Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
SDL2 (2.26.5 -> 2.28.0)
irqbalance (1.9.2 -> 1.9.2.24.git+184c950)
libdb-4_8
libjcat (0.1.13 -> 0.1.14)
libjpeg-turbo
libzip (1.9.2 -> 1.10.0)
openexr (3.1.8 -> 3.1.9)
openssl-3
openssl
patterns-containers
perl-Bootloader (1.4 -> 1.5)
policycoreutils
sddm (0.19.0 -> 0.20.0)
systemd
transactional-update (4.2.1 -> 4.3.0)
=== Details ===
==== SDL2 ====
Version update (2.26.5 -> 2.28.0)
- Update to release 2.28
* Added SDL_HasWindowSurface() and SDL_DestroyWindowSurface() to
switch between the window surface and rendering APIs.
* Added a display event SDL_DISPLAYEVENT_MOVED which is sent
when the primary monitor changes or displays change position
relative to each other.
* Added the hint SDL_HINT_ENABLE_SCREEN_KEYBOARD to control
whether the on-screen keyboard should be shown when text input
is active.
- Delete 0001-Cleanup-add-brace-6545.patch,
0002-Update-for-SDL3-coding-style-6717.patch,
0003-Clang-Tidy-fixes-6725.patch (inapplicable),
0004-evdev_kbd-Use-current-keymap.patch (merged).
==== irqbalance ====
Version update (1.9.2 -> 1.9.2.24.git+184c950)
Subpackages: irqbalance-ui
- Resurrect _service file and old git patch no versioning
A _service
A _servicedata
A irqbalance.obsinfo
- Update to version 1.9.2.24.git+184c950:
* procinterrupts: fix initialisation of regex_t struct
* Fix it so we actually stop when we hit an interrupt condition
* Fix signedness of error handling
* Revert "Fix CPU number condition in service file"
* Issue 259: select NL_SKIP / NL_STOP based on error
* fix CPU number condition in service file
- Already included upstream:
D irqbalance-systemd-netlink.patch
==== libdb-4_8 ====
- Fix incomplete license tag. [bsc#1099695]
==== libjcat ====
Version update (0.1.13 -> 0.1.14)
- update to 0.1.14:
* Fix header includes (Daisuke Fujimura)
* Fix prefix of LIBJCAT_CHECK_VERSION (Richard Hughes)
* Use project_source_root to fix building as a subproject
==== libjpeg-turbo ====
- merge two spec files into one
==== libzip ====
Version update (1.9.2 -> 1.10.0)
- version update to 1.10.0
* Make support for layered sources public.
* Add `zip_source_zip_file` and `zip_source_zip_file_create`, deprecate `zip_source_zip` and `zip_source_zip_create`.
* Allow reading changed file data.
* Fix handling of files of size 4294967295.
* `zipmerge`: copy extra fields.
* `zipmerge`: add option to keep files uncompressed.
* Switch test framework to use nihtest instead of Perl.
* Fix reading/writing compressed data with buffers > 4GiB.
* Restore support for torrentzip.
* Add warnings when using deprecated functions.
* Allow keeping files for empty archives.
* Support mbedTLS>=3.3.0.
* Support OpenSSL 3.
* Use ISO C secure library functions, if available.
==== openexr ====
Version update (3.1.8 -> 3.1.9)
Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30
- version update to 3.1.9
* Patch release that addresses miscelleneous build and doc issues, as well as:
. OSS-fuzz 59382 Heap-buffer-overflow in internal_huf_decompress
==== openssl-3 ====
Subpackages: libopenssl3
- Improve cross-package provides/conflicts [boo#1210313]
* Add Provides/Conflicts: ssl-devel
* Remove explicit conflicts with other devel-libraries
* Remove Provides: openssl(cli) - it's managed by meta package
==== openssl ====
- Improve cross-package provides/conflicts [boo#1210313]
* Add Conflicts: openssl(cli) for mutual exclusion between
openssl, openssl-1_0_0 and libressl.
==== patterns-containers ====
- Remove unused podman-cni-config package
==== perl-Bootloader ====
Version update (1.4 -> 1.5)
- merge gh#openSUSE/perl-bootloader#153
- check whether grub2-install supports --suse-force-signed option
- 1.5
==== policycoreutils ====
Subpackages: policycoreutils-lang policycoreutils-python-utils python3-policycoreutils
- Recommend setools-console as these cli tools compliment policycoreutils
for analysis and debugging of policy issues
- Add requires for policycoreutils-devel for selinux-policy-devel as
policycoreutils-devel requires this
- Adjust python requirement for newer SLES versions
- Add Leap compatibility symlinks between /usr/sbin and /sbin (bsc#1210482)
- Refresh GPG keyring
==== sddm ====
Version update (0.19.0 -> 0.20.0)
Subpackages: sddm-branding-openSUSE
- Add patch to fix parsing some session .desktop files:
* 0001-Session-Parse-.desktop-files-manually-again.patch
- Update to 0.20.0:
+ Initial Qt6 support (Will break themes which rely on Qt 5)
+ **Experimental** support for running the greeter with Wayland
+ Enable HiDPI scaling by default
+ Support for running X11 display server without root privileges
+ Greeter: Support setting environment variables
+ Allow additional env vars to be defined in session files (#1370)
+ Make accountsservice data directory overridable via CMake
+ Add support for X11 cursor size configuration
+ Search XDG Base Directories for session files
+ Display information and errors from PAM in the greeter (#1486)
* Remove the Passwd backend, make PAM mandatory
* Bump minimum CMake version to 3.4
* Introduce SDDM_INITIAL_VT as the TTY to reach out to
* Set XCURSOR_SIZE in XorgDisplayServer::start
* Make it possible to start ConsoleKit D-Bus service during SDDM startup
* pam: Do not use tally2 if faillock is present
* Bump to Qt 5.15, port away from deprecated APIs
* remove `-logfile` arg that causes server to fail
- Set RUNTIME_DIR to /run/sddm when using systemd to follow FHS 3.0
- Use avatars in FacesDir first and if not found search other locations
- Switch to using libxau with `FamilyWild` (#1230)
- New interface to access config values from themes (#1097)
- Session names are translated now (#1645)
- Many more bugfixes
- Important change: SDDM now uses the first free VT, it no longer prefers
tty7 (the InitialVT option in 00-general.conf has no effect anymore)
- Remove patches, now upstream:
* 0001-Use-PAM-s-username.patch
* 0001-Add-fish-etc-profile-and-HOME-.profile-sourcing-1331.patch
* 0004-Retry-starting-the-display-server.patch
* 0001-disable-automatic-portal-launching.patch
* 0001-Remove-suffix-for-Wayland-session.patch
* 0001-Redesign-Xauth-handling.patch
* 0002-Use-QTemporaryFile-with-xauth_XXXXXX-ih-XAuth.patch
* 0001-Process-all-available-auth-messages-in-a-loop.patch
* 0001-Avoid-starting-a-new-session-on-exit.patch
- Remove files, now upstream:
* sddm-tmpfiles.conf
* system-user-sddm.conf
- Rebased patches:
* 0001-Redesign-Xauth-handling.patch
* 0001-Write-the-daemon-s-PID-to-a-file-on-startup.patch
* 0001-Set-XAUTHLOCALHOSTNAME-in-sessions.patch
* 0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch
* sddm-service-handle-plymouth.patch
* 0003-Leave-duplicate-symlinks-out-of-the-SessionModel.patch
- Drop patches, not applicable anymore:
* 0001-Systemd-service-unit-Use-tty7-by-default.patch
- Add 11-kwin_wayland.conf to use kwin_wayland as wayland compositor
==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-coredump systemd-doc systemd-lang udev
- Change the group owner of /run/lock from "lock" to "root" (bsc#1212674)
This allows to drop the dependency "Requires: group(lock)" that was introduced
previously to make sure that the "lock" group will be kept around. This
dependency introduced a dependency cycle.
- file-triggers: fix a typo that sneaked in the script dealing with tmpfiles
(bsc#1212733)
==== transactional-update ====
Version update (4.2.1 -> 4.3.0)
Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit
- Version 4.3.0
- Replace custom tu-rebuild-kdump-initrd with call to mkdumprd
[gh#openSUSE/transactional-update#107].
- Add support for libmount 2.39. The behaviour change was not
intended and will be changed in 2.39.1 (see
[gh#util-linux/util-linux#2326], but it was easy to fix it
anyway.
- Honor LIBMOUNT_DEBUG variable for additional output.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
cloud-init-config-MicroOS
flac (1.4.2 -> 1.4.3)
irqbalance (1.9.2 -> 1.9.2.24.git+184c950)
kdump (1.0.3 -> 1.9.2)
libcontainers-common
libdb-4_8
libjcat (0.1.13 -> 0.1.14)
libjpeg-turbo
libnettle
libzip (1.9.2 -> 1.10.0)
lockdev
lvm2
lvm2-device-mapper
mozjs102 (102.11.0 -> 102.12.0)
openssl-3
openssl
patterns-containers
perl-Bootloader (1.2 -> 1.5)
pipewire (0.3.71 -> 0.3.72)
policycoreutils
publicsuffix (20230613 -> 20230616)
python-Twisted
python-cryptography (40.0.2 -> 41.0.1)
python-service_identity (21.1.0 -> 23.1.0)
python311
python311-core
rtkit
sddm (0.19.0 -> 0.20.0)
snapper (0.10.4 -> 0.10.5)
strace (6.3 -> 6.4)
systemd
transactional-update (4.2.1 -> 4.3.0)
yast2-kdump (4.6.0 -> 4.6.1)
zlib-ng-compat
=== Details ===
==== cloud-init-config-MicroOS ====
- set distro to opensuse-microos in cloud.cfg
==== flac ====
Version update (1.4.2 -> 1.4.3)
- Update to version 1.4.3:
+ General
* All PowerPC-specific code has been removed, as it turned out
those improvements didn't actually improve anything
* Large improvements in encoder speed for all presets. The
largest change is for the fastest presets and for 24-bit and
32-bit inputs.
* Small improvement in decoder speed for BMI2-capable CPUs
* Various documentation fixes and cleanups
* Various fixes
* Fix building on Universal Windows Platform
+ flac
* A lot of small fixes for bugs found by fuzzing
* Various improvements to the --keep-foreign-metadata and
- -keep-foreign-metadata-if-present options on decoding
+ The output format (WAV/AIFF/RF64 etc.) is now automatically
selected based on what kind of foreign metadata is stored
+ Decoded file is checked afterwards, to see whether stored
foreign format data agrees with FLAC audio properties
+ AIFF-C sowt data can now be restored
* Add --force-legacy-wave-format option, to decode to WAV with
WAVEFORMATPCM where WAVE_FORMAT_EXTENSIBLE would be more
appropriate
* Add --force-aiff-c-none-format and --force-aiff-c-sowt-format
to decode to AIFF-C
* The storage of WAVEFORMATEXTENSIBLE_CHANNEL_MASK is no longer
restricted to known channel orderings
* Throw an error when WAV or AIFF files are over 4GiB in length
and the --ignore-chunk-sizes option is not set
* Warn on testing files when ID3v2 tags are found
* Warn when data trails the audio data of a WAV/AIFF/RF64/W64
file
* Fix output file not being deleted after error on Windows
* Removal of the --sector--align option
+ metaflac
* A lot of small fixes for bugs found by fuzzing
* Added options --append and --data-format, which makes it
possible to copy metadata blocks from one FLAC file to another
* Added option --remove-all-tags-except
* Added option --show-all-tags
+ libFLAC
* No longer write seektables to Ogg, even when specifically
asked for. Seektables in Ogg are not defined
* Add functions FLAC__metadata_object_set_raw and
FLAC__metadata_object_get_raw to convert between blob and
FLAC__StreamMetadata
+ Build system
* Autoconf (configure): The option --enable-64-bit-words is now
on by default
* CMake: The option ENABLE_64_BIT_WORDS is now on by default
+ Testing/validation
* Fuzzers were added for the flac and metaflac command line
tools
* Fuzzer coverage was improved
- Changed source to github link since it wasn't released in the
xiph page.
