Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20231117 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: AppStream (0.16.3 -> 0.16.4) bash (5.2.15 -> 5.2.21) bind (9.18.19 -> 9.18.20) createrepo_c freerdp fwupd gdb google-noto-fonts grub2 gstreamer (1.22.6 -> 1.22.7) gstreamer-plugins-bad (1.22.6 -> 1.22.7) gstreamer-plugins-base (1.22.6 -> 1.22.7) gstreamer-plugins-good (1.22.6 -> 1.22.7) gstreamer-plugins-libav (1.22.6 -> 1.22.7) gstreamer-plugins-ugly (1.22.6 -> 1.22.7) libgcrypt (1.10.2 -> 1.10.3) libstorage-ng (4.5.156 -> 4.5.157) lua54 nodejs21 (21.1.0 -> 21.2.0) openssl-1_1 openssl-3 perl-IO-Socket-SSL (2.083 -> 2.84.0) perl-Mail-AuthenticationResults (2.20230112 -> 2.20231031) pipewire (0.3.84 -> 0.3.85) poppler (23.10.0 -> 23.11.0) poppler-qt5 (23.10.0 -> 23.11.0) python-psutil (5.9.5 -> 5.9.6) python-sniffio qemu rubygem-nokogiri (1.13.9 -> 1.15.4) rubygem-rails-html-sanitizer (1.5.0 -> 1.6.0) syslinux xen (4.17.2_04 -> 4.18.0_02) xfce4-whiskermenu-plugin (2.8.0 -> 2.8.1) === Details === ==== AppStream ==== Version update (0.16.3 -> 0.16.4) Subpackages: AppStream-lang libAppStreamQt2 libappstream4 - Update to version 0.16.4: * Features: - Allow hyphens in the last segment of a component-ID - Implement the developer element for unique developer IDs - Add meson overrides * Bugfixes: - meson: Prevent building attempts with MSVC - meson: Avoid potentially bad sed backup filename when fixing .pc file * Miscellaneous: Make sed invocation more portable - Rebase patch with quilt. ==== bash ==== Version update (5.2.15 -> 5.2.21) Subpackages: bash-doc bash-lang bash-sh - Declare token YYEOF to be able to support older bison versions as well - Be sure to have a usable bison installed at build time - Add upstream patches * bash52-021 There is an off-by-one error that causes command substitutions to fail when they appear in a word expansion inside a here-document. * bash52-020 The parser did not allow `time' to appear as the first reserved word in a command substitution. * bash52-019 There are some cases where the shell reaped a background (asynchronous) job and would incorrectly try to set the terminal's process group back to the shell's. In these cases it never set the terminal process group to that jobs's process group initially, so resetting it is incorrect. * bash52-018 There are two problems with returning tokens to yyparse() when the shell encounters a syntax error or when it reads EOF. When reading a WORD token, the parser has to return the correct value to yyparse. Previous versions returned a value < 0, which the bash parser translated into YYERRCODE for bison, and in newer versions of bison, the appropriate reset actions didn't happen. We should return YYUNDEF, which bison uses for `invalid token'. Since we can return a token < 0 for both invalid tokens and EOF, the bash tokenizer needs to differentiate between those two cases. * bash52-017 In certain cases, using the `.' builtin in a subshell would optimize away the rest of the commands in the subshell. * bash52-016 If an expression in an arithmetic for loop expands to NULL, the shell would crash. - Correct offsets of patches * bash-4.3-sigrestart.patch * bash-5.2.dif ==== bind ==== Version update (9.18.19 -> 9.18.20) Subpackages: bind-doc bind-utils - Update to release 9.18.20 Feature Changes: * The IP addresses for B.ROOT-SERVERS.NET have been updated to 170.247.170.2 and 2801:1b8:10::b. Bug Fixes: * If the unsigned version of an inline-signed zone contained DNSSEC records, it was incorrectly scheduled for resigning. This has been fixed. * Looking up stale data from the cache did not take local authoritative data into account. This has been fixed. * An assertion failure was triggered when lock-file was used at the same time as the named -X command-line option. This has been fixed. * The lock-file file was being removed when it should not have been, making the statement ineffective when named was started three or more times. This has been fixed. - Disable SLP by default for Factory and ALP (bsc#1214884) ==== createrepo_c ==== Subpackages: libcreaterepo_c1 python3-createrepo_c - remove unneeded file-devel dependency ==== freerdp ==== Subpackages: libfreerdp2-2 libwinpr2-2 - Fix winpr-devel dependencies. WinePRTargets-*.cmake defines CMake targets for winpr-hash and winpr-makecert. They have to be present. ==== fwupd ==== Subpackages: fwupd-bash-completion fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0 - Re-add fwupd-bsc1130056-change-shim-path.patch: patch was dropped in error (boo#1217138). ==== gdb ==== - Maintenance script qa.sh: * Update PR31004 kfail. - Patches added (backport from