Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version... Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: NetworkManager evince (42.2 -> 42.3) gimp gnome-keyring (40.0 -> 42.1) libstorage-ng (4.5.11 -> 4.5.14) mobile-broadband-provider-info (20220315 -> 20220511) nagios (4.4.6 -> 4.4.7) opensuse-welcome polkit-default-privs (1550+20220404.7b4bea2 -> 1550+20220524.0345bd9) python-base python-cryptography (36.0.2 -> 37.0.2) remmina (1.4.25 -> 1.4.26) seahorse (41.0 -> 42.0) xmlcharent yast2 (4.5.3 -> 4.5.4) yast2-installation (4.5.1 -> 4.5.2) yast2-ruby-bindings (4.5.0 -> 4.5.1) yast2-storage-ng (4.5.5 -> 4.5.6) zsh (5.8.1 -> 5.9) === Details === ==== NetworkManager ==== Subpackages: NetworkManager-bluetooth NetworkManager-lang NetworkManager-pppoe NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Fold NetworkManager-wifi back into the main package: The dep chain is not really different and it causes too many problems for users having that split. Not worth the pain (boo#1199710, boo#1199706). - As a consequence, also drop the recommends fro the main package to -wifi. ==== evince ==== Version update (42.2 -> 42.3) Subpackages: evince-lang evince-plugin-comicsdocument evince-plugin-djvudocument evince-plugin-dvidocument evince-plugin-pdfdocument evince-plugin-tiffdocument evince-plugin-xpsdocument libevdocument3-4 libevview3-3 nautilus-evince typelib-1_0-EvinceDocument-3_0 typelib-1_0-EvinceView-3_0 - Update to version 42.3: + Shell: Disconnect signal handler to prevent invalid read. + Updated translations. ==== gimp ==== Subpackages: gimp-plugin-aa gimp-plugins-python libgimp-2_0-0 libgimpui-2_0-0 - Do not recommend lang package: the lang package has smarter supplements in place. ==== gnome-keyring ==== Version update (40.0 -> 42.1) Subpackages: gnome-keyring-32bit gnome-keyring-lang gnome-keyring-pam gnome-keyring-pam-32bit libgck-modules-gnome-keyring - Update to version 42.1: + daemon: Add files to EXTRA_DIST to fix distcheck. - Changes from version 42.0: + secret-portal: Properly check the default keyring. + Build fixes. + ssh-agent: Fix crash by uninitialized GMutex. + fix looping off the end of the operations array. + readme: Mention libsecret instead of deprecated libgnome-keyring. + daemon: Make it systemd-activatable through the control socket. + Updated translations. - Add pkgcondfig(systemd) and pkgconfig(libsystemd) BuildRequires: new dependencies. ==== libstorage-ng ==== Version update (4.5.11 -> 4.5.14) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#879 - added include for gcc13 (gh#openSUSE/libstorage-ng#878) - 4.5.14 - merge gh#openSUSE/libstorage-ng#877 - use new parted type command instead of SUSE-specific type-id - extended documentation - 4.5.13 - merge gh#openSUSE/libstorage-ng#876 - added support for BitLocker using cryptsetup - extended LuksInfo class - fixed probing partition name - added testcase - updated integration tests - coding style - updated parser for 'cryptsetup status' - 4.5.12 ==== mobile-broadband-provider-info ==== Version update (20220315 -> 20220511) - Update to version 20220511: * us: update verizon MCCMNC * us: Verizon Wirleess had been awarded 301 012 * us: Verizon Wireless MMS settings * us: declare AT&T MCC MNC * at: declare lyca mobile MMS config * al: add AMC internet APN config * af: add MMS settings for AWCC * ad: add andorra telecom MMS settings * za: mtn mms * za: cell-c MMS setting * es: Add Euskaltel MMS settings * il: youphone mms (same APN for data and mms) * il: cellcom balance test * il: Rami Levi MMS settings * serviceproviders: fix indentation * il: Partner (previously known as Orange) MMS config ==== nagios ==== Version update (4.4.6 -> 4.4.7) Subpackages: nagios-www - 4.4.7 - 2022-04-14 FIXES * Fixed checkboxes in jsonquery.html (#778) (Rfferrao87) * Added SSL support for version update check (Sebastian Wolf) * Note: NEB modules using the priority/scheduling queues in libnagios may need to update headers due to symbol conflicts with OpenSSL. * Fixed XSS in homepage when displaying update check results (Sebastian Wolf) * Fixed allocation error in getcgi.c (#820) (Ariadne Conill) * Fixed Error: NULL variable for lines of spaces in resource.cfg (#814) (Ralf Herrmann) * Fixed crash when handling large check output (#825, #828) (Kilvador) * Update packaging instructions for RPM/EPEL (#850) (T.J. Yang) * Include packaging instructions for DEB (#842) (Catfriend1) * Fixed CGI object processing when names end in \ (#819) (Sebastian Wolf) * $SERVICEPROBLEMID$ now accessible when notifications are sent (#688) (Sebastian Wolf) ==== opensuse-welcome ==== - Do not recommend lang package: the lang package has smarter supplements in place. ==== polkit-default-privs ==== Version update (1550+20220404.7b4bea2 -> 1550+20220524.0345bd9) - Update to version 1550+20220524.0345bd9: * Add kinfocenter5 whitelisting (bsc#1199735). * gconf: cleanup rules used by dropped gconf2 package ==== python-base ==== Subpackages: libpython2_7-1_0 python-xml - Filter out executable-stack error that is triggered for i586 target. ==== python-cryptography ==== Version update (36.0.2 -> 37.0.2) - update to 37.0.2: * Fixed an issue where parsing an encrypted private key with the public loader functions would hang waiting for console input on OpenSSL 3.0.x rather than raising an error. * Restored some legacy symbols for older ``pyOpenSSL`` users. These will be removed again in the future, so ``pyOpenSSL`` users should still upgrade to the latest version of that package when they upgrade ``cryptography``. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.9.x and 3.0.x. The new minimum LibreSSL version is 3.1+. * **BACKWARDS INCOMPATIBLE:** Removed ``signer`` and ``verifier`` methods from the public key and private key classes. These methods were originally deprecated in version 2.0, but had an extended deprecation timeline due to usage. Any remaining users should transition to ``sign`` and ``verify``. * Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by the OpenSSL project. The next release of ``cryptography`` will be the last to support compiling with OpenSSL 1.1.0. * Deprecated Python 3.6 support. Python 3.6 is no longer supported by the Python core team. Support for Python 3.6 will be removed in a future ``cryptography`` release. * Deprecated the current minimum supported Rust version (MSRV) of 1.41.0. In the next release we will raise MSRV to 1.48.0. Users with the latest ``pip`` will typically get a wheel and not need Rust installed, but check :doc:`/installation` for documentation on installing a newer ``rustc`` if required. * Deprecated :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish` because they are legacy algorithms with extremely low usage. These will be removed in a future version of ``cryptography``. * Added limited support for distinguished names containing a bit string. * We now ship ``universal2`` wheels on macOS, which contain both ``arm64`` and ``x86_64`` architectures. Users on macOS should upgrade to the latest ``pip`` to ensure they can use this wheel, although we will continue to ship ``x86_64`` specific wheels for now to ease the transition. * This will be the final release for which we ship ``manylinux2010`` wheels. Going forward the minimum supported ``manylinux`` ABI for our wheels will be ``manylinux2014``. The vast majority of users will continue to receive ``manylinux`` wheels provided they have an up to date ``pip``. For PyPy wheels this release already requires ``manylinux2014`` for compatibility with binaries distributed by upstream. * Added support for multiple :class:`~cryptography.x509.ocsp.OCSPSingleResponse` in a :class:`~cryptography.x509.ocsp.OCSPResponse`. * Restored support for signing certificates and other structures in :doc:`/x509/index` with SHA3 hash algorithms. * :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` is disabled in FIPS mode. * Added support for serialization of PKCS#12 CA friendly names/aliases in :func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates` * Added support for 12-15 byte (96 to 120 bit) nonces to :class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`. This class previously supported only 12 byte (96 bit). * Added support for :class:`~cryptography.hazmat.primitives.ciphers.aead.AESSIV` when using OpenSSL 3.0.0+. * Added support for serializing PKCS7 structures from a list of certificates with :class:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`. * Added support for parsing :rfc:`4514` strings with :meth:`~cryptography.x509.Name.from_rfc4514_string`. * Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.AUTO` to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This can be used to verify a signature where the salt length is not already known. * Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.DIGEST_LENGTH` to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This constant will set the salt length to the same length as the ``PSS`` hash algorithm. * Added support for loading RSA-PSS key types with :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key` and :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`. This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a normal RSA private key, discarding the PSS constraint information. ==== remmina ==== Version update (1.4.25 -> 1.4.26) Subpackages: remmina-lang remmina-plugin-rdp remmina-plugin-secret remmina-plugin-vnc - Do not recommend lang package: the lang package has smarter supplements in place. - Updated to remmina version 1.4.26 - Major improvements: * A Python plugin/API (you can write Remmina plugins in Python now!!!) * X11 Forward for the SSH plugin @marco.fortina * Kiosk improvements and new command lines options - Other changes: * Fix trial for 2577: Closing a VNC connection makes Remmina close all other... * Handle after-auth connection errors in VNC properly * Using Remmina from command-line for kiosked servers * Manual page refactoring fixes #2056 (closed) * Add mutex to protect RDP clipboard->srv_data. Fixes #2666 (closed) * Add '--no-tray-icon' command-line option * Make FreeRDPs TLS Security Level setting accessible in the advanced settings view * Disable grabs for SSH and SFTP, #closes #2728 (closed) * Cannot disable shared folder * Use PyInitializeEx in order to skip signal handler registration * Ignore add new connection button in kiosk mode * WWW plugin refactoring ==== seahorse ==== Version update (41.0 -> 42.0) Subpackages: gnome-shell-search-provider-seahorse seahorse-lang - Update to version 42.0: + pgp: Fix GPG version check. + desktop: Add pgp,gpg to the description. + search-provider: Don't escape result description as markup. + gkr: Network label fixes. + ssh: Fix CPU Usage Spike When Calling ssh-keygen. + desktop: Add supported mime types to .desktop file> + desktop: Mark application as adaptive. + metainfo: Align app name with .desktop name. + ui: Opt-in to color scheme user preference> + Updated translations. ==== xmlcharent ==== - Handle update case as well (boo#1199754) ==== yast2 ==== Version update (4.5.3 -> 4.5.4) Subpackages: yast2-logs - Added experimental infrastructure for managing system in a chroot (bsc#1199840) - 4.5.4 ==== yast2-installation ==== Version update (4.5.1 -> 4.5.2) - AutoYaST Second Stage: Added a missing dependency to the service to prevent getty-autogeneration listen on 5901 port (bsc#1199746) - 4.5.2 ==== yast2-ruby-bindings ==== Version update (4.5.0 -> 4.5.1) - Added experimental infrastructure for managing system in a chroot (bsc#1199840) - 4.5.1 ==== yast2-storage-ng ==== Version update (4.5.5 -> 4.5.6) - Fixed failing unit test: Added translatable message for new libstorage enum type for bitlocker (bsc#1199832) - 4.5.6 ==== zsh ==== Version update (5.8.1 -> 5.9) - update to 5.9: zsh 5.9 is dedicated to the memory of Sven Guckes, who was, amongst other things, a long-time zsh advocate. For more information, see: https://linuxnews.de/2022/02/sven-guckes-verstorben/ https://groups.google.com/g/vim_announce/c/MJBKVd-xrEE/m/joVNaDgAAgAJ When unsetting a hash element, the string enclosed in square brackets is interpreted literally after any normal command-line-argument expansions. Thus unset "hash[$key]" first expands $key as usual for a double-quoted string, and then interprets that result as the exact hash element to unset. This differs from previous versions of the shell, which would also remove a leading backslash for an unusual subset of characters in the expansion of $key. Note this also means, for example, that now unset 'hash[ab]cd]' unsets the element with key "ab]cd" rather