==== irqbalance ====
Version update (1.9.2 -> 1.9.2.24.git+184c950)
Subpackages: irqbalance-ui
- Resurrect _service file and old git patch no versioning
A _service
A _servicedata
A irqbalance.obsinfo
- Update to version 1.9.2.24.git+184c950:
* procinterrupts: fix initialisation of regex_t struct
* Fix it so we actually stop when we hit an interrupt condition
* Fix signedness of error handling
* Revert "Fix CPU number condition in service file"
* Issue 259: select NL_SKIP / NL_STOP based on error
* fix CPU number condition in service file
- Already included upstream:
D irqbalance-systemd-netlink.patch
==== kdump ====
Version update (1.0.3 -> 1.9.2)
- upgrade to version 1.9.2
* adapt kdumptool to work with YaST
* wait for SMTP server to become reachable
- upgrade to version 1.9.1
* reimplement e-mail notifications
- upgrade to version 1.9
* complete rewrite of kdump-save and parts of initrd generation
* mounts are now entirely handled by dracut
* deprecated: split dumps (saving to more than one targets at once)
* deprecated: KDUMPTOOL_FLAGS option removed; original XENALLDOMAINS is now
the default, disable with MAKEDUMPFILE_OPTIONS=-X
* deprecated: notification e-mails
* deprecated: copying of the kernel image (KDUMP_COPY_KERNEL)
* FTP and SFTP are now handled by lftp, added to the spec file as Recommends:
* SSH and SFTP now support passwords provided in the URL
* fixed KDUMP_SSH_HOST_KEY, now needs to include the key type
* new KDUMP_DUMPFORMAT=raw, will save an unmodified /proc/vmcore
* the output directory name is now YYYY-MM-DD-HH-MM, i.e. the separator between
HH and MM changed
* unified default KDUMP_SAVEDIR across config, code and man to /var/crash
* ping is now used to detect network is up; disable with KDUMP_NET_TIMEOUT=0
* all the yes/no options changed to true/false; yes/no/1/0 still accepted
* put the kdump initrd in /var/lib/kdump/initrd
* use default kernel symlink (/boot/vmlinuz) instead of kernel autodetection
* KDUMP_KERNELVER can specify an absolute path to a kernel image
* improved mkdumprd detection of changed settings
* removed all of kdumptool except the calibrate subcommand
* cleaned up dependencies (ssh now only Recommended)
==== libcontainers-common ====
Subpackages: libcontainers-default-policy
- Remove unused grep requirement
- Resolve choice on openSUSE distributions for libcontainer-policy
by suggesting the libcontainers-openSUSE-policy explicitly.
==== libdb-4_8 ====
- Fix incomplete license tag. [bsc#1099695]
==== libjcat ====
Version update (0.1.13 -> 0.1.14)
- update to 0.1.14:
* Fix header includes (Daisuke Fujimura)
* Fix prefix of LIBJCAT_CHECK_VERSION (Richard Hughes)
* Use project_source_root to fix building as a subproject
==== libjpeg-turbo ====
- merge two spec files into one
==== libnettle ====
Subpackages: libhogweed6 libnettle8
- Add the architecture specific READMEs as provided by upstream.
==== libzip ====
Version update (1.9.2 -> 1.10.0)
- version update to 1.10.0
* Make support for layered sources public.
* Add `zip_source_zip_file` and `zip_source_zip_file_create`, deprecate `zip_source_zip` and `zip_source_zip_create`.
* Allow reading changed file data.
* Fix handling of files of size 4294967295.
* `zipmerge`: copy extra fields.
* `zipmerge`: add option to keep files uncompressed.
* Switch test framework to use nihtest instead of Perl.
* Fix reading/writing compressed data with buffers > 4GiB.
* Restore support for torrentzip.
* Add warnings when using deprecated functions.
* Allow keeping files for empty archives.
* Support mbedTLS>=3.3.0.
* Support OpenSSL 3.
* Use ISO C secure library functions, if available.
==== lockdev ====
Subpackages: liblockdev1
- lock group is created by system-group-hardware
- use sysusers mechanism to create lock group and tmpfiles for
/{var/,}run (boo#1078466)
- add lockdev-debug.diff
==== lvm2 ====
Subpackages: liblvm2cmd2_03
- multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613)
- bug-1212613_apply-multipath_component_detection-0-to-duplicate-P.patch
==== lvm2-device-mapper ====
Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03
- multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613)
- bug-1212613_apply-multipath_component_detection-0-to-duplicate-P.patch
==== mozjs102 ====
Version update (102.11.0 -> 102.12.0)
- Update to version 102.12.0:
+ Various security fixes.
+ CVE-2023-34414: Click-jacking certificate exceptions through
rendering lag.
==== openssl-3 ====
Subpackages: libopenssl3
- Improve cross-package provides/conflicts [boo#1210313]
* Add Provides/Conflicts: ssl-devel
* Remove explicit conflicts with other devel-libraries
* Remove Provides: openssl(cli) - it's managed by meta package
==== openssl ====
- Improve cross-package provides/conflicts [boo#1210313]
* Add Conflicts: openssl(cli) for mutual exclusion between
openssl, openssl-1_0_0 and libressl.
==== patterns-containers ====
- Remove unused podman-cni-config package
==== perl-Bootloader ====
Version update (1.2 -> 1.5)
- merge gh#openSUSE/perl-bootloader#153
- check whether grub2-install supports --suse-force-signed option
- 1.5
- merge gh#openSUSE/perl-bootloader#151
- default-settings: support non-x86 architectures
- add man pages for all commands
- 1.4
- merge gh#openSUSE/perl-bootloader#149
- use signed grub EFI binary when updating grub in default EFI
location (bsc#1210799)
- 1.3
==== pipewire ====
Version update (0.3.71 -> 0.3.72)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Update to version 0.3.72:
* Highlights
- Fix a critical bug that would refuse to update the samplerate
or buffersize in JACK clients.
- A new module-netjack2-driver and module-netjack2-manager were
added that are compatible with NETJACK2. This allows PipeWire
to become a NETJACK2 manager or a driver between JACK2 or
PipeWire servers.
- Support was added for firewire devices with FFADO. This is
untested for now and MIDI is not implemented yet.
- The node scheduling was optimized some more. External drivers
are now as efficient as in-server ones. This should improve
performance of various drivers such as bluetooth and JACK
based drivers.
- Many, many bug fixes and a ton of improvements.
* PipeWire
- pw-filter can now be used to write sinks and sources.
- The node activation for drivers was changed. The driver now
does not need to go to the server to start the processing
cycle. This makes out-of-server drivers as efficient as
in-server drivers.
- Don't try to use drivers with 0 priority as fallback drivers.
This avoids making the screencast driver a driver for audio.
- Improve xrun count reporting in pw-top and the profiler. Now
each node has their own xrun counter updated when it fails to
complete processing during the cycle.
- pw-filter now also has support for TRIGGER.
- A potential fd leak was found when fds were send to a zombie
client.
- Fix a bug where monitor or capture streams were logged twice
in the profiler.
- Remove stream hooks safely.
- A bug in serialization of container properties was fixed.
This could result in truncated property values.
- The PIPEWIRE_AUTOCONNECT environment variable now always
overrides the autoconnect settings of streams.
- Node, port and link destroy now avoids some useless work.
- Port will now try to renegotiate a new format when idle.
* Modules
- The module-sap now is more compatible with AES67.
- A new FFADO driver module was added. This is completely
untested because of lack of hardware. Please test and report
issues.
- A new NETJACK2 driver and a NETJACK2 manager module were
added. These should be drop in replacements for the JACK2
parts.
- The RAOP discover module now tries harder to only list
devices once.
- The zeroconf discover module now tries harder to only list
devices once.
- The RAOP sink module now handles latency better and is
compatible with some more devices.
- The loopback and filter-chain modules now always dequeue the
last input buffer to avoid stuttering in some cases.
- The SPA node factory module can now also export nodes. This
is used to export the PTP clock from the AES67 config file.
- A bug in module-jack-tunnel was fixed that would cause
stuttering and corrupted output in some cases.
- The resampler is now disabled in module-loopback and
filter-chain when the samplerate is set to follow the graph
rate.
- The way the mixer peer is sent to clients was improved. It is
now also possible to let a remote node know about mixer port
removes, which can avoid memory leaks and some code
simplifications.
* SPA
- Monitor ports now report latency correctly.
- The ALSA plugin now uses htimestamp to get a more accurate
ringbuffer position to estimate the clock skew.
- The channelmixer now has min/max-volume settings to limit or
fix the volume.
- The ALSA plugin can now control the playback and capture rate
of USB gadgets. This can avoid resampling and instead use the
USB feedback to control the rate.
- The ALSA output to multiple devices has been improved, some
lockups are avoided when the device ringbuffer is full.
- The compress-offload sink has improved negotiation.
* pulse-server
- Only try to use GSettings when the schema exists.
- @DEFAULT_SOURCE@, @DEFAULT_SINK@ and @DEFAULT_MONITOR@ are
now correctly handled as targets in playback and capture
streams.
- 2 new quirks are added to disable volume updates on
sinks/sources.
- The virtual-sink and virtual-source modules were added. These
are really example modules but actually also work and are
useful on PulseAudio so implement them as well.
- Fix initial stream volumes.
* Bluetooth
- Only register A2DP or BAP when we have codecs.
- Include codec into the media.name
* JACK
- Fix a critical bug that would refuse to update the samplerate
or buffersize.
- Improve updates of samplerate/buffersize, delay the updates
until the client is activated.
- Use the new mix-info updates to simplify the mixer setup and
peer detection.
* GStreamer
... changelog too long, skipping 5 lines ...
the ld.so.conf.d file).
==== policycoreutils ====
Subpackages: policycoreutils-python-utils python3-policycoreutils
- Recommend setools-console as these cli tools compliment policycoreutils
for analysis and debugging of policy issues
- Add requires for policycoreutils-devel for selinux-policy-devel as
policycoreutils-devel requires this
- Adjust python requirement for newer SLES versions
- Add Leap compatibility symlinks between /usr/sbin and /sbin (bsc#1210482)
- Refresh GPG keyring
==== publicsuffix ====
Version update (20230613 -> 20230616)
- Update to version 20230616:
* Add 63 geographical domains for .vn ccTLD (#1776)
* util: gTLD data autopull updates for 2023-06-16T15:12:40 UTC (#1778)
* util: gTLD data autopull updates for 2023-06-14T15:13:06 UTC (#1777)
==== python-Twisted ====
Subpackages: python311-Twisted python311-Twisted-tls
- add regenerate-cert-to-work-with-latest-service-identity.patch
remove-pynacl-optional-dependency.patch: backports from main
git to fix tests with newer dependency versions
==== python-cryptography ====
Version update (40.0.2 -> 41.0.1)
- update to 41.0.1 (bsc#1212568):
* Temporarily allow invalid ECDSA signature algorithm
parameters in X.509 certificates, which are
generated by older versions of Java.
* Allow null bytes in pass phrases when serializing private
keys.
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than
1.1.1d has been removed. Users on older version of
OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Support for Python 3.6 has been
removed.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL <
3.6.
* Updated the minimum supported Rust version (MSRV) to 1.56.0,
from 1.48.0.
* Added support for the
:class:`~cryptography.x509.OCSPAcceptableResponses`
OCSP extension.
* Added support for the
:class:`~cryptography.x509.MSCertificateTemplate`
proprietary Microsoft certificate extension.
* Implemented support for equality checks on all asymmetric
public key types.
* Added support for ``aes256-gcm(a)openssh.com`` encrypted keys
in :func:`~cryptography.hazmat.primitives.serialization.load_ssh
_private_key`.
* Added support for obtaining X.509 certificate signature
algorithm parameters (including PSS)
==== python-service_identity ====
Version update (21.1.0 -> 23.1.0)
- Update to 23.1.0
* Removed
- All Python versions up to and including 3.7 have been dropped.
- Support for commonName in certificates has been dropped.
It has been deprecated since 2017 and isn't supported by any
major browser.