gdb-patches): * gdb-fix-segfault-in-for_each_block-part-1.patch - Maintenance script qa.sh: * Update PR28561 kfail. * Remove PR31015 kfail. * Remove PR30547 kfail. - Patches added (backport from master): * gdb-symtab-add-producer_is_gas.patch * gdb-symtab-work-around-gas-pr28629.patch * gdb-tdep-fix-nr-array-elements-in-ppc64_aggregate_ca.patch * gdb-testsuite-fix-gdb.python-py-breakpoint.exp-with-.patch * gdb-tui-fix-segfault-in-tui_find_disassembly_address.patch * gdb-tui-fix-wmaybe-uninitialized-in-tui_find_disasse.patch * gdb-testsuite-add-wait_for_msg-arg-to-term-resize-fi.patch - Patches added (backport from gdb-patches): * gdb-fix-segfault-in-for_each_block-part-2.patch * gdb-tui-allow-command-window-of-1-or-2-lines.patch * gdb-tui-fix-resizing-of-terminal-to-1-or-2-lines.patch - Maintenance script qa.sh: * Remove PR28467, PR29418, PR29420, PR29814 and PR29408 kfail. * Remove gdb.tui/tui-layout-asm-short-prog.exp kfail. * Remove commit f68eca29d3b, 29004660c94, 301fe55e9c4, 4d88ae0c7b5, e7d69e72bfd, 8b272d7671f, 85819864f7c, 167f3beb655 and a0eda3df5b7 kfails. * Add PR31015 kfail. * Remove PR29793 kfail. * Remove gdb.arch/powerpc-bcl-prologue.exp kfail. * Remove PR29813 and PR29816 kfail. - Maintenance script qa.sh: * Update PR28561 kfail. * Update PR29781 kfail. - Maintenance script qa-local.sh: * Add "Verify quilt setup" step. - Patches added (backport from master): * gdb-symtab-handle-self-reference-die.patch * gdb-symtab-handle-self-reference-in-inherit_abstract.patch * gdb-symtab-add-optimized-out-static-var-to-cooked-in.patch - Maintenance script qa.sh: * Add comment to kfail for PR30528. * Add UNRESOLVED kfail for gdb.base/gcore-excessive-memory.exp. * Add UNRESOLVED kfail for PR31001. * Remove PR27238 kfail. * Add powerpc64le hw watchpoint kfails. * Add PR31004 kfail. * Add PR30531 kfail. - Patches added (backport from master): * xcoffread.c-fix-werror-dangling-pointer-issue-with-m.patch * avoid-manual-memory-management-in-go-lang.c.patch * gdb-go-handle-v3-go_0-mangled-prefix.patch - Patches added (backport from master): * gdb-symtab-don-t-deduplicate-variables-in-gdb-index.patch - Patches dropped (requires unsupported command): * gdb-testsuite-add-wait-for-index-cache-in-gdb.dwarf2.patch - Maintenance script qa.sh: * Added PR30528 kfail. - Patches added (manual import from fedora rawhide @ 52a4dab): * gdb-rhbz1773651-gdb-index-internal-error.patch - Patches added (backport from master): * gdb-support-rseq-auxvs.patch * gdb-symtab-fix-line-number-of-static-const-class-mem.patch * gdb-symtab-fix-too-many-symbols-in-gdbpy_lookup_stat.patch * gdb-symtab-handle-pu-in-iterate_over_some_symtabs.patch * gdb-symtab-work-around-pr-gas-29517.patch * gdb-testsuite-add-kfail-for-pr-ada-30908.patch * gdb-testsuite-add-xfail-for-gdb-29965-in-gdb.threads.patch * gdb-testsuite-fix-gdb.ada-mi_task_arg.exp-with-newer.patch * gdb-testsuite-fix-gdb.arch-i386-signal.exp-on-x86_64.patch * gdb-testsuite-fix-gdb.cp-m-static.exp-regression-on-.patch * gdb-testsuite-fix-gdb.dwarf2-nullptr_t.exp-with-cc-w.patch * gdb-testsuite-fix-regexps-in-gdb.base-step-over-sysc.patch * gdb-symtab-find-main-language-without-symtab-expansi.patch * gdb-testsuite-add-wait-for-index-cache-in-gdb.dwarf2.patch - Patches moved (from "Backport from gdb-patches" to "Backports from master, available in next release"): * gdb-cli-handle-pending-c-after-rl_callback_read_char.patch * gdb-testsuite-add-have_host_locale.patch - Maintenance script qa.sh: * Remove PR28463, PR28108, PR29247 and PR29160 kfails. * Remove PR30540, PR30908, PR29965 kfails. * Remove gdb.ada/mi_task_arg.exp kfail. - Limit "Suggests: %{python}-Pygments" to SLE-15 and later. - Mention import-fedora.sh to fix warning. - Maintenance script qa.sh: * Update kfail for PR28561. - Maintenance script import-fedora.sh: * New script. Move skipped patches list from gdb.spec to script. - Update to fedora 38 @ 82cc8e0. - Patch renamed: * pass-const-frame_info_ptr-reference-for-skip_-langua.patch -> gdb-rhbz2192105-ftbs-dangling-pointer - Patches added: * gdb-bz2237392-dwarf-obstack-allocation.patch * gdb-bz2237515-debuginfod-double-free.patch * gdb-rhbz2160211-excessive-core-file-warnings.patch * gdb-rhbz2196395-debuginfod-legacy-openssl-crash.patch * gdb-rhbz2233961-CVE-2022-4806.patch * gdb-rhbz2233965-memory-leak.patch ... changelog too long, skipping 14 lines ... * Remove PR27813 kfail and corresponding todo. ==== google-noto-fonts ==== - make build reproducible (boo#1047218) ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Fix XFS regression in 2.12~rc1 and support large extent counters * 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch * 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch * 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch ==== gstreamer ==== Version update (1.22.6 -> 1.22.7) Subpackages: gstreamer-lang gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.22.7: + Highlighted bugfixes: - Security fixes for the MXF demuxer and AV1 codec parser - glfilter: Memory leak fix for OpenGL filter elements - d3d11videosink: Fix toggling between fullscreen and maximized, and window switching in fullscreen mode - DASH / HLS adaptive streaming fixes - Decklink card device provider device name string handling fixes - interaudiosrc: handle non-interleaved audio properly - openh264: Fail gracefully if openh264 encoder/decoder creation fails - rtspsrc: improved whitespace handling in response headers by certain cameras - v4l2codecs: avoid wrap-around after 1000000 frames; tiled formats handling fixes - video-scaler, audio-resampler: downgraded "Can't find exact taps" debug log messages - wasapi2: Don't use global volume control object - Rust plugins: various improvements in aws, fmp4mux, hlssink3, livesync, ndisrc, rtpav1depay, rsfilesink, s3sink, sccparse - WebRTC: various webrtchttp, webrtcsrc, and webrtcsink improvements and fixes - Cerbero build tools: recognise Windows 11; restrict parallelism of gst-plugins-rs build on small systems - Packages: ca-certificates update; fix gio module loading and TLS support on macOS + gstreamer: - debugutils: provide gst_debug_bin_to_dot_data() implementation even if debug system is disabled - Rebase reduce-required-meson.patch ==== gstreamer-plugins-bad ==== Version update (1.22.6 -> 1.22.7) Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.22.7: + audiobuffersplit: disable max-silence-time if set to 0 + libde265: Do not decode the non 4:2:0 8 bits format + codecparsers: av1: Clip max tile rows and cols values + codecs: h265: Do not free slice header before using it + d3d11converter: Fix 10/12bits planar output + d3d11decoder: Fix crash on negotiate() when decoder is not configured + d3d11videosink: Fix toggling between fullscreen and maximized + d3d11videosink: Fix window switching in case of fullscreen mode + d3d11screencapturesrc: Fix mouse cursor blending + decklink: Fix broken COM string conversion + decklink: Decklink Device Provider wrongly parses SDK strings + gstwayland: Don't depend on wayland-protocols + interaudiosrc: Add audio meta to buffers containing non-interleaved samples + kmssink: Add TIDSS auto-detection + mfvideoencoder: Fix typo in template caps + mxfdemux: Store GstMXFDemuxEssenceTrack in their own fixed allocation + nvcodec: fix bounds for auto-select GPU enumeration + openh264: Fail gracefully if openh264 encoder/decoder creation fails + tsmux: More cleanups + tsmux: Fill padding packets with stuffing bytes + v4l2codecs: Fix tiled formats stride conversion + v4l2videodec: Correctly free caps to avoid memory leak + wasapi2: Don't use global volume control object + wasapi2device: Ignore activation failed device - Rebase reduce-required-meson.patch ==== gstreamer-plugins-base ==== Version update (1.22.6 -> 1.22.7) Subpackages: gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.22.7: + audioaggregator, audiomixer: Make access to the pad list thread-safe while mixing + basetextoverlay: Fix overlay never rendering again if width reaches 1px + glfiter: Protect GstGLContext access + glfilter: Only add parent meta if inbuf != outbuf + macOS: fix huge memory leak with glfilter-based elements + rtspconnection: Ignore trailing whitespace in rtsp headers + video-scaler, audio-resampler: downgrade 'can't find exact taps' to debug - Rebase reduce-required-meson.patch ==== gstreamer-plugins-good ==== Version update (1.22.6 -> 1.22.7) Subpackages: gstreamer-plugins-good-extra gstreamer-plugins-good-gtk gstreamer-plugins-good-jack gstreamer-plugins-good-lang gstreamer-plugins-good-qtqml - Update to version 1.22.7: + adaptivedemux2: Do not submit_transfer when cancelled + adaptivedemux2: Call GTasks's return functions for blocking tasks + flacenc: Correctly handle up to 255 cue entries + flvmux: set the src segment position as running time + imagesequencesrc: fix deadlock when feeding the same image in a loop + pngenc: output one frame only in snapshot mode and mark output frames as I-frames + qmlglsrc: sync on the streaming thread + souphttpsrc: Chain up to finalize to fix memory leak + wavparse: fix buffer leak with adtl tag + v4l2codecs: Avoid QBUF/DQBUF struct timeval .tv_usec wrap-around at frame 1000000 + v4l2codecs: Fix tiled formats stride conversion - Rebase reduce-required-meson.patch ==== gstreamer-plugins-libav ==== Version update (1.22.6 -> 1.22.7) - Update to version 1.22.7: + No