than silently doing nothing. The function command learnt a -T option to declare a function and enable tracing for it simultaneously. The option SHORT_REPEAT was added to enable the short syntax of SHORT_LOOPS for the repeat command only. It is disabled by default. The _arguments function now supports NUL-delimiting optargs in the opt_args array via the -0 option. Developers of completion functions should find this easier to handle reliably than the default colon-delimiting behaviour. The zsh/system module's `zsystem flock` command learnt an -i option to set the wait interval used with -t. Additionally, -t now supports fractional seconds. The option CLOBBER_EMPTY was added to enable the overwrite behaviour of CLOBBER for empty files only. It is disabled by default. A (-) expansion flag was added. It works like (n) but correctly sorts negative numbers. The (*) expansion flag enables EXTENDED_GLOB for pattern matching. For example, ${(*)sample/(#b)*(pat)*/${match[1]}} uses backreferences even if EXTENDED_GLOB is not otherwise set. However, this does not descend into nested exapansions, and doubling as (**) does not disable EXTENDED_GLOB. The compinit function learnt a -w option to explain why compdump runs. When run without the -i or -u options and compaudit discovers security issues, answering "y" to the "Ignore insecure ..." prompt removes the insecure elements (like the -i option) where previously it ignored the result (thus formerly like the -u option). Further, removing those elements includes dropping directories from the $fpath array. The zsh/datetime module's strftime builtin learnt an -n option to omit the trailing newline when printing a formatted time. The XTRACE option is now disabled while running user-defined completion widgets. This corresponds to long-standing behavior of other user ZLE widgets. Use the _complete_debug widget to capture XTRACE output, or use "functions -T" to enable tracing of specific completion functions. The fc builtin learnt an -s option which is a POSIX equivalent to the `fc -e-` method of re-executing a command without invoking an editor. The option CASE_PATHS was added to control how NO_CASE_GLOB behaves. NO_CASE_GLOB + NO_CASE_PATHS is equivalent to the current NO_CASE_GLOB behaviour. NO_CASE_GLOB + CASE_PATHS treats only path components that contain globbing characters as case-insensitive; this behaviour may yield more predictable results on case-sensitive file systems. NO_CASE_PATHS is the default. With the new TYPESET_TO_UNSET option set, "typeset foo" leaves foo unset, in contrast to the default behavior which assigns foo="". Any parameter attributes such as numeric type, sorting, and padding are retained until the parameter is explicitly unset or a conflicting value is assigned. This is similar to default behavior of bash and ksh. This option is disabled by default. The compadd builtin's -D option can now be specified more than once. The zsh/zutil module's zformat builtin learnt an -F option which behaves like -f except that ternary expressions check for existence instead of doing math evaluation. The conventional syntax used to indicate units, ranges, and default values in completion descriptions (e.g. `timeout (seconds) (0-60) [20]`) is now recognised by the completion system itself. These components are parsed out of the description and can be individually styled. A _numbers helper function has been added to help function authors offer rich completion for these values. The log builtin, WATCH parameter, et al., have been broken out into a separate module, zsh/watch. The module is enabled by default. The zsh/watch module's WATCHFMT parameter now supports colours via the %F and %K escapes. The STTY parameter can now be set to an empty string before running a command to automatically restore terminal settings after the command finishes. The "jobs" command and "$jobstates" and related parameters can report on parent shell jobs even in subshells. This is a snapshot of the parent state, frozen at the point the subshell started. However, if a subshell starts its own background jobs, the parent state is discarded in order to report on those new jobs. - drop ncurses-fix.patch: upstream