- The oldest supported pyOpenSSL version (when using the
pyopenssl backend) is now 17.0.0.
When using such an old pyOpenSSL version, you have to pin
cryptography yourself to ensure compatibility between them.
Please check out contraints/oldest-pyopenssl.txt to verify
what we are testing against.
* Deprecated
- If you've used service_identity.(cryptography|pyopenssl).extract_ids(),
please switch to the new names extract_patterns(). #56
* Added
- service_identity.(cryptography|pyopenssl).extract_patterns()
are now public APIs (FKA extract_ids()).
You can use them to extract the patterns from a certificate
without verifying anything. #55
- service-identity is now fully typed. #57
==== python311 ====
Subpackages: python311-curses python311-dbm
- Remove obsolete_python_versioned macro again. This mechanism
has no business to be in Python 3.11, because we have abolished
with it whole interpreter+setuptools+pip product. Python 3.11
should not be replaced by later versions anymore.
==== python311-core ====
Subpackages: libpython3_11-1_0 python311-base
- Remove obsolete_python_versioned macro again. This mechanism
has no business to be in Python 3.11, because we have abolished
with it whole interpreter+setuptools+pip product. Python 3.11
should not be replaced by later versions anymore.
==== rtkit ====
- rtkit-daemon: Don't log debug messages by default (bsc#1206745).
Added patch(es):
* rtkit-silent-debug-messages-by-default.patch
==== sddm ====
Version update (0.19.0 -> 0.20.0)
Subpackages: sddm-branding-openSUSE
- Add patch to fix parsing some session .desktop files:
* 0001-Session-Parse-.desktop-files-manually-again.patch
- Update to 0.20.0:
+ Initial Qt6 support (Will break themes which rely on Qt 5)
+ **Experimental** support for running the greeter with Wayland
+ Enable HiDPI scaling by default
+ Support for running X11 display server without root privileges
+ Greeter: Support setting environment variables
+ Allow additional env vars to be defined in session files (#1370)
+ Make accountsservice data directory overridable via CMake
+ Add support for X11 cursor size configuration
+ Search XDG Base Directories for session files
+ Display information and errors from PAM in the greeter (#1486)
* Remove the Passwd backend, make PAM mandatory
* Bump minimum CMake version to 3.4
* Introduce SDDM_INITIAL_VT as the TTY to reach out to
* Set XCURSOR_SIZE in XorgDisplayServer::start
* Make it possible to start ConsoleKit D-Bus service during SDDM startup
* pam: Do not use tally2 if faillock is present
* Bump to Qt 5.15, port away from deprecated APIs
* remove `-logfile` arg that causes server to fail
- Set RUNTIME_DIR to /run/sddm when using systemd to follow FHS 3.0
- Use avatars in FacesDir first and if not found search other locations
- Switch to using libxau with `FamilyWild` (#1230)
- New interface to access config values from themes (#1097)
- Session names are translated now (#1645)
- Many more bugfixes
- Important change: SDDM now uses the first free VT, it no longer prefers
tty7 (the InitialVT option in 00-general.conf has no effect anymore)
- Remove patches, now upstream:
* 0001-Use-PAM-s-username.patch
* 0001-Add-fish-etc-profile-and-HOME-.profile-sourcing-1331.patch
* 0004-Retry-starting-the-display-server.patch
* 0001-disable-automatic-portal-launching.patch
* 0001-Remove-suffix-for-Wayland-session.patch
* 0001-Redesign-Xauth-handling.patch
* 0002-Use-QTemporaryFile-with-xauth_XXXXXX-ih-XAuth.patch
* 0001-Process-all-available-auth-messages-in-a-loop.patch
* 0001-Avoid-starting-a-new-session-on-exit.patch
- Remove files, now upstream:
* sddm-tmpfiles.conf
* system-user-sddm.conf
- Rebased patches:
* 0001-Redesign-Xauth-handling.patch
* 0001-Write-the-daemon-s-PID-to-a-file-on-startup.patch
* 0001-Set-XAUTHLOCALHOSTNAME-in-sessions.patch
* 0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch
* sddm-service-handle-plymouth.patch
* 0003-Leave-duplicate-symlinks-out-of-the-SessionModel.patch
- Drop patches, not applicable anymore:
* 0001-Systemd-service-unit-Use-tty7-by-default.patch
- Add 11-kwin_wayland.conf to use kwin_wayland as wayland compositor
==== snapper ====
Version update (0.10.4 -> 0.10.5)
Subpackages: libsnapper7 snapper-zypp-plugin
- improved responsiveness of snapperd when a btrfs quota rescan
is running (see bsc#1211459)
- update qgroup in config info in snapperd when running setup-quota
- improved waiting for btrfs quota rescan (see bsc #1211459)
==== strace ====
Version update (6.3 -> 6.4)
- Update to strace 6.4
* Implemented decoding of IFLA_BRPORT_NEIGH_VLAN_SUPPRESS netlink attribute.
* Implemented decoding of IP_PROTOCOL type control messages and socket option.
* Updated lists of BPF_*, IP_*, KVM_*, MDBA_*, PACKET_*, PR_*, PTRACE_*,
UFFD_*, and V4L2_PIX_FMT_* constants.
* Updated lists of ioctl commands from Linux 6.4.
* Turn --seccomp-bpf off when --syscall-limit option is specified.
* Fixed --trace-fds filtering support of syscalls taking file descriptor
arguments that do not normally have a path associated with them.
==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-coredump systemd-doc udev
- Change the group owner of /run/lock from "lock" to "root" (bsc#1212674)
This allows to drop the dependency "Requires: group(lock)" that was introduced
previously to make sure that the "lock" group will be kept around. This
dependency introduced a dependency cycle.
- file-triggers: fix a typo that sneaked in the script dealing with tmpfiles
(bsc#1212733)
==== transactional-update ====
Version update (4.2.1 -> 4.3.0)
Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit
- Version 4.3.0
- Replace custom tu-rebuild-kdump-initrd with call to mkdumprd
[gh#openSUSE/transactional-update#107].
- Add support for libmount 2.39. The behaviour change was not
intended and will be changed in 2.39.1 (see
[gh#util-linux/util-linux#2326], but it was easy to fix it
anyway.
- Honor LIBMOUNT_DEBUG variable for additional output.
==== yast2-kdump ====
Version update (4.6.0 -> 4.6.1)
- adapt for version kdump versions 1.9+ (bsc#1212646)
- call mkdumprd directly, not through tu-rebuild-kdump-initrd
- update initrd even in non-fadump case
- remove KDUMP_COPY_KERNEL and KDUMPTOOL_FLAGS options
- update default config values according to kdump defaults
- unify config boolean variables to "true" or "false"
- support the snappy, zstd and raw dump formats
- 4.6.1
==== zlib-ng-compat ====
- Add patch to fix boo#1212735:
* 1526.patch
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
python311
python311-core
=== Details ===
==== python311 ====
Subpackages: python311-curses python311-dbm
- Remove obsolete_python_versioned macro again. This mechanism
has no business to be in Python 3.11, because we have abolished
with it whole interpreter+setuptools+pip product. Python 3.11
should not be replaced by later versions anymore.
==== python311-core ====
Subpackages: libpython3_11-1_0 python311-base
- Remove obsolete_python_versioned macro again. This mechanism
has no business to be in Python 3.11, because we have abolished
with it whole interpreter+setuptools+pip product. Python 3.11
should not be replaced by later versions anymore.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
SVT-AV1 (1.4.1 -> 1.6.0)
acpica (20221020 -> 20230331)
cloud-init-config-MicroOS
flac (1.4.2 -> 1.4.3)
kdump (1.0.3 -> 1.9.2)
libcontainers-common
libnettle
lockdev
lvm2
lvm2-device-mapper
mozjs102 (102.11.0 -> 102.12.0)
perl-Bootloader (1.2 -> 1.4)
pipewire (0.3.71 -> 0.3.72)
publicsuffix (20230613 -> 20230616)
python-Twisted
python-cryptography (40.0.2 -> 41.0.1)
python-service_identity (21.1.0 -> 23.1.0)
rtkit
snapper (0.10.4 -> 0.10.5)
strace (6.3 -> 6.4)
yast2-kdump (4.6.0 -> 4.6.1)
zlib-ng-compat
=== Details ===
==== SVT-AV1 ====
Version update (1.4.1 -> 1.6.0)
- Enable build on riscv64
- Update to release 1.6.0
* Improved the tradeoffs for the random access mode across
presets M1-M13:
* Speeding up the higher quality presets by 30-40%
* Improving the BD-rate by 1-4% for the faster presets
* Improved the tradeoffs for the low delay mode for both screen
content and non-screen content encoding modes
* Added a toggle to remove the legacy one-frame buffer at the
input of the pipeline allowing the low delay mode to operate
at sub-frame processing latencies
* Added a new API allowing the user to specify quantization
offsets for a region of interest per frame
==== acpica ====
Version update (20221020 -> 20230331)
- Update to version 20230331
* Add C Flexible Array support.
* Add support for 64 bit LoongArch compilation.
* Add first batch of RISC-V related definitions.
* hwvalid: Drop port I/O validation.
* iASL: Added full macro support in the preprocessor.
* Add support for AMD Secure Processor Table (ASPT) version 1.
* Add support for Arm's MPAM ACPI table version 2.
* ACPI 6.5: MADT: add support for trace buffer extension in GICC.
* Headers: Delete bogus NodeArray array of pointers from AEST table.
==== cloud-init-config-MicroOS ====
- set distro to opensuse-microos in cloud.cfg
==== flac ====
Version update (1.4.2 -> 1.4.3)
- Update to version 1.4.3:
+ General
* All PowerPC-specific code has been removed, as it turned out
those improvements didn't actually improve anything
* Large improvements in encoder speed for all presets. The
largest change is for the fastest presets and for 24-bit and
32-bit inputs.
* Small improvement in decoder speed for BMI2-capable CPUs
* Various documentation fixes and cleanups
* Various fixes
* Fix building on Universal Windows Platform
+ flac
* A lot of small fixes for bugs found by fuzzing
* Various improvements to the --keep-foreign-metadata and
- -keep-foreign-metadata-if-present options on decoding
+ The output format (WAV/AIFF/RF64 etc.) is now automatically
selected based on what kind of foreign metadata is stored
+ Decoded file is checked afterwards, to see whether stored
foreign format data agrees with FLAC audio properties
+ AIFF-C sowt data can now be restored
* Add --force-legacy-wave-format option, to decode to WAV with
WAVEFORMATPCM where WAVE_FORMAT_EXTENSIBLE would be more
appropriate
* Add --force-aiff-c-none-format and --force-aiff-c-sowt-format
to decode to AIFF-C
* The storage of WAVEFORMATEXTENSIBLE_CHANNEL_MASK is no longer
restricted to known channel orderings
* Throw an error when WAV or AIFF files are over 4GiB in length
and the --ignore-chunk-sizes option is not set
* Warn on testing files when ID3v2 tags are found
* Warn when data trails the audio data of a WAV/AIFF/RF64/W64
file
* Fix output file not being deleted after error on Windows
* Removal of the --sector--align option
+ metaflac
* A lot of small fixes for bugs found by fuzzing
* Added options --append and --data-format, which makes it
possible to copy metadata blocks from one FLAC file to another
* Added option --remove-all-tags-except
* Added option --show-all-tags
+ libFLAC
* No longer write seektables to Ogg, even when specifically
asked for. Seektables in Ogg are not defined
* Add functions FLAC__metadata_object_set_raw and
FLAC__metadata_object_get_raw to convert between blob and
FLAC__StreamMetadata
+ Build system
* Autoconf (configure): The option --enable-64-bit-words is now
on by default
* CMake: The option ENABLE_64_BIT_WORDS is now on by default
+ Testing/validation
* Fuzzers were added for the flac and metaflac command line
tools
* Fuzzer coverage was improved
- Changed source to github link since it wasn't released in the
xiph page.