changes, stable bump only. - Rebase reduce-required-meson.patch. ==== gstreamer-plugins-ugly ==== Version update (1.22.6 -> 1.22.7) Subpackages: gstreamer-plugins-ugly-lang - Update to version 1.22.7: + No changes, stable bump only. - Rebase reduce-required-meson.patch. ==== libgcrypt ==== Version update (1.10.2 -> 1.10.3) Subpackages: libgcrypt20 libgcrypt20-32bit libgcrypt20-x86-64-v3 - Update to 1.10.3: * Bug fixes: - Fix public key computation for other EdDSA curves. [rC469919751d6e] - Remove out of core handler diagnostic in FIPS mode. [T6515] - Check that the digest size is not zero in gcry_pk_sign_md and gcry_pk_verify_md. [T6539] - Make store an s-exp with \0 is considered to be binary. [T6747] - Various constant-time improvements. * Portability: - Use getrandom call only when supported by the platform. [T6442] - Change the default for --with-libtool-modification to never. [T6619] * Release-info: https://dev.gnupg.org/T6817 * Remove patch upstream libgcrypt-1.10.0-out-of-core-handler.patch ==== libstorage-ng ==== Version update (4.5.156 -> 4.5.157) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#965 - refactored class SystemCmd - fixed passing huge amount of data to stdin - coding style - 4.5.157 ==== lua54 ==== - Add skip-tests_big-endian.patch to skip little-endian-only tests (bsc#1216930). ==== nodejs21 ==== Version update (21.1.0 -> 21.2.0) Subpackages: npm21 - Update to 21.2.0 * esm: add import.meta.dirname and import.meta.filename * fs: add stacktrace to fs/promises * lib: + add --no-experimental-global-navigator CLI flag + add navigator.language & navigator.languages + add navigator.platform * stream: + add support for deflate-raw format to webstreams compression + use Array for Readable buffer + optimize creation * test_runner: + adds built in lcov reporter + test_runner: add Date to the supported mock APIs + test_runner, cli: add --test-timeout flag For details see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V21.md#21.... - nodejs20-zlib-1.3.patch: upstreamed, dropped - node-gyp-addon-gypi.patch: rebased - fix_ci_tests.patch: partially upstreamed ==== openssl-1_1 ==== Subpackages: libopenssl1_1 - Security fix: [bsc#1216922, CVE-2023-5678] * Fix excessive time spent in DH check / generation with large Q parameter value. * Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. * Add openssl-CVE-2023-5678.patch - Remove trailing spaces from changelog ==== openssl-3 ==== Subpackages: libopenssl3 libopenssl3-32bit libopenssl3-x86-64-v3 - Security fix: [bsc#1216922, CVE-2023-5678] * Fix excessive time spent in DH check / generation with large Q parameter value. * Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. * Add openssl-CVE-2023-5678.patch ==== perl-IO-Socket-SSL ==== Version update (2.083 -> 2.84.0) - updated to 2.084 see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes 2.084 2023/11/06 - various fixes for edge cases and build: #136, #141, #142, #143, #145 - update documentation to reflect default SSL_version ==== perl-Mail-AuthenticationResults ==== Version update (2.20230112 -> 2.20231031) - updated to 2.20231031 see /usr/share/doc/packages/perl-Mail-AuthenticationResults/Changes 2.20231031 2023-10-31 23:57:33+00:00 UTC - Option to set more strict quoting of string ==== pipewire ==== Version update (0.3.84 -> 0.3.85) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 0.3.85 (1.0RC5): * Highlights - Fix an issue where a link could end up paused while not negotiated. - Fix an infinite recursion issue when finding runnable nodes. - Support XDG base directories when loading ACP config. - Fix MIDI event recording preview in Ardour. - Many more small fixes, cleanups and improvements. * PipeWire - Fix an issue where a link could end up paused while not negotiated. (#3619) - Fix an infinite recursion issue when finding runnable nodes by stopping the scan on feedback links around the driver. (#3621) - The system service now has better socket permissions. * Modules - Add support for uclamp. This allows the scheduler to make better informed decisions about where tasks should be placed, and what pstate to set for the CPU it is running on. - Emit warnings when applications are not doing the right locking instead of crashing. - Improve media.name for RAOP sinks. (#3801) - Support pause/resume in pipe-tunnel. (#3197) - Remove time rlimit when probing for realtime to avoid SIGXCPU. * SPA - Fix a bug where the resampler would be activated even when there is an ALSA pitch element. (#3628) - Improve resume from suspend in ALSA. (#3646) - Add option to expose ALSA controls as prop params. - Support XDG base directories when loading ACP config. This makes it possible to override