession", and its subclasses "OnDemandServerMediaSession" and "PassiveServerMediaSubsession") to make its 'result' arguments "rtpSink" and "rtcp" no longer "const *". There was no real reason to make those "const *". - update to 2023.11.07: * In the class "GenericMediaServer", made the variables "fServerMediaSessions", "fClientConnections", and "fClientSessions" 'protected' rather than 'private', to allow subclasses to access them if desired. - update to 2023.10.30: * Fixed a bug in "deleteEventTrigger()" that had accidentally been introduced during the change to 'event trigger' implementation back in June. - update to 2023.07.24: * Updated the event trigger implementation once again, to allow for the possibility of developers redefining MAX_NUM_EVENT_TRIGGERS (it must always be <= the number of bits in an "EventTriggerId", though. - update to 2023.06.20: * Updated the event trigger implementation again - in the case where "NO_STD_LIB" is defined. In this case, "fTriggersAwaitingHandling" is implemented as an array of "Boolean volatile"s, rather than as a 32-bit bitmap. This should make 'race conditions' less likely even if "NO_STD_LIB" is defined (though you should use the preferred, default implementation - that uses an array of "std::atomic_flag"s - if possible). - update to 2023.06.16: * Changed the (default) implementation of 'event triggers' in "BasicTaskScheduler" to implement "fTriggersAwaitingHandling" using "std:atomic_flag"s, rather than as a bitmap. This should overcome 'race conditions' that some users experienced when calling "triggerEvent()" from a non-LIVE555 thread. * Note that this is the first time the LIVE555 code has required the C++ standard library. (If you cannot use the C++ standard library, then you can compile the code - but getting the old behavior - by defining "NO_STD_LIB".) * Minor change to "RTSPCommon.cpp" to overcome a compilation error in XCode on Mac OS X. - update to 2023.06.14: * Fixed a bug in the Matroska file parsing code that could sometimes cause a 'use after free' error. (bsc#1218758, CVE-2023-20573) - update to 2023.06.10: * Minor change to "GroupsockHelper.cpp" to overcome a compilation error in XCode on Mac OS X. - update to 2023.06.08: * Updated the "dateHeader()" function in "RTSPCommon.cpp" to use "gmtime_r()" instead of the older, non-thread-safe "gmtime()". - Applied workarounds for the build error with atomic_flag test ==== llvm17 ==== - Use %_target_* for determining the compiler host triple (boo#1218701) ==== memtest86+ ==== - Change spec license to GPL-2.0-only * Outcome of legal review, requested by SUSE legal team- ==== mosh ==== - Remove the deprecated perl-IO-Socket-INET6 dependency. * Remove the dependency on perl(IO::Socket::INET6) as it has been deprecated by upstream, is no longer suitable for use and its not being maintained. A compatible replacement for this package is perl(IO::Socket::IP) which is shipped by the perl-base package. * In the sources, the perl(IO::Socket::IP) is preferred over INET6. ==== orca ==== Version update (45.1 -> 45.2) Subpackages: orca-lang - Update to version 45.2: + Web: Fix bug causing us to get stuck in menu bar during caret navigation. + General: Dump our cached information in response to children-changed events so that we do not present stale information. + Updated translations. ==== polari ==== Subpackages: polari-lang - Convert to source service for easier updating. ==== python-flufl.i18n ==== - Drop unneeded pdm dependency ==== python-lxml ==== Version update (4.9.4 -> 5.1.0) - update to version 5.1.0: Details on https://lxml.de/5.1/changes-5.1.0.html removed merged patches: - ISO-Schematron-schema-optional.patch - remove-ISO-Schematron-schema.patch - close_file_before_test.patch ==== python-numpy ==== - Update list of expected test failures on riscv64 - Fix gnu-hpc build error for Leap ==== python-redis ==== - add https://github.com/redis/redis-py/pull/3005 as Close-various-objects-created-during-asyncio-tests.patch to fix tests for python 3.12 ==== python-zope.component ==== - Rearrange requirements, run only basic testsuite in SLE-based projects ==== readline ==== Version update (8.2 -> 8.2.10) Subpackages: libreadline8 readline-doc - Add upstream patch readline82-008 * Add missing prototypes for several function declarations - Add upstream patch readline82-009 * Fix issue where the directory name portion of the word to be completed (the part that is passed to opendir()) requires both tilde expansion and dequoting. Readline only performed tilde expansion in this case, so filename completion would fail. - Add upstream patch readline82-010 * Fix the case where text to be completed from the line buffer (quoted) is compared to the common prefix of the possible matches (unquoted) and the quoting makes the former appear to be longer than the latter. Readline assumes the match doesn't add any characters to the word and doesn't display multiple matches. - Port patches * readline-5.2-conf.patch * readline-6.2-metamode.patch * readline-7.0-screen.patch * readline-8.2.dif ==== shadow ==== Version update (4.14.2 -> 4.14.3) Subpackages: libsubid4 login_defs - Update to 4.14.3: * libshadow: + Avoid null pointer dereference (#904) ==== telepathy-logger ==== Subpackages: libtelepathy-logger3 telepathy-logger-schema typelib-1_0-TelepathyLogger-0_2 - Own /usr/share/gtk-doc: glib no longer uses gtk-doc and as a consequence cannot be held responsible to deliver that basic directory structure. ==== upower ==== Subpackages: libupower-glib3 typelib-1_0-UpowerGlib-1_0 upower-lang - Own /usr/share/gtk-doc: glib no longer uses gtk-doc and as a consequence cannot be held responsible to deliver that basic directory structure. ==== xorg-x11-server ==== Version update (21.1.9 -> 21.1.11) Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - Update to version 21.1.11 * This release contains fixes for the issues reported in today's security advisory: https://lists.x.org/archives/xorg/2024-January/061525.html * CVE-2023-6816 (bsc#1218582) * CVE-2024-0229 (bsc#1218583) * CVE-2024-21885 (bsc#1218584) * CVE-2024-21886 (bsc#1218585) * CVE-2024-0408 * CVE-2024-0409 - supersedes the following patches * U_xephyr-Don-t-check-for-SeatId-anymore.patch * U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch * U_bsc1217766-randr-avoid-integer-truncation-in-length-check-of-Pr.patch ==== xwayland ==== Version update (23.2.2 -> 23.2.4) - This release contains also the following patches mentioned in previous sle15 releases * bsc1218582-0001-dix-allocate-enough-space-for-logical-button-maps.patch * bsc1218583-0001-dix-Allocate-sufficient-xEvents-for-our-DeviceStateN.patch * bsc1218583-0002-dix-fix-DeviceStateNotify-event-calculation.patch * bsc1218583-0003-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch * bsc1218584-0001-Xi-flush-hierarchy-events-after-adding-removing-mast.patch * bsc1218585-0001-Xi-do-not-keep-linked-list-pointer-during-recursion.patch * bsc1218585-0002-dix-when-disabling-a-master-float-disabled-slaved-de.patch - This release contains also the missing fixes of initial U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch (bsc#1217765) - Update to version 23.2.4 * This release contains fixes for the issues reported in today's security advisory: https://lists.x.org/archives/xorg/2024-January/061525.html * CVE-2023-6816 (bsc#1218582) * CVE-2024-0229 (bsc#1218583) * CVE-2024-21885 (bsc#1218584) * CVE-2024-21886 (bsc#1218585) * CVE-2024-0408 * CVE-2024-0409 - supersedes the patches mentioned below: * U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch * U_bsc1217766-randr-avoid-integer-truncation-in-length-check-of-Pr.patch