==== kdump ====
Version update (1.0.3 -> 1.9.2)
- upgrade to version 1.9.2
* adapt kdumptool to work with YaST
* wait for SMTP server to become reachable
- upgrade to version 1.9.1
* reimplement e-mail notifications
- upgrade to version 1.9
* complete rewrite of kdump-save and parts of initrd generation
* mounts are now entirely handled by dracut
* deprecated: split dumps (saving to more than one targets at once)
* deprecated: KDUMPTOOL_FLAGS option removed; original XENALLDOMAINS is now
the default, disable with MAKEDUMPFILE_OPTIONS=-X
* deprecated: notification e-mails
* deprecated: copying of the kernel image (KDUMP_COPY_KERNEL)
* FTP and SFTP are now handled by lftp, added to the spec file as Recommends:
* SSH and SFTP now support passwords provided in the URL
* fixed KDUMP_SSH_HOST_KEY, now needs to include the key type
* new KDUMP_DUMPFORMAT=raw, will save an unmodified /proc/vmcore
* the output directory name is now YYYY-MM-DD-HH-MM, i.e. the separator between
HH and MM changed
* unified default KDUMP_SAVEDIR across config, code and man to /var/crash
* ping is now used to detect network is up; disable with KDUMP_NET_TIMEOUT=0
* all the yes/no options changed to true/false; yes/no/1/0 still accepted
* put the kdump initrd in /var/lib/kdump/initrd
* use default kernel symlink (/boot/vmlinuz) instead of kernel autodetection
* KDUMP_KERNELVER can specify an absolute path to a kernel image
* improved mkdumprd detection of changed settings
* removed all of kdumptool except the calibrate subcommand
* cleaned up dependencies (ssh now only Recommended)
==== libcontainers-common ====
Subpackages: libcontainers-default-policy
- Remove unused grep requirement
- Resolve choice on openSUSE distributions for libcontainer-policy
by suggesting the libcontainers-openSUSE-policy explicitly.
==== libnettle ====
Subpackages: libhogweed6 libnettle8
- Add the architecture specific READMEs as provided by upstream.
==== lockdev ====
Subpackages: liblockdev1
- lock group is created by system-group-hardware
- use sysusers mechanism to create lock group and tmpfiles for
/{var/,}run (boo#1078466)
- add lockdev-debug.diff
==== lvm2 ====
Subpackages: liblvm2cmd2_03
- multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613)
- bug-1212613_apply-multipath_component_detection-0-to-duplicate-P.patch
==== lvm2-device-mapper ====
Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03
- multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613)
- bug-1212613_apply-multipath_component_detection-0-to-duplicate-P.patch
==== mozjs102 ====
Version update (102.11.0 -> 102.12.0)
- Update to version 102.12.0:
+ Various security fixes.
+ CVE-2023-34414: Click-jacking certificate exceptions through
rendering lag.
==== perl-Bootloader ====
Version update (1.2 -> 1.4)
- merge gh#openSUSE/perl-bootloader#151
- default-settings: support non-x86 architectures
- add man pages for all commands
- 1.4
- merge gh#openSUSE/perl-bootloader#149
- use signed grub EFI binary when updating grub in default EFI
location (bsc#1210799)
- 1.3
==== pipewire ====
Version update (0.3.71 -> 0.3.72)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Update to version 0.3.72:
* Highlights
- Fix a critical bug that would refuse to update the samplerate
or buffersize in JACK clients.
- A new module-netjack2-driver and module-netjack2-manager were
added that are compatible with NETJACK2. This allows PipeWire
to become a NETJACK2 manager or a driver between JACK2 or
PipeWire servers.
- Support was added for firewire devices with FFADO. This is
untested for now and MIDI is not implemented yet.
- The node scheduling was optimized some more. External drivers
are now as efficient as in-server ones. This should improve
performance of various drivers such as bluetooth and JACK
based drivers.
- Many, many bug fixes and a ton of improvements.
* PipeWire
- pw-filter can now be used to write sinks and sources.
- The node activation for drivers was changed. The driver now
does not need to go to the server to start the processing
cycle. This makes out-of-server drivers as efficient as
in-server drivers.
- Don't try to use drivers with 0 priority as fallback drivers.
This avoids making the screencast driver a driver for audio.
- Improve xrun count reporting in pw-top and the profiler. Now
each node has their own xrun counter updated when it fails to
complete processing during the cycle.
- pw-filter now also has support for TRIGGER.
- A potential fd leak was found when fds were send to a zombie
client.
- Fix a bug where monitor or capture streams were logged twice
in the profiler.
- Remove stream hooks safely.
- A bug in serialization of container properties was fixed.
This could result in truncated property values.
- The PIPEWIRE_AUTOCONNECT environment variable now always
overrides the autoconnect settings of streams.
- Node, port and link destroy now avoids some useless work.
- Port will now try to renegotiate a new format when idle.
* Modules
- The module-sap now is more compatible with AES67.
- A new FFADO driver module was added. This is completely
untested because of lack of hardware. Please test and report
issues.
- A new NETJACK2 driver and a NETJACK2 manager module were
added. These should be drop in replacements for the JACK2
parts.
- The RAOP discover module now tries harder to only list
devices once.
- The zeroconf discover module now tries harder to only list
devices once.
- The RAOP sink module now handles latency better and is
compatible with some more devices.
- The loopback and filter-chain modules now always dequeue the
last input buffer to avoid stuttering in some cases.
- The SPA node factory module can now also export nodes. This
is used to export the PTP clock from the AES67 config file.
- A bug in module-jack-tunnel was fixed that would cause
stuttering and corrupted output in some cases.
- The resampler is now disabled in module-loopback and
filter-chain when the samplerate is set to follow the graph
rate.
- The way the mixer peer is sent to clients was improved. It is
now also possible to let a remote node know about mixer port
removes, which can avoid memory leaks and some code
simplifications.
* SPA
- Monitor ports now report latency correctly.
- The ALSA plugin now uses htimestamp to get a more accurate
ringbuffer position to estimate the clock skew.
- The channelmixer now has min/max-volume settings to limit or
fix the volume.
- The ALSA plugin can now control the playback and capture rate
of USB gadgets. This can avoid resampling and instead use the
USB feedback to control the rate.
- The ALSA output to multiple devices has been improved, some
lockups are avoided when the device ringbuffer is full.
- The compress-offload sink has improved negotiation.
* pulse-server
- Only try to use GSettings when the schema exists.
- @DEFAULT_SOURCE@, @DEFAULT_SINK@ and @DEFAULT_MONITOR@ are
now correctly handled as targets in playback and capture
streams.
- 2 new quirks are added to disable volume updates on
sinks/sources.
- The virtual-sink and virtual-source modules were added. These
are really example modules but actually also work and are
useful on PulseAudio so implement them as well.
- Fix initial stream volumes.
* Bluetooth
- Only register A2DP or BAP when we have codecs.
- Include codec into the media.name
* JACK
- Fix a critical bug that would refuse to update the samplerate
or buffersize.
- Improve updates of samplerate/buffersize, delay the updates
until the client is activated.
- Use the new mix-info updates to simplify the mixer setup and
peer detection.
* GStreamer
... changelog too long, skipping 5 lines ...
the ld.so.conf.d file).
==== publicsuffix ====
Version update (20230613 -> 20230616)
- Update to version 20230616:
* Add 63 geographical domains for .vn ccTLD (#1776)
* util: gTLD data autopull updates for 2023-06-16T15:12:40 UTC (#1778)
* util: gTLD data autopull updates for 2023-06-14T15:13:06 UTC (#1777)
==== python-Twisted ====
Subpackages: python311-Twisted python311-Twisted-tls
- add regenerate-cert-to-work-with-latest-service-identity.patch
remove-pynacl-optional-dependency.patch: backports from main
git to fix tests with newer dependency versions
==== python-cryptography ====
Version update (40.0.2 -> 41.0.1)
- update to 41.0.1 (bsc#1212568):
* Temporarily allow invalid ECDSA signature algorithm
parameters in X.509 certificates, which are
generated by older versions of Java.
* Allow null bytes in pass phrases when serializing private
keys.
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than
1.1.1d has been removed. Users on older version of
OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Support for Python 3.6 has been
removed.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL <
3.6.
* Updated the minimum supported Rust version (MSRV) to 1.56.0,
from 1.48.0.
* Added support for the
:class:`~cryptography.x509.OCSPAcceptableResponses`
OCSP extension.
* Added support for the
:class:`~cryptography.x509.MSCertificateTemplate`
proprietary Microsoft certificate extension.
* Implemented support for equality checks on all asymmetric
public key types.
* Added support for ``aes256-gcm(a)openssh.com`` encrypted keys
in :func:`~cryptography.hazmat.primitives.serialization.load_ssh
_private_key`.
* Added support for obtaining X.509 certificate signature
algorithm parameters (including PSS)
==== python-service_identity ====
Version update (21.1.0 -> 23.1.0)
- Update to 23.1.0
* Removed
- All Python versions up to and including 3.7 have been dropped.
- Support for commonName in certificates has been dropped.
It has been deprecated since 2017 and isn't supported by any
major browser.
- The oldest supported pyOpenSSL version (when using the
pyopenssl backend) is now 17.0.0.
When using such an old pyOpenSSL version, you have to pin
cryptography yourself to ensure compatibility between them.
Please check out contraints/oldest-pyopenssl.txt to verify
what we are testing against.
* Deprecated
- If you've used service_identity.(cryptography|pyopenssl).extract_ids(),
please switch to the new names extract_patterns(). #56
* Added
- service_identity.(cryptography|pyopenssl).extract_patterns()
are now public APIs (FKA extract_ids()).
You can use them to extract the patterns from a certificate
without verifying anything. #55
- service-identity is now fully typed. #57
==== rtkit ====
- rtkit-daemon: Don't log debug messages by default (bsc#1206745).
Added patch(es):
* rtkit-silent-debug-messages-by-default.patch
==== snapper ====
Version update (0.10.4 -> 0.10.5)
Subpackages: libsnapper7 snapper-zypp-plugin
- improved responsiveness of snapperd when a btrfs quota rescan
is running (see bsc#1211459)
- update qgroup in config info in snapperd when running setup-quota
- improved waiting for btrfs quota rescan (see bsc #1211459)
==== strace ====
Version update (6.3 -> 6.4)
- Update to strace 6.4
* Implemented decoding of IFLA_BRPORT_NEIGH_VLAN_SUPPRESS netlink attribute.
* Implemented decoding of IP_PROTOCOL type control messages and socket option.
* Updated lists of BPF_*, IP_*, KVM_*, MDBA_*, PACKET_*, PR_*, PTRACE_*,
UFFD_*, and V4L2_PIX_FMT_* constants.
* Updated lists of ioctl commands from Linux 6.4.
* Turn --seccomp-bpf off when --syscall-limit option is specified.
* Fixed --trace-fds filtering support of syscalls taking file descriptor
arguments that do not normally have a path associated with them.
==== yast2-kdump ====
Version update (4.6.0 -> 4.6.1)
- adapt for version kdump versions 1.9+ (bsc#1212646)
- call mkdumprd directly, not through tu-rebuild-kdump-initrd
- update initrd even in non-fadump case
- remove KDUMP_COPY_KERNEL and KDUMPTOOL_FLAGS options
- update default config values according to kdump defaults
- unify config boolean variables to "true" or "false"
- support the snappy, zstd and raw dump formats
- 4.6.1
==== zlib-ng-compat ====
- Add patch to fix boo#1212735:
* 1526.patch
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
firewalld (1.3.3 -> 2.0.0)
plasma5-workspace
python-numpy
spandsp (3.0.0.g15 -> 3.0.0+g21)
sssd (2.9.0 -> 2.9.1)
xdg-desktop-portal
=== Details ===
==== firewalld ====
Version update (1.3.3 -> 2.0.0)
Subpackages: firewalld-bash-completion python3-firewall
- update to version 2.0.0:
* This is a major release. The major version is being bumped symbolically
to reflect significant changes done in commit f4d2b80 ("fix(policy):
disallow zone drifting"). It does not contain any deliberate breaking
changes.