the ACP config files. * Bluetooth - Schedule nodes in the same ISO group together. - More BAP fixes and cleanups. * JACK - Fix MIDI events from peer ports. This makes the MIDI event recording preview of Ardour work correctly. * GStreamer - Fix some error handling in the source and sink. * ALSA plugin - Improve poll descriptor handling. (#3648) * Docs - Many improvements to the layout and organization. ==== poppler ==== Version update (23.10.0 -> 23.11.0) Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools - version update to 23.11.0 core: * CairoOutputDev: Use internal downscaling algorithm if image exceeds Cairo's maximum dimensions. * Internal code improvements * Fix crash on malformed files utils: * pdftocairo: Add option to document logical structure if output is pdf * pdftocairo: EPS output should not contain %%PageOrientation ==== poppler-qt5 ==== Version update (23.10.0 -> 23.11.0) - version update to 23.11.0 core: * CairoOutputDev: Use internal downscaling algorithm if image exceeds Cairo's maximum dimensions. * Internal code improvements * Fix crash on malformed files utils: * pdftocairo: Add option to document logical structure if output is pdf * pdftocairo: EPS output should not contain %%PageOrientation ==== python-psutil ==== Version update (5.9.5 -> 5.9.6) - update to version 5.9.6: * Enhancements + 1703: cpu_percent() and cpu_times_percent() are now thread safe, meaning they can be called from different threads and still return meaningful and independent results. + 2266: if Process class is passed a very high PID, raise NoSuchProcess instead of OverflowError. (patch by Xuehai Pan) + 2246: drop python 3.4 & 3.5 support. (patch by Matthieu Darbois) + 2290: PID reuse is now pre-emptively checked for Process.ppid() and Process.parents(). + 2312: use ruff Python linter instead of flake8 + isort. It's an order of magnitude faster + it adds a ton of new code quality checks. * Bug fixes + 2195, [Linux]: no longer print exception at import time in case /proc/stat can't be read due to permission error. + 2268: bytes2human() utility function was unable to properly represent negative values. + 2284, [Linux]: Process.memory_full_info() may incorrectly raise ZombieProcess if it's determined via /proc/pid/smaps_rollup. + 2288, [Linux]: correctly raise ZombieProcess on Process.exe(), Process.cmdline() and Process.memory_maps() instead of returning a "null" value. + 2290: differently from what stated in the doc, PID reuse is not pre-emptively checked for Process.nice() (set), Process.ionice(), (set), Process.cpu_affinity() (set), Process.rlimit() (set), Process.parent(). - refresh skip_rlimit_tests_on_python2.patch - drop removal of shebang: fixed upstream ==== python-sniffio ==== - Remove dependency on curio completely. ==== qemu ==== Subpackages: qemu-accel-tcg-x86 qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-microvm qemu-pr-helper qemu-seabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-x86 - Fix bsc#1216638: * target/s390x: Fix LAALG not updating cc_src * target/s390x: Fix CLC corrupting cc_src ==== rubygem-nokogiri ==== Version update (1.13.9 -> 1.15.4) - Bump mini_portile2 version in the spec - 1.15.4: [#]# 1.15.4 / 2023-08-11 [#]## Dependencies * [CRuby] Vendored libxml2 is updated to v2.11.5 from v2.11.4. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5 [#]## Fixed * Fixed a typo in a HTML5 parser error message. [[#2927](https://github.com/sparklemotion/nokogiri/issues/2927)] (Thanks, [@anishathalye](https://github.com/anishathalye)!) * [CRuby] `ObjectSpace.memsize_of` is now safe to call on `Document`s with complex DTDs. In previous versions, this debugging method could result in a segfault. [[#2923](https://github.com/sparklemotion/nokogiri/issues/2923), [#2924](https://github.com/sparklemotion/nokogiri/issues/2924)] --- sha256 checksums: ``` 14091a07e07045a440213f7d5ced732fa7654ae8b6c7d180137f4124c5284ab8 nokogiri-1.15.4-aarch64-linux.gem 572ddc19934d010e98821a946d89462ae66b310fecc3fe12c48b0025c2f76855 nokogiri-1.15.4-arm-linux.gem 707288e293f4fc82a008f90b7ba0180d9f803f6a239a13e424378fedf8cf93e9 nokogiri-1.15.4-arm64-darwin.gem 04745925f63af61144eccef38a703928629cf97c34dbb1c42e3def17ac77ec92 nokogiri-1.15.4-java.gem a0bfb65461a0453afed1a41b235fe84d5b9c7f4d70afd45f0dc2fdec8909faf1 nokogiri-1.15.4-x64-mingw-ucrt.gem b9d01b9202e33cc23d19b2c1fc18ff4029cdda9b4f937a4baaefd4124a2158ba nokogiri-1.15.4-x64-mingw32.gem f6ae258d7ed5f81715118282aa45486e68fd44b9747d0244a236e9ed5b94c45d nokogiri-1.15.4-x86-linux.gem 3f65b2426ece8da908bd5df5b6262ce525393f5245f8258a245bb4c3f5759b98 nokogiri-1.15.4-x86-mingw32.gem d756605c540034debd7f486ae27802e6b1b129013fd6b1bb823783ef6f2bc5d7 nokogiri-1.15.4-x86_64-darwin.gem 872ced3d72d797ed9b5a76c67141c6cee7589711358e11c73e9c53724ffd1842 nokogiri-1.15.4-x86_64-linux.gem e4a801e5ef643cc0036f0a7e93433d18818b31d48c9c287596b68e92c0173c4d nokogiri-1.15.4.gem ``` 1.15.3: [#]# 1.15.3 / 2023-07-05 [#]## Fixed * Passing an object that is not a kind of `XML::Node` as the first parameter to `CDATA.new` now raises a `TypeError`. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). [[#2920](https://github.com/sparklemotion/nokogiri/issues/2920)] * Passing an object that is not a kind of `XML::Node` as the first parameter to `Schema.from_document` now raises a `TypeError`. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). [[#2920](https://github.com/sparklemotion/nokogiri/issues/2920)] * [CRuby] Passing an object that is not a kind of `XML::Node` as the second parameter to `Text.new` now raises a `TypeError`. Previously this would result in a segfault. [[#2920](https://github.com/sparklemotion/nokogiri/issues/2920)] * [CRuby] Replacing a node's children via methods like `Node#inner_html=`, `#children=`, and `#replace` no longer defensively dups the node's next sibling if it is a Text node. This behavior was originally adopted to work around libxml2's memory management (see [#283](https://github.com/sparklemotion/nokogiri/issues/283) and [#595](https://github.com/sparklemotion/nokogiri/issues/595)) but should not have included operations involving `xmlAddChild()`. [[#2916](https://github.com/sparklemotion/nokogiri/issues/2916)] * [JRuby] Fixed NPE when serializing an unparented HTML node. [[#2559](https://github.com/sparklemotion/nokogiri/issues/2559), [#2895](https://github.com/sparklemotion/nokogiri/issues/2895)] (Thanks, [@cbasguti](https://github.com/cbasguti)!) --- sha256 checksums: ``` 70dadf636ae026f475f07c16b12c685544d4f8a764777df629abf1f7af0f2fb5 nokogiri-1.15.3-aarch64-linux.gem 83871fa3f544dc601e27abbdef87315a77fe1270fe4904986bd3a7df9ca3d56f nokogiri-1.15.3-arm-linux.gem fa4a027478df9004a2ce91389af7b7b5a4fc790c23492dca43b210a0f8770596 nokogiri-1.15.3-arm64-darwin.gem 95d410f995364d9780c4147d8fca6974447a1ccd3a1e1b092f0408836a36cc9c nokogiri-1.15.3-java.gem 599a46b6e4f5a34dd21da06bdbd69611728304af5ef42bb183e4b4ca073fd7a3 nokogiri-1.15.3-x64-mingw-ucrt.gem 92ebfb637c9b7ba92a221b49ea3328c7e5ee79a28307d75ef55bfe4b5807face nokogiri-1.15.3-x64-mingw32.gem ee314666eca832fa71b5bb4c090be46a80aded857aa26121b3b51f3ed658a646 nokogiri-1.15.3-x86-linux.gem 44b7f18817894a5b697bab3d757b12bb7857a0218c1b2e0000929456a2178b34 nokogiri-1.15.3-x86-mingw32.gem 1f0bc0343f9dd1db8dd42e4c9110dd24fc11a7f923b9fa0f866e7f90739e4e7a nokogiri-1.15.3-x86_64-darwin.gem ca244ed58568d7265088f83c568d2947102fb00bac14b5bc0e63f678dcd6323d nokogiri-1.15.3-x86_64-linux.gem 876631295a85315dac37e7a71386d62d9eb452a891083cfe7505cca4805088cb nokogiri-1.15.3.gem ``` 1.15.2: [#]# 1.15.2 / 2023-05-24 [#]## Dependencies * [JRuby] Vendored org.nokogiri:nekodtd is updated to v0.1.11.noko2. This is functionally equivalent to v0.1.11.noko1 but restores support for Java 8. [#]## Fixed * [JRuby] Java 8 support is restored, fixing a regression present in v1.14.0..v1.14.4 and v1.15.0..v1.15.1. [[#2887](https://github.com/sparklemotion/nokogiri/issues/2887)] --- sha256 checksums: ``` 497c698f0cc0f283934c9c93064249d113408e97e5f3677b0b5111af24a67c29 nokogiri-1.15.2-aarch64-linux.gem 505ad4b80cedd12bc3c53065079cc825e7f3d4094ca7b54176ae6f3734dbe2cc nokogiri-1.15.2-arm-linux.gem bbedeaf45ce1494f51806e5fab0d31816fc4584f8e2ec757dd516b9b30847ee4 nokogiri-1.15.2-arm64-darwin.gem b15ba3c1aa5b3726d7aceb44f635250653467c5b0d04248fa0f6a6afc6515fb0 nokogiri-1.15.2-java.gem bc3cc9631c9dd7a74a59554215474da657f956ccb126391d082a2a8c45d3ee14 nokogiri-1.15.2-x64-mingw-ucrt.gem 1fd27732b161a497275798e502b31e97dfe1ab58aac02c0d6ace9cbe1fd6a38c nokogiri-1.15.2-x64-mingw32.gem 931383c6351d79903149b5c6a988e88daada59d7069f3a01b4dcf6730d411cc6 nokogiri-1.15.2-x86-linux.gem 3f4a6350ca1d87d185f4bf509d953820c7191d1cf4213cc3bac9c492b9b4a720 nokogiri-1.15.2-x86-mingw32.gem b57eeec09ee1c4010e317f50d2897fb9c1133d02598260db229e81127b337930 nokogiri-1.15.2-x86_64-darwin.gem 5bca696b9283ad7ce97b9c0dfdf029a62c26e92f39f440a65795e377d44f119a nokogiri-1.15.2-x86_64-linux.gem 20dc800b8fbe4c4f4b5b164e6aa3ab82a371bcb27eb685c166961c34dd8a22d7 nokogiri-1.15.2.gem ``` 1.14.5: [#]# 1.14.5 / 2023-05-24 [#]## Note To ensure that JRuby users on Java 8 can apply the security changes from v1.14.4, we're cutting this release on the v1.14.x branch. We don't expect to make any more v1.14.x releases. [#]## Dependencies * [JRuby] Vendored org.nokogiri:nekodtd is updated to v0.1.11.noko2. This is functionally equivalent to v0.1.11.noko1 