* Complete changelog:
https://github.com/firewalld/firewalld/releases/tag/v2.0.0
==== plasma5-workspace ====
Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-libs xembedsniproxy
- Mark org.kde.userfeedback.kcm as internal QML import
==== python-numpy ====
- Adapt test exceptions for PPC64 etc., TestFReturnCharacter
instead of TestF77ReturnCharacter, TestF90ReturnCharacter
==== spandsp ====
Version update (3.0.0.g15 -> 3.0.0+g21)
- Update to snapshot 3.0.0+g21 (0d2e6ac6)
* Ensure we never copy too much from pitch_overlap
to the output buffer.
==== sssd ====
Version update (2.9.0 -> 2.9.1)
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap
- Update to relese 2.9.1
* A regression was fixed that prevented autofs lookups to
function correctly when cache_first is set to True.
* A regression where SSSD failed to properly watch for changes
in ``/etc/resolv.conf`` when it was a symbolic link or was a
relative path, was fixed.
==== xdg-desktop-portal ====
- Add patch from upstream to avoid creating portals with
non-functional backends . This was mentioned in bsc#1212037 and
since I included this fix in the SP4 update that fixed the issue,
I'm fixing this in Factory/SP5 too for consistentcy.
* 0001-portal-impl-Only-return-found-implementation-if-it-launched.patch
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
python-numpy
spandsp (3.0.0.g15 -> 3.0.0+g21)
=== Details ===
==== python-numpy ====
- Adapt test exceptions for PPC64 etc., TestFReturnCharacter
instead of TestF77ReturnCharacter, TestF90ReturnCharacter
==== spandsp ====
Version update (3.0.0.g15 -> 3.0.0+g21)
- Update to snapshot 3.0.0+g21 (0d2e6ac6)
* Ensure we never copy too much from pitch_overlap
to the output buffer.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
firewalld (1.3.3 -> 2.0.0)
plasma5-workspace
sssd (2.9.0 -> 2.9.1)
xdg-desktop-portal
=== Details ===
==== firewalld ====
Version update (1.3.3 -> 2.0.0)
Subpackages: firewalld-bash-completion firewalld-lang python3-firewall
- update to version 2.0.0:
* This is a major release. The major version is being bumped symbolically
to reflect significant changes done in commit f4d2b80 ("fix(policy):
disallow zone drifting"). It does not contain any deliberate breaking
changes.
* Complete changelog:
https://github.com/firewalld/firewalld/releases/tag/v2.0.0
==== plasma5-workspace ====
Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-lang plasma5-workspace-libs xembedsniproxy
- Mark org.kde.userfeedback.kcm as internal QML import
==== sssd ====
Version update (2.9.0 -> 2.9.1)
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap
- Update to relese 2.9.1
* A regression was fixed that prevented autofs lookups to
function correctly when cache_first is set to True.
* A regression where SSSD failed to properly watch for changes
in ``/etc/resolv.conf`` when it was a symbolic link or was a
relative path, was fixed.
==== xdg-desktop-portal ====
Subpackages: xdg-desktop-portal-lang
- Add patch from upstream to avoid creating portals with
non-functional backends . This was mentioned in bsc#1212037 and
since I included this fix in the SP4 update that fixed the issue,
I'm fixing this in Factory/SP5 too for consistentcy.
* 0001-portal-impl-Only-return-found-implementation-if-it-launched.patch
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
7zip (22.01 -> 23.01)
Mesa (23.1.2 -> 23.1.3)
Mesa-drivers (23.1.2 -> 23.1.3)
accountsservice (22.08.8 -> 23.13.9)
apparmor (3.1.5 -> 3.1.6)
bind (9.18.15 -> 9.18.16)
brltty
crda (4.14 -> 4.15)
cups
ding-libs
health-checker (1.8 -> 1.9)
icu (73.1 -> 73.2)
installation-images-MicroOS (17.88 -> 17.89)
kernel-firmware (20230531 -> 20230620)
kernel-source (6.3.7 -> 6.3.9)
libapparmor (3.1.5 -> 3.1.6)
libevdev (1.13.0 -> 1.13.1)
libpng16 (1.6.39 -> 1.6.40)
librsvg
libstorage-ng (4.5.120 -> 4.5.121)
libwebp
netpbm (10.96.4 -> 11.2.0)
nghttp2 (1.53.0 -> 1.54.0)
open-vm-tools
python-gobject
rubygem-ruby-dbus (0.23.0.beta1 -> 0.23.0.beta2)
selinux-policy (20230425 -> 20230622)
systemd
systemd-rpm-macros (23 -> 24)
tiff (4.5.0 -> 4.5.1)
util-linux (2.38.1 -> 2.39)
util-linux-systemd (2.38.1 -> 2.39)
wtmpdb (0.6.0 -> 0.7.0)
zlib-ng-compat (2.0.7 -> 2.1.2)
=== Details ===
==== 7zip ====
Version update (22.01 -> 23.01)
- Update to version 23.01:
* 7-Zip now can use new ARM64 filter for compression to 7z and xz archives.
ARM64 filter can increase compression ratio for data containing executable files
compiled for ARM64 (AArch64) architecture.
* Default section size for BCJ2 filter was changed from 64 MiB to 240 MiB. It
can increase compression ratio for executable files larger than 64 MiB.
* UDF: support was improved.
* cpio: support for hard links.
* Some changes and optimizations in WIM creation code.
* When new 7-Zip creates multivolume archive, 7-Zip keeps in open state only
volumes that still can be changed. Previous versions kept all volumes in open
state until the end of the archive creation.
* 7-Zip now can reduce the number of simultaneously open files, when
7-Zip opens, extracts or creates multivolume archive. It allows to avoid the
failures for cases with big number of volumes, bacause there is a limitation for
number of open files allowed for a single program in Linux.
* The bugs were fixed:
* ZIP archives: if multithreaded zip compression was performed with
more than one file to stdout stream (-so switch), 7-zip didn't write "data
descriptor" for some files.
* ext4 archives: 7-Zip couldn't correctly extract symbolic link to directory from ext4 archives.
* HFS and APFS archives: 7-Zip incorrectly decoded uncompressed blocks (64 KiB) in compressed forks.
* Some another bugs were fixed.
- Refresh fix-compatib-with-p7zip.patch
==== Mesa ====
Version update (23.1.2 -> 23.1.3)
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1
- Update to bugfix release 23.1.3
- supersedes U_glx-Remove-pointless-GLX_INTEL_swap_event-paranoia.patch
(boo#1209005)
- -Dxmlconfig=enabled now also needs -Dexpat=enabled as dependancy
==== Mesa-drivers ====
Version update (23.1.2 -> 23.1.3)
Subpackages: Mesa-dri Mesa-gallium Mesa-libva
- Update to bugfix release 23.1.3
- supersedes U_glx-Remove-pointless-GLX_INTEL_swap_event-paranoia.patch
(boo#1209005)
- -Dxmlconfig=enabled now also needs -Dexpat=enabled as dependancy
==== accountsservice ====
Version update (22.08.8 -> 23.13.9)
Subpackages: libaccountsservice0 typelib-1_0-AccountsService-1_0
- Add accountsservice-assume-gdm.patch: assume gdm when not being
able to detect the used display manager. This is basically the
same as was in place before we gained support for multiple DMs
(boo#1212675).
- Update to version 23.13.9:
+ daemon: Fix boot delay
+ user-manager:
- Add cancellable to fetch user requests
- Track non-existent users
- Changes from version 23.11.69:
+ Add lightdm autologin support
+ user:
- Return an error when setting invalid language
- Throw a warning for invalid locales
- Support new LocalAccount property in cache file
- Replace usermod -p with chpasswd -e
+ main:
- Use new overridable USERDIR
- Use new overridable ICONDIR
- Use new overridable sysconfdir
+ daemon:
- Add GetUsersLanguages() function
- Don't crash if /etc/shadow doesn't exist
+ Updated translations.
- Rebase patches:
+ accountsservice-sysconfig.patch
+ accountsservice-filter-suse-accounts.patch
==== apparmor ====
Version update (3.1.5 -> 3.1.6)
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- update to AppArmor 3.1.6
- fix regression in mount rules (boo#1211989)
- some additions to the base and authentification abstractions
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6
for the full upstream changelog
==== bind ====
Version update (9.18.15 -> 9.18.16)
- Update to release 9.18.16
Security Fixes:
* The overmem cleaning process has been improved, to prevent the
cache from significantly exceeding the configured
max-cache-size limit. (CVE-2023-2828)
* A query that prioritizes stale data over lookup triggers a
fetch to refresh the stale data in cache. If the fetch is
aborted for exceeding the recursion quota, it was possible for
named to enter an infinite callback loop and crash due to stack
overflow. This has been fixed. (CVE-2023-2911)
New Features:
* The system test suite can now be executed with pytest (along
with pytest-xdist for parallel execution).
Removed Features:
* TKEY mode 2 (Diffie-Hellman Exchanged Keying) is now
deprecated, and will be removed in a future release. A warning
will be logged when the tkey-dhkey option is used in
named.conf.
Bug Fixes:
* BIND could get stuck on reconfiguration when a listen-on
statement for HTTP is removed from the configuration. That has
been fixed.
* Previously, it was possible for a delegation from cache to be
returned to the client after the stale-answer-client-timeout
duration. This has been fixed.
* BIND could allocate too big buffers when sending data via
stream-based DNS transports, leading to increased memory usage.
This has been fixed.
* When the stale-answer-enable option was enabled and the
stale-answer-client-timeout option was enabled and larger than
0, named previously allocated two slots from the
clients-per-query limit for each client and failed to gradually
auto-tune its value, as configured. This has been fixed.
==== brltty ====
Subpackages: brltty-driver-at-spi2 brltty-driver-brlapi brltty-driver-speech-dispatcher brltty-driver-xwindow libbrlapi0_8 python3-brlapi system-user-brltty xbrlapi
- Use conditionals for sysusers_requires to allow quilt setup
- Remove workarounds for old TCL
- Enable parallel build again
- Don't use %tmpfiles_create_package anymore.
This macro cannot work on transactional systems. However this macro was
supposed to be used only when the tmpfiles stuff was needed in advance, which
doesn't seem to be the case for brltty.
==== crda ====
Version update (4.14 -> 4.15)
- Update to crda 4.15
- Remove patches now upstream
* crda-67f1e6ddbdfade357e234c9d58a30fe0a283fe60.patch
* crda-f4ef2531698fb9ba006e8b31a223b3269be8bc7c.patch
- Port patch crda-python3.patch
==== cups ====
Subpackages: cups-client cups-config libcups2 libcupsimage2
- cups-2.4.2-CVE-2023-34241.patch fixes CVE-2023-34241
"use-after-free in cupsdAcceptClient()"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
bsc#1212230
==== ding-libs ====
Subpackages: libbasicobjects0 libcollection4 libdhash1 libini_config5 libpath_utils1 libref_array1
- Update to 0.6.2:
* Minor maintenance update:
INI: Silent ini_argument match failures
INI: Fix detection of error message
- Remove patches fixed upstream
* INI-Fix-detection-of-error-messages.patch
* INI-Silence-ini_augment-match-failures.patch
* TEST-validators_ut_check-Fix-fail-with-new-glibc.patch
* INI-Remove-definiton-of-TRACE_LEVEL.patch
- Use github sources
==== health-checker ====
Version update (1.8 -> 1.9)
Subpackages: health-checker-plugins-MicroOS
- Update to version 1.9
* Fix failing subvolume mount checks with certain characters in
mount point [gh#openSUSE/health-checker#14].
==== icu ====
Version update (73.1 -> 73.2)
Subpackages: libicu73 libicu73-ledata
- Update to release 73.2
* CLDR extends the support for âshortâ Chinese sort orders to
cover some additional, required characters for Level 2. This
is carried over into ICU collation.
* ICU has a modified character conversion table, mapping some
GB18030 characters to Unicode characters that were encoded
after GB18030-2005.