but restores support for Java 8. [#]## Fixed * [JRuby] Java 8 support is restored, fixing a regression introduced in v1.14.0. [[#2887](https://github.com/sparklemotion/nokogiri/issues/2887)] --- sha256 checksums: ``` 60e521687e7fb81dbaa2c942d48efc22083780bc76d45586dc0a324bf0fb0e97 nokogiri-1.14.5-aarch64-linux.gem 80ea31d2534b14409e37437934c1c614de9844c806f72fc64134f50e0f3c1131 nokogiri-1.14.5-arm-linux.gem 3ab8ff3b62f4ff5826406007befea2d7ac33de2ee0c66209dd72ec16d0e8f5bf nokogiri-1.14.5-arm64-darwin.gem edc932157786888c8f83b49c811ac0ec26a5b23f8e3c69590c311cc14b7e6bf0 nokogiri-1.14.5-java.gem 75e476c4e0c91f0f8f00f7c8e697bb3f5c9932f948658cf90babdbebbd6f6c27 nokogiri-1.14.5-x64-mingw-ucrt.gem 73bd6ee2dbabd1a337c6878a8d349a872f04a3448505fbe7c773a1dfbb69e310 nokogiri-1.14.5-x64-mingw32.gem a9e4dc50c1cc327bfca3516281eba3fe972fd80bac64c7cdee4bcf07fbfd817d nokogiri-1.14.5-x86-linux.gem aea78a61c684f36213d38777a7cd09aa272c5193f11cbaf2b455bcaeebd4196b nokogiri-1.14.5-x86-mingw32.gem 7375a81e5fba6a5ada3e47cd02a53ca54d0d25ae73b8ebc6e3a962e46947a7b9 nokogiri-1.14.5-x86_64-darwin.gem 0b2150ae90a676a504cbab018d24188eb526bc886ab18b4303102df6b3077160 nokogiri-1.14.5-x86_64-linux.gem 23f69ddeb1e8ead5341bbbbca18d37de29c0265bc90e94bc5d9663b254dfdcbc nokogiri-1.14.5.gem ``` 1.15.1: [#]# 1.15.1 / 2023-05-19 [#]## Dependencies * [CRuby] Vendored libxml2 is updated to v2.11.4 from v2.11.3. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4 [#]## Fixed * [CRuby] The libxml2 update fixes an encoding regression when push-parsing UTF-8 sequences. [[#2882](https://github.com/sparklemotion/nokogiri/issues/2882), upstream [issue](https://gitlab.gnome.org/GNOME/libxml2/-/issues/542) and [commit](https://gitlab.gnome.org/GNOME/libxml2/-/commit/e0f3016f71297314502a3620a301...)] --- sha256 checksums: ``` ... changelog too long, skipping 324 lines ... ``` ==== rubygem-rails-html-sanitizer ==== Version update (1.5.0 -> 1.6.0) - Updated to version 1.6.0 * Dependencies have been updated: - Loofah `~>2.21` and Nokogiri `~>1.14` for HTML5 parser support - As a result, required Ruby version is now `>= 2.7.0` Security updates will continue to be made on the `1.5.x` release branch as long as Rails 6.1 (which supports Ruby 2.5) is still in security support. * Mike Dalessio* * HTML5 standards-compliant sanitizers are now available on platforms supported by Nokogiri::HTML5. These are available as: - `Rails::HTML5::FullSanitizer` - `Rails::HTML5::LinkSanitizer` - `Rails::HTML5::SafeListSanitizer` And a new "vendor" is provided at `Rails::HTML5::Sanitizer` that can be used in a future version of Rails. Note that for symmetry `Rails::HTML4::Sanitizer` is also added, though its behavior is identical to the vendor class methods on `Rails::HTML::Sanitizer`. Users may call `Rails::HTML::Sanitizer.best_supported_vendor` to get back the HTML5 vendor if it's supported, else the legacy HTML4 vendor. * Mike Dalessio* * Module namespaces have changed, but backwards compatibility is provided by aliases. The library defines three additional modules: - `Rails::HTML` for general functionality (replacing `Rails::Html`) - `Rails::HTML4` containing sanitizers that parse content as HTML4 - `Rails::HTML5` containing sanitizers that parse content as HTML5 The following aliases are maintained for backwards compatibility: - `Rails::Html` points to `Rails::HTML` - `Rails::HTML::FullSanitizer` points to `Rails::HTML4::FullSanitizer` - `Rails::HTML::LinkSanitizer` points to `Rails::HTML4::LinkSanitizer` - `Rails::HTML::SafeListSanitizer` points to `Rails::HTML4::SafeListSanitizer` * Mike Dalessio* * `LinkSanitizer` always returns UTF-8 encoded strings. `SafeListSanitizer` and `FullSanitizer` already ensured this encoding. * Mike Dalessio* * `SafeListSanitizer` allows `time` tag and `lang` attribute by default. * Mike Dalessio* * The constant `Rails::Html::XPATHS_TO_REMOVE` has been removed. It's not necessary with the existing sanitizers, and should have been a private constant all along anyway. * Mike Dalessio* - Removed comparison against a very old ruby code no longer maintained - Updated description in spec file ==== syslinux ==== - Build the system installable binaries with RPM_OPT_FLAGS, to allow utilization of stack-protector and FORTIFY_SOURCE. (bsc#1211640) ==== xen ==== Version update (4.17.2_04 -> 4.18.0_02) Subpackages: xen-libs xen-tools xen-tools-domU - Update to Xen 4.18.0 FCS release (jsc#PED-4984) xen-4.18.0-testing-src.tar.bz2 * Repurpose command line gnttab_max_{maptrack_,}frames options so they don't cap toolstack provided values. * Ignore VCPUOP_set_singleshot_timer's VCPU_SSHOTTMR_future flag. The only known user doesn't use it properly, leading to in-guest breakage. * The "dom0" option is now supported on Arm and "sve=" sub-option can be used to enable dom0 guest to use SVE/SVE2 instructions. * Physical CPU Hotplug downgraded to Experimental and renamed "ACPI CPU Hotplug" for clarity * On x86, support for features new in Intel Sapphire Rapids CPUs: - PKS (Protection Key Supervisor) available to HVM/PVH guests. - VM-Notify used by Xen to mitigate certain micro-architectural pipeline livelocks, instead of crashing the entire server. - Bus-lock detection, used by Xen to mitigate (by rate-limiting) the system wide impact of a guest misusing atomic instructions. * xl/libxl can customize SMBIOS strings for HVM guests. * Add support for AVX512-FP16 on x86. * On Arm, Xen supports guests running SVE/SVE2 instructions. (Tech Preview) * On Arm, add suport for Firmware Framework for Arm A-profile (FF-A) Mediator (Tech Preview) * Add Intel Hardware P-States (HWP) cpufreq driver. * On Arm, experimental support for dynamic addition/removal of Xen device tree nodes using a device tree overlay binary (.dtbo). * Introduce two new hypercalls to map the vCPU runstate and time areas by physical rather than linear/virtual addresses. * On x86, support for enforcing system-wide operation in Data Operand Independent Timing Mode. * The project has now officially adopted 6 directives and 65 rules of MISRA-C. * On x86, the "pku" command line option has been removed. It has never behaved precisely as described, and was redundant with the unsupported "cpuid=no-pku". Visibility of PKU to guests should be via its vm.cfg file. * xenpvnetboot removed as unable to convert to Python 3. * xencons is no longer supported or present. See 5d22d69b30 - Droppped patches contained in new tarballs 63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch 643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch 643e387f-xen-update-CONFIG_DEBUG_INFO-help-text.patch 6447a8fd-x86-EFI-permit-crash-dump-analysis.patch 64d33a57-libxenstat-Linux-nul-terminate-string.patch aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch xen.stubdom.newlib.patch xsa446.patch xsa445.patch xsa438.patch xsa439-00.patch xsa439-01.patch xsa439-02.patch xsa439-03.patch xsa439-04.patch xsa439-05.patch xsa439-06.patch xsa439-07.patch xsa439-08.patch xsa439-09.patch xsa443-10.patch xsa443-11.patch xsa440.patch - Dropped xen-utils-0.1.tar.bz2 The xen-list and xen-destroy commands are removed. Originally created as a better replacement for 'xm'. The 'xl' equivalent commands should be used instead. - Dropped libxl.pvscsi.patch Support for PVSCSI devices in the guest is no longer supported. - bsc#1216807 - VUL-0: CVE-2023-46836: xen: x86: BTC/SRSO fixes not fully effective (XSA-446) xsa446.patch - bsc#1216654 - VUL-0: CVE-2023-46835: xen: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) xsa445.patch - Supportconfig: Adapt plugin to modern supportconfig The supportconfig 'scplugin.rc' file is deprecated in favor of supportconfig.rc'. Adapt the xen plugin to the new scheme. xen-supportconfig - bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) 650abbfe-x86-shadow-defer-PV-top-level-release.patch - bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional execution leak via division by zero (XSA-439) 64e5b4ac-x86-AMD-extend-Zenbleed-check.patch 65087000-x86-spec-ctrl-SPEC_CTRL_EXIT_TO_XEN-confusion.patch 65087001-x86-spec-ctrl-fold-DO_SPEC_CTRL_EXIT_TO_XEN.patch 65087002-x86-spec-ctrl-SPEC_CTRL-ENTRY-EXIT-asm-macros.patch 65087003-x86-spec-ctrl-SPEC_CTRL-ENTER-EXIT-comments.patch 65087004-x86-entry-restore_all_xen-stack_end.patch 65087005-x86-entry-track-IST-ness-of-entry.patch 65087006-x86-spec-ctrl-VERW-on-IST-exit-to-Xen.patch 65087007-x86-AMD-Zen-1-2-predicates.patch 65087008-x86-spec-ctrl-Zen1-DIV-leakage.patch - bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU TLB flushing (XSA-442) 65263470-AMD-IOMMU-flush-TLB-when-flushing-DTE.patch - bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple vulnerabilities in libfsimage disk handling (XSA-443) 65263471-libfsimage-xfs-remove-dead-code.patch 65263472-libfsimage-xfs-amend-mask32lo.patch 65263473-libfsimage-xfs-sanity-check-superblock.patch 65263474-libfsimage-xfs-compile-time-check.patch 65263475-pygrub-remove-unnecessary-hypercall.patch ... changelog too long, skipping 63 lines ... xsa444-2.patch ==== xfce4-whiskermenu-plugin ==== Version update (2.8.0 -> 2.8.1) Subpackages: xfce4-whiskermenu-plugin-lang - Update to version 2.8.1 * Fix missing commandline option in man page. (Issue #119) * Fix incorrect category icons by disabling fallbacks. (Issue #116) * Remember order of recently used when searching. * Translation updates