- Delete icu-UCHAR-uint16t.patch (merged)
==== installation-images-MicroOS ====
Version update (17.88 -> 17.89)
- merge gh#openSUSE/installation-images#649
- add shim, mokutil, and grub2-i386-efi to rescue system (bsc#1209985)
- add shim and grub2-i386-efi to rescue system (bsc#1209985)
- 17.89
==== kernel-firmware ====
Version update (20230531 -> 20230620)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network
- Update to version 20230620 (git commit 045b2136a619):
* amdgpu: update DMCUB to v0.0.172.0 for various AMDGPU ASICs
* fix broken cirrus firmware symlinks
* qcom: Update the microcode files for Adreno a630 GPUs.
* qcom: sdm845: rename the modem firmware
* qcom: sdm845: update remoteproc firmware
* rtl_bt: Update RTL8852A BT USB firmware to 0xDAC7_480D
* rtl_bt: Update RTL8852C BT USB firmware to 0x040D_7225
* amdgpu: DMCUB updates for various AMDGPU asics
* linux-firmware: update firmware for MT7922 WiFi device
* linux-firmware: update firmware for MT7921 WiFi device
* linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
* linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
* i915: Add HuC v8.5.0 for MTL
* mediatek: Update mt8195 SCP firmware to support hevc
- Drop obsoleted patch for WHENCE:
cirrus-WHENCE-link-fixes.patch
- Update aliases
==== kernel-source ====
Version update (6.3.7 -> 6.3.9)
- Linux 6.3.9 (bsc#1012628).
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed
(bsc#1012628).
- cgroup: bpf: use cgroup_lock()/cgroup_unlock() wrappers
(bsc#1012628).
- cgroup: always put cset in cgroup_css_set_put_fork
(bsc#1012628).
- cgroup: fix missing cpus_read_{lock,unlock}() in
cgroup_transfer_tasks() (bsc#1012628).
- qcom: llcc/edac: Fix the base address used for accessing LLCC
banks (bsc#1012628).
- EDAC/qcom: Get rid of hardcoded register offsets (bsc#1012628).
- ksmbd: validate smb request protocol id (bsc#1012628).
- of: overlay: Fix missing of_node_put() in error case of
init_overlay_changeset() (bsc#1012628).
- power: supply: ab8500: Fix external_power_changed race
(bsc#1012628).
- power: supply: sc27xx: Fix external_power_changed race
(bsc#1012628).
- power: supply: bq27xxx: Use mod_delayed_work() instead of
cancel() + schedule() (bsc#1012628).
- ARM: dts: vexpress: add missing cache properties (bsc#1012628).
- arm64: dts: arm: add missing cache properties (bsc#1012628).
- tools: gpio: fix debounce_period_us output of lsgpio
(bsc#1012628).
- selftests: gpio: gpio-sim: Fix BUG: test FAILED due to recent
change (bsc#1012628).
- power: supply: Ratelimit no data debug output (bsc#1012628).
- PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
(bsc#1012628).
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B,
0xC0 (bsc#1012628).
- regulator: Fix error checking for debugfs_create_dir
(bsc#1012628).
- irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/
firmware issues (bsc#1012628).
- irqchip/meson-gpio: Mark OF related data as maybe unused
(bsc#1012628).
- power: supply: Fix logic checking if system is running from
battery (bsc#1012628).
- drm: panel-orientation-quirks: Change Air's quirk to support
Air Plus (bsc#1012628).
- btrfs: scrub: try harder to mark RAID56 block groups read-only
(bsc#1012628).
- btrfs: handle memory allocation failure in btrfs_csum_one_bio
(bsc#1012628).
- ASoC: soc-pcm: test if a BE can be prepared (bsc#1012628).
- sfc: fix devlink info error handling (bsc#1012628).
- ASoC: Intel: avs: Account for UID of ACPI device (bsc#1012628).
- ASoC: Intel: avs: Fix avs_path_module::instance_id size
(bsc#1012628).
- ASoC: Intel: avs: Add missing checks on FE startup
(bsc#1012628).
- parisc: Improve cache flushing for PCXL in
arch_sync_dma_for_cpu() (bsc#1012628).
- parisc: Flush gatt writes and adjust gatt mask in
parisc_agp_mask_memory() (bsc#1012628).
- erofs: use HIPRI by default if per-cpu kthreads are enabled
(bsc#1012628).
- MIPS: unhide PATA_PLATFORM (bsc#1012628).
- MIPS: Restore Au1300 support (bsc#1012628).
- MIPS: Alchemy: fix dbdma2 (bsc#1012628).
- mips: Move initrd_start check after initrd address sanitisation
(bsc#1012628).
- ASoC: cs35l41: Fix default regmap values for some registers
(bsc#1012628).
- ASoC: dwc: move DMA init to snd_soc_dai_driver probe()
(bsc#1012628).
- xen/blkfront: Only check REQ_FUA for writes (bsc#1012628).
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path
(bsc#1012628).
- io_uring: unlock sqd->lock before sq thread release CPU
(bsc#1012628).
- NVMe: Add MAXIO 1602 to bogus nid list (bsc#1012628).
- irqchip/gic: Correctly validate OF quirk descriptors
(bsc#1012628).
- wifi: cfg80211: fix locking in regulatory disconnect
(bsc#1012628).
- wifi: cfg80211: fix double lock bug in reg_wdev_chan_valid()
(bsc#1012628).
- epoll: ep_autoremove_wake_function should use
list_del_init_careful (bsc#1012628).
- ocfs2: fix use-after-free when unmounting read-only filesystem
(bsc#1012628).
- ocfs2: check new file size on fallocate call (bsc#1012628).
- zswap: do not shrink if cgroup may not zswap (bsc#1012628).
- mm/damon/core: fix divide error in
damon_nr_accesses_to_accesses_bp() (bsc#1012628).
- nios2: dts: Fix tse_mac "max-frame-size" property (bsc#1012628).
- mm/uffd: fix vma operation where start addr cuts part of vma
(bsc#1012628).
- nilfs2: fix incomplete buffer cleanup in
nilfs_btnode_abort_change_key() (bsc#1012628).
- nilfs2: fix possible out-of-bounds segment allocation in resize
ioctl (bsc#1012628).
- nilfs2: reject devices with insufficient block count
(bsc#1012628).
- LoongArch: Fix debugfs_create_dir() error checking
(bsc#1012628).
... changelog too long, skipping 511 lines ...
- commit c0cd722
==== libapparmor ====
Version update (3.1.5 -> 3.1.6)
- update to AppArmor 3.1.6
- fix regression in mount rules (boo#1211989)
- some additions to the base and authentification abstractions
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6
for the full upstream changelog
==== libevdev ====
Version update (1.13.0 -> 1.13.1)
- update to 1.13.1:
* include: sync event codes with kernel 6.2
* CI fixes
==== libpng16 ====
Version update (1.6.39 -> 1.6.40)
- Update to version 1.6.40:
* Fixed the eXIf chunk multiplicity checks.
* Fixed a memory leak in pCAL processing.
* Corrected the validity report about tRNS inside png_get_valid().
* Fixed various build issues on *BSD, Mac and Windows.
* Updated the configurations and the scripts for continuous integration.
* Cleaned up the code, the build scripts, and the documentation.
==== librsvg ====
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0
- Use %build_rustflags instead of the deprecated
%__default_rustflags macro. Requires at least cargo-packaging
1.2.0+3 (boo#1212333).
==== libstorage-ng ====
Version update (4.5.120 -> 4.5.121)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- merge gh#openSUSE/libstorage-ng#937
- query version of lsscsi (preparation for using json output)
- coding style
- extended documentation
- 4.5.121
==== libwebp ====
Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3
- Add libwebp-double-free.patch: Avoid a double free, upstream
commit a486d800 (bsc#1210212 CVE-2023-1999).
==== netpbm ====
Version update (10.96.4 -> 11.2.0)
Subpackages: libnetpbm11
- version update to 11.2.0
* jpegtopnm: Add -traceexif
* pbmtextps: Add -asciihex, -ascii85.
* pcdovtoppm: remove dependency on obsolete 'tempfile' program.
* jpegtopnm: Many fixes to -dumpexif. Always broken.
(-dumpexif was new in Netpbm 9.18 (September 2001))
* pamtopng: fix -chroma option: always rejected. Always broken.
(pamtopng was new in Netpbm 10.70 (June 2015)).
* pnmtopng: fix -rgb option: always rejected. Always broken
(-rgb was new in Netpbm 10.30 (October 2005)).
* build: change the way you add the separately distributed
'hpcdtoppm' code to the build.
* lot of changes since last version update, see
https://sourceforge.net/p/netpbm/code/HEAD/tree/advanced/doc/HISTORY
- modified patches
% netpbm-gcc-warnings.patch (refreshed)
% netpbm-security-code.patch (refreshed)
% netpbm-security-scripts.patch (refreshed)
- deleted patches
- netpbm-tmpfile.patch (upstreamed)
- ppmforge-fix-overflow.patch (upstreamed)
- signed-char.patch (upstreamed)
==== nghttp2 ====
Version update (1.53.0 -> 1.54.0)
- update to 1.54.0:
* nghttpx: Consistent error handling and use of high-level API
* h2load: Fix http3 upload stall
* h2load: Use std::chrono::steady_clock for quic timestamp
==== open-vm-tools ====
Subpackages: libvmtools0 open-vm-tools-desktop
- Fix (bsc#1212143) - (CVE-2023-20867) - VUL-0: CVE-2023-20867:
open-vm-tools: Authentication Bypass vulnerability in the vgauth
module
+ Add patch: 2023-20867-Remove-some-dead-code.patch
==== python-gobject ====
Subpackages: python311-gobject python311-gobject-Gdk python311-gobject-cairo
- Add %{?sle15_python_module_pythons}: build additional python
flavors besides the 'default' when building for SLE15.
==== rubygem-ruby-dbus ====
Version update (0.23.0.beta1 -> 0.23.0.beta2)
- 0.23.0.beta2
License:
* clarified to be LGPL-2.1-or-later
API:
* DBus::Object#object_server replaces @service (which still works) and the short-lived
@connection
* ObjectServer#export will raise if the path is already taken by an object
* ObjectServer#unexport now also accepts an object path
* Connection#object_server can export objects even without requesting any
service name (gh#mvidner/ruby-dbus#49, in beta1 already).
* Add PeerConnection for connections without a bus, useful for PulseAudio.
Fix listening for signals there (gh#mvidner/ruby-dbus##44).
* Moved from Connection to BusConnection: #unique_name, #proxy, #service.
Call send_hello in BusConnection#initialize already.
Bug fixes:
* Fixed a refactoring crasher bug in ProxyService#introspect (oops).
* Fix crash on #unexport of /child_of_root or even /
==== selinux-policy ====
Version update (20230425 -> 20230622)
Subpackages: selinux-policy-targeted
- Update to version 20230622:
* Allow keyutils_dns_resolver_exec_t be an entrypoint
* Allow collectd_t read network state symlinks
* Revert "Allow collectd_t read proc_net link files"
* Allow nfsd_t to list exports_t dirs
* Allow cupsd dbus chat with xdm
* Allow haproxy read hardware state information
* Label /dev/userfaultfd with userfaultfd_t
* Allow blueman send general signals to unprivileged user domains
* Allow dkim-milter domain transition to sendmail
==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-coredump systemd-doc udev
- Make sure to pre-install the groups systemd and udev rely on. This is needed
when the tmpfiles are run at package installation time. Theoretically with
only "Requires(pre): group()", rpm is allowed to drop the group at the end of
the package installations hence let's keep "Requires: group()" dep.
Note: this is also needed when (post)file-triggers are enabled due to the
current limitation of the default libzypp transaction backend.
- file-triggers: fix lua trigger priority for sysusers (bsc#1212376)
A single digit in the priority used for sysusers got dropped somehow and
upstream commit cd621954ed643c6ee0d869132293e26056a48826 forgot to restore it
in the lua implementation.
- file-triggers: skip the call to systemd-tmpfiles in chroot too. That way we
ensure that packages that really need the tmpfiles in advance use the right
API which is %tmpfiles_create_package.
- file-triggers: to be consistent with what we already does with tmpfiles, we
skip the call to systemd-sysusers and delay system user creations until the
next reboot.
- Temporarily add
5002-Revert-core-service-when-resetting-PID-also-reset-kn.patch until it's
backported to the next stable release
See https://github.com/systemd/systemd/pull/28000
==== systemd-rpm-macros ====
Version update (23 -> 24)
- Bump to version 24
- Drop %tmpfiles_create_package
It can't work during transactional updates because the paths that
systemd-tmpfiles usually operates on (such as /var) can't be changed. It
appears that the only user of this macro doesn't really need this macro so
let's drop it.
- Drop %sysusers_create_inline
It's deprecated and the only user of this macro is being converted to
%sysusers_create_package. So drop it now before the deprecated macro attracts
more users.
- Unlike systemd-tmpfiles call in %tmpfiles_create_package(), systemd-sysusers
must always be called by %sysusers_create_package() even on transactional
systems since it's part of the macro contract. Writing to /etc is not
recommended on such systems but it has to work anyways.
==== tiff ====
Version update (4.5.0 -> 4.5.1)
- Update to version 4.5.1:
* Definition of tags reformatted (clang-format off) for better readability of tag comments in tiff.h and tif_dirinfo.c
* Do not install libtiff-4.pc when tiff-install is reset.
* Add versioninfo resource files for DLL and tools compiled with Windows MSVC and MINGW.
* Disable clang-formatting for tif_config.h.cmake.in and tiffconf.h.cmake.in because sensitive for CMake scripts.
* CMake: make WebP component name compatible with upstream ConfigWebP.cmake
* CMake: make Findliblzma with upstream CMake config file
* CMake: FindDeflate.cmake: fix several errors (issue #526).
* CMake: FindLERC.cmake: version string return added.
* CMake: export TiffConfig.cmake and TiffConfigVersion.cmake files
* CMake: fix export of INTERFACE_INCLUDE_DIRECTORIES
* Hardcode HOST_FILLORDER to FILLORDER_LSB2MSB and make 'H' flag of TIFFOpen() to warn and an alias of FILLORDER_MSB2LSB. tif_lerc.c: use WORDS_BIGENDIAN instead of HOST_BIGENDIAN.
* Optimize relative seeking within TIFFSetDirectory() by using the learned list of IFD offsets.
* Improve internal IFD offset and directory number map handling.
* Behavior of TIFFOpen() mode "r+" in the Windows implementation adjusted to that of Linux.
* TIFFDirectory td_fieldsset type changed from unsigned long, which can be 32 or 64 bits, to uint32_t (fixes issue #484).
* tif_ojpeg.c: checking for division by zero (fixes issue #554).
* LZWDecode(): avoid crash when trying to read again from a strip whith a missing end-of-information marker (fixes issue #548).
* Fixed runtime error: applying zero offset to null pointer in countInkNamesString().
* Fixing crash in TIFFUnlinkDirectory() when called with directory number zero ("TIFFUnlinkDirectory(0)") as well as fixing incorrect behaviour when unlinking the first directory.
* tif_luv: check and correct for NaN data in uv_encode() (issue #530).
* TIFFClose() avoid NULL pointer dereferencing (issue #515).
* tif_hash_set.c: include tif_hash_set.h after tif_config.h to let a chance for GDAL symbol renaming trick.
* Fax3: fix failure to decode some fax3 number_of_images and add test for Fax3 decoding issues (issue #513).
* TIFFSetDirectory() and TIFFWriteDirectorySec() avoid harmless unsigned-integer-overflow (due to gdal oss-fuzz #54311 and #54343).
* tif_ojpeg.c: fix issue #554 by checking for division by zero in OJPEGWriteHeaderInfo().
* LZWDecode(): avoid crash when trying to read again from a strip whith a missing end-of-information marker (issue #548).
- Drop no longer needed patches:
* tiff-CVE-2023-0795,CVE-2023-0796,CVE-2023-0797,CVE-2023-0798,CVE-2023-0799.patch
* tiff-CVE-2022-48281.patch
* tiff-CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804.patch
==== util-linux ====
Version update (2.38.1 -> 2.39)
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1
- Add patch to fix regression with mount options handling (gh#util-linux/util-linux#2326):
* 0001-libmount-fix-sync-options-between-context-and-fs-str.patch
- Set --disable-libmount-mountfd-support, it's very broken and needs
both util-linux and kernel fixes (gh#util-linux/util-linux#2287)
- UTIL_LINUX_FOUND_SYSTEMD_DEPS: make grep more robust
- util-linux-tty-tools: build together with systemd in preparation
of util-linux 2.40 together with systemd v254
- Upgrade to version 2.39:
* blkpr: New command to run persistent reservations ioctls on a device.
* pipesz: New command to set or examine pipe and FIFO buffer sizes.
* waitpid: New command to wait for arbitrary processes.
* mount, libmount: Supports new file descriptors based mount kernel API.
* mount, libmount: New mount options X-mount.idmap=, X-mount.auto-fstypes,
X-mount.{owner,group,mode}=, rootcontext=@target.
* renice: Supports posix-compliant -n (via POSIXLY_CORRECT) and add a new
option --relative.
* dmesg: Supports subsecond granularity for --since and --until.
* dmesg: Option --level accepts '+' prefix or postfix for a level name to specify
all higher or all lower levels.
* blkid, libblkid: Supports bcachefs.
* fstrim: New option --types to filter out by filesystem types.
* lsblk: --nvme and --virtio are new options to filter out devices.
* lsblk: Improves detection of hotplug and removable status.
* nsenter: New option --env for allowing environment variables inheritance.
* namei: New option -Z to report SELinux contexts.
* Many other new features and fixes. For complete list see
https://kernel.org/pub/linux/utils/util-linux/v2.39/v2.39-ReleaseNotes
- Dropped upstreamed patches:
* fix-lib-internal-cache-size.patch
* util-linux-fix-tests-when-at-symbol-in-path.patch
* util-linux-honor-noclear-when-reprint-issue.patch
- Add upstream patch util-linux-fix-tests-with-64k-pagesize.patch
* Fixes fadvise tests for ppc64
==== util-linux-systemd ====
Version update (2.38.1 -> 2.39)
- Add patch to fix regression with mount options handling (gh#util-linux/util-linux#2326):
* 0001-libmount-fix-sync-options-between-context-and-fs-str.patch
- Set --disable-libmount-mountfd-support, it's very broken and needs
both util-linux and kernel fixes (gh#util-linux/util-linux#2287)
- UTIL_LINUX_FOUND_SYSTEMD_DEPS: make grep more robust
- util-linux-tty-tools: build together with systemd in preparation
of util-linux 2.40 together with systemd v254
- Upgrade to version 2.39:
* blkpr: New command to run persistent reservations ioctls on a device.
* pipesz: New command to set or examine pipe and FIFO buffer sizes.
* waitpid: New command to wait for arbitrary processes.
* mount, libmount: Supports new file descriptors based mount kernel API.
* mount, libmount: New mount options X-mount.idmap=, X-mount.auto-fstypes,
X-mount.{owner,group,mode}=, rootcontext=@target.
* renice: Supports posix-compliant -n (via POSIXLY_CORRECT) and add a new
option --relative.
* dmesg: Supports subsecond granularity for --since and --until.
* dmesg: Option --level accepts '+' prefix or postfix for a level name to specify
all higher or all lower levels.
* blkid, libblkid: Supports bcachefs.
* fstrim: New option --types to filter out by filesystem types.
* lsblk: --nvme and --virtio are new options to filter out devices.
* lsblk: Improves detection of hotplug and removable status.
* nsenter: New option --env for allowing environment variables inheritance.
* namei: New option -Z to report SELinux contexts.
* Many other new features and fixes. For complete list see
https://kernel.org/pub/linux/utils/util-linux/v2.39/v2.39-ReleaseNotes
- Dropped upstreamed patches:
* fix-lib-internal-cache-size.patch
* util-linux-fix-tests-when-at-symbol-in-path.patch
* util-linux-honor-noclear-when-reprint-issue.patch
- Add upstream patch util-linux-fix-tests-with-64k-pagesize.patch
* Fixes fadvise tests for ppc64
==== wtmpdb ====
Version update (0.6.0 -> 0.7.0)
Subpackages: libwtmpdb0
- Update to version 0.7.0
- wtmpdb rotate: use sqlite3_bind_* internal
- wtmpdb last: Implement -x, -d, -i and -w options
==== zlib-ng-compat ====
Version update (2.0.7 -> 2.1.2)
- Update to version 2.1.2:
* Many improvements to the CMake scripts.
* Improved support for detecting memory alignment functions.
* Improved support for unaligned access by letting the compiler promote code to unaligned if supported by the CPU.
* Remove x86 cpu feature detection for TZCNT, safely fallback to BSF.
* Enable using AVX512 intrinsics with GCC <9.
* Decompression is a lot faster (56% faster measured on AVX2-capable x86-64)
* Compresson is improved for Level 9, at the cost of a little performance.
* Compression is improved for Level 3, by switching from deflate_fast to deflate_medium.
* Levels 3 and 4 have been reconfigured to provide a better gradual tradeoff for speed/compression between levels 2 and 5.
* Deflate_quick (Level 1) has been improved to default to a bigger windowsize and support changing the window size like the other levels.
* Deflate_rle has been optimized with its own compare_256 implementation.
* Adler32 implementation using AVX512, AVX512-VNNI, VMX.
* CRC32-B implementation using VPCLMULQDQ & IBM-Z.
* Slide hash implementation using VMX.
* Compare256 implementations using SSE2, Neon, & POWER9.
* Inflate chunk copying using SSSE3 & VSX.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
Mesa (23.1.2 -> 23.1.3)
Mesa-drivers (23.1.2 -> 23.1.3)
accountsservice
crda (4.14 -> 4.15)
ding-libs
kernel-source (6.3.7 -> 6.3.9)
libpng16 (1.6.39 -> 1.6.40)
netpbm (10.96.4 -> 11.2.0)
rubygem-ruby-dbus (0.23.0.beta1 -> 0.23.0.beta2)
selinux-policy (20230425 -> 20230622)
util-linux (2.38.1 -> 2.39)
util-linux-systemd (2.38.1 -> 2.39)
=== Details ===
==== Mesa ====
Version update (23.1.2 -> 23.1.3)
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1
- Update to bugfix release 23.1.3
- supersedes U_glx-Remove-pointless-GLX_INTEL_swap_event-paranoia.patch
(boo#1209005)
- -Dxmlconfig=enabled now also needs -Dexpat=enabled as dependancy
==== Mesa-drivers ====
Version update (23.1.2 -> 23.1.3)
Subpackages: Mesa-dri Mesa-gallium Mesa-libva
- Update to bugfix release 23.1.3
- supersedes U_glx-Remove-pointless-GLX_INTEL_swap_event-paranoia.patch
(boo#1209005)
- -Dxmlconfig=enabled now also needs -Dexpat=enabled as dependancy
==== accountsservice ====
Subpackages: accountsservice-lang libaccountsservice0 typelib-1_0-AccountsService-1_0
- Add accountsservice-assume-gdm.patch: assume gdm when not being
able to detect the used display manager. This is basically the
same as was in place before we gained support for multiple DMs
(boo#1212675).
==== crda ====
Version update (4.14 -> 4.15)
- Update to crda 4.15
- Remove patches now upstream
* crda-67f1e6ddbdfade357e234c9d58a30fe0a283fe60.patch
* crda-f4ef2531698fb9ba006e8b31a223b3269be8bc7c.patch
- Port patch crda-python3.patch
==== ding-libs ====
Subpackages: libbasicobjects0 libcollection4 libdhash1 libini_config5 libpath_utils1 libref_array1
- Update to 0.6.2:
* Minor maintenance update:
INI: Silent ini_argument match failures
INI: Fix detection of error message
- Remove patches fixed upstream
* INI-Fix-detection-of-error-messages.patch
* INI-Silence-ini_augment-match-failures.patch
* TEST-validators_ut_check-Fix-fail-with-new-glibc.patch
* INI-Remove-definiton-of-TRACE_LEVEL.patch
- Use github sources
==== kernel-source ====
Version update (6.3.7 -> 6.3.9)
- Linux 6.3.9 (bsc#1012628).
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed
(bsc#1012628).
- cgroup: bpf: use cgroup_lock()/cgroup_unlock() wrappers
(bsc#1012628).
- cgroup: always put cset in cgroup_css_set_put_fork
(bsc#1012628).
- cgroup: fix missing cpus_read_{lock,unlock}() in
cgroup_transfer_tasks() (bsc#1012628).
- qcom: llcc/edac: Fix the base address used for accessing LLCC
banks (bsc#1012628).
- EDAC/qcom: Get rid of hardcoded register offsets (bsc#1012628).
- ksmbd: validate smb request protocol id (bsc#1012628).
- of: overlay: Fix missing of_node_put() in error case of
init_overlay_changeset() (bsc#1012628).
- power: supply: ab8500: Fix external_power_changed race
(bsc#1012628).
- power: supply: sc27xx: Fix external_power_changed race
(bsc#1012628).
- power: supply: bq27xxx: Use mod_delayed_work() instead of
cancel() + schedule() (bsc#1012628).
- ARM: dts: vexpress: add missing cache properties (bsc#1012628).
- arm64: dts: arm: add missing cache properties (bsc#1012628).
- tools: gpio: fix debounce_period_us output of lsgpio
(bsc#1012628).
- selftests: gpio: gpio-sim: Fix BUG: test FAILED due to recent
change (bsc#1012628).
- power: supply: Ratelimit no data debug output (bsc#1012628).
- PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
(bsc#1012628).
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B,
0xC0 (bsc#1012628).
- regulator: Fix error checking for debugfs_create_dir
(bsc#1012628).
- irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/
firmware issues (bsc#1012628).
- irqchip/meson-gpio: Mark OF related data as maybe unused
(bsc#1012628).
- power: supply: Fix logic checking if system is running from
battery (bsc#1012628).
- drm: panel-orientation-quirks: Change Air's quirk to support
Air Plus (bsc#1012628).
- btrfs: scrub: try harder to mark RAID56 block groups read-only
(bsc#1012628).
- btrfs: handle memory allocation failure in btrfs_csum_one_bio
(bsc#1012628).
- ASoC: soc-pcm: test if a BE can be prepared (bsc#1012628).
- sfc: fix devlink info error handling (bsc#1012628).
- ASoC: Intel: avs: Account for UID of ACPI device (bsc#1012628).
- ASoC: Intel: avs: Fix avs_path_module::instance_id size
(bsc#1012628).
- ASoC: Intel: avs: Add missing checks on FE startup
(bsc#1012628).
- parisc: Improve cache flushing for PCXL in
arch_sync_dma_for_cpu() (bsc#1012628).
- parisc: Flush gatt writes and adjust gatt mask in
parisc_agp_mask_memory() (bsc#1012628).
- erofs: use HIPRI by default if per-cpu kthreads are enabled
(bsc#1012628).
- MIPS: unhide PATA_PLATFORM (bsc#1012628).
- MIPS: Restore Au1300 support (bsc#1012628).
- MIPS: Alchemy: fix dbdma2 (bsc#1012628).
- mips: Move initrd_start check after initrd address sanitisation
(bsc#1012628).
- ASoC: cs35l41: Fix default regmap values for some registers
(bsc#1012628).
- ASoC: dwc: move DMA init to snd_soc_dai_driver probe()
(bsc#1012628).
- xen/blkfront: Only check REQ_FUA for writes (bsc#1012628).
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path
(bsc#1012628).
- io_uring: unlock sqd->lock before sq thread release CPU
(bsc#1012628).
- NVMe: Add MAXIO 1602 to bogus nid list (bsc#1012628).
- irqchip/gic: Correctly validate OF quirk descriptors
(bsc#1012628).
- wifi: cfg80211: fix locking in regulatory disconnect
(bsc#1012628).
- wifi: cfg80211: fix double lock bug in reg_wdev_chan_valid()
(bsc#1012628).
- epoll: ep_autoremove_wake_function should use
list_del_init_careful (bsc#1012628).
- ocfs2: fix use-after-free when unmounting read-only filesystem
(bsc#1012628).
- ocfs2: check new file size on fallocate call (bsc#1012628).
- zswap: do not shrink if cgroup may not zswap (bsc#1012628).
- mm/damon/core: fix divide error in
damon_nr_accesses_to_accesses_bp() (bsc#1012628).
- nios2: dts: Fix tse_mac "max-frame-size" property (bsc#1012628).
- mm/uffd: fix vma operation where start addr cuts part of vma
(bsc#1012628).
- nilfs2: fix incomplete buffer cleanup in
nilfs_btnode_abort_change_key() (bsc#1012628).
- nilfs2: fix possible out-of-bounds segment allocation in resize
ioctl (bsc#1012628).
- nilfs2: reject devices with insufficient block count
(bsc#1012628).
- LoongArch: Fix debugfs_create_dir() error checking
(bsc#1012628).
... changelog too long, skipping 511 lines ...
- commit c0cd722
==== libpng16 ====
Version update (1.6.39 -> 1.6.40)
- Update to version 1.6.40:
* Fixed the eXIf chunk multiplicity checks.
* Fixed a memory leak in pCAL processing.
* Corrected the validity report about tRNS inside png_get_valid().
* Fixed various build issues on *BSD, Mac and Windows.
* Updated the configurations and the scripts for continuous integration.
* Cleaned up the code, the build scripts, and the documentation.
==== netpbm ====
Version update (10.96.4 -> 11.2.0)
Subpackages: libnetpbm11
- version update to 11.2.0
* jpegtopnm: Add -traceexif
* pbmtextps: Add -asciihex, -ascii85.
* pcdovtoppm: remove dependency on obsolete 'tempfile' program.
* jpegtopnm: Many fixes to -dumpexif. Always broken.
(-dumpexif was new in Netpbm 9.18 (September 2001))
* pamtopng: fix -chroma option: always rejected. Always broken.
(pamtopng was new in Netpbm 10.70 (June 2015)).
* pnmtopng: fix -rgb option: always rejected. Always broken
(-rgb was new in Netpbm 10.30 (October 2005)).
* build: change the way you add the separately distributed
'hpcdtoppm' code to the build.
* lot of changes since last version update, see
https://sourceforge.net/p/netpbm/code/HEAD/tree/advanced/doc/HISTORY
- modified patches
% netpbm-gcc-warnings.patch (refreshed)
% netpbm-security-code.patch (refreshed)
% netpbm-security-scripts.patch (refreshed)
- deleted patches
- netpbm-tmpfile.patch (upstreamed)
- ppmforge-fix-overflow.patch (upstreamed)
- signed-char.patch (upstreamed)
==== rubygem-ruby-dbus ====
Version update (0.23.0.beta1 -> 0.23.0.beta2)
- 0.23.0.beta2
License:
* clarified to be LGPL-2.1-or-later
API:
* DBus::Object#object_server replaces @service (which still works) and the short-lived
@connection
* ObjectServer#export will raise if the path is already taken by an object
* ObjectServer#unexport now also accepts an object path
* Connection#object_server can export objects even without requesting any
service name (gh#mvidner/ruby-dbus#49, in beta1 already).
* Add PeerConnection for connections without a bus, useful for PulseAudio.
Fix listening for signals there (gh#mvidner/ruby-dbus##44).
* Moved from Connection to BusConnection: #unique_name, #proxy, #service.
Call send_hello in BusConnection#initialize already.
Bug fixes:
* Fixed a refactoring crasher bug in ProxyService#introspect (oops).
* Fix crash on #unexport of /child_of_root or even /
==== selinux-policy ====
Version update (20230425 -> 20230622)
Subpackages: selinux-policy-targeted
- Update to version 20230622:
* Allow keyutils_dns_resolver_exec_t be an entrypoint
* Allow collectd_t read network state symlinks
* Revert "Allow collectd_t read proc_net link files"
* Allow nfsd_t to list exports_t dirs
* Allow cupsd dbus chat with xdm
* Allow haproxy read hardware state information
* Label /dev/userfaultfd with userfaultfd_t
* Allow blueman send general signals to unprivileged user domains
* Allow dkim-milter domain transition to sendmail
==== util-linux ====
Version update (2.38.1 -> 2.39)
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 util-linux-lang
- Add patch to fix regression with mount options handling (gh#util-linux/util-linux#2326):
* 0001-libmount-fix-sync-options-between-context-and-fs-str.patch
- Set --disable-libmount-mountfd-support, it's very broken and needs
both util-linux and kernel fixes (gh#util-linux/util-linux#2287)
- UTIL_LINUX_FOUND_SYSTEMD_DEPS: make grep more robust
- util-linux-tty-tools: build together with systemd in preparation
of util-linux 2.40 together with systemd v254
- Upgrade to version 2.39:
* blkpr: New command to run persistent reservations ioctls on a device.
* pipesz: New command to set or examine pipe and FIFO buffer sizes.
* waitpid: New command to wait for arbitrary processes.
* mount, libmount: Supports new file descriptors based mount kernel API.
* mount, libmount: New mount options X-mount.idmap=, X-mount.auto-fstypes,
X-mount.{owner,group,mode}=, rootcontext=@target.
* renice: Supports posix-compliant -n (via POSIXLY_CORRECT) and add a new
option --relative.
* dmesg: Supports subsecond granularity for --since and --until.
* dmesg: Option --level accepts '+' prefix or postfix for a level name to specify
all higher or all lower levels.
* blkid, libblkid: Supports bcachefs.
* fstrim: New option --types to filter out by filesystem types.
* lsblk: --nvme and --virtio are new options to filter out devices.
* lsblk: Improves detection of hotplug and removable status.
* nsenter: New option --env for allowing environment variables inheritance.
* namei: New option -Z to report SELinux contexts.
* Many other new features and fixes. For complete list see
https://kernel.org/pub/linux/utils/util-linux/v2.39/v2.39-ReleaseNotes
- Dropped upstreamed patches:
* fix-lib-internal-cache-size.patch
* util-linux-fix-tests-when-at-symbol-in-path.patch
* util-linux-honor-noclear-when-reprint-issue.patch
- Add upstream patch util-linux-fix-tests-with-64k-pagesize.patch
* Fixes fadvise tests for ppc64
==== util-linux-systemd ====
Version update (2.38.1 -> 2.39)
- Add patch to fix regression with mount options handling (gh#util-linux/util-linux#2326):
* 0001-libmount-fix-sync-options-between-context-and-fs-str.patch
- Set --disable-libmount-mountfd-support, it's very broken and needs
both util-linux and kernel fixes (gh#util-linux/util-linux#2287)
- UTIL_LINUX_FOUND_SYSTEMD_DEPS: make grep more robust
- util-linux-tty-tools: build together with systemd in preparation
of util-linux 2.40 together with systemd v254
- Upgrade to version 2.39:
* blkpr: New command to run persistent reservations ioctls on a device.
* pipesz: New command to set or examine pipe and FIFO buffer sizes.
* waitpid: New command to wait for arbitrary processes.
* mount, libmount: Supports new file descriptors based mount kernel API.
* mount, libmount: New mount options X-mount.idmap=, X-mount.auto-fstypes,
X-mount.{owner,group,mode}=, rootcontext=@target.
* renice: Supports posix-compliant -n (via POSIXLY_CORRECT) and add a new
option --relative.
* dmesg: Supports subsecond granularity for --since and --until.
* dmesg: Option --level accepts '+' prefix or postfix for a level name to specify
all higher or all lower levels.
* blkid, libblkid: Supports bcachefs.
* fstrim: New option --types to filter out by filesystem types.
* lsblk: --nvme and --virtio are new options to filter out devices.
* lsblk: Improves detection of hotplug and removable status.
* nsenter: New option --env for allowing environment variables inheritance.
* namei: New option -Z to report SELinux contexts.
* Many other new features and fixes. For complete list see
https://kernel.org/pub/linux/utils/util-linux/v2.39/v2.39-ReleaseNotes
- Dropped upstreamed patches:
* fix-lib-internal-cache-size.patch
* util-linux-fix-tests-when-at-symbol-in-path.patch
* util-linux-honor-noclear-when-reprint-issue.patch
- Add upstream patch util-linux-fix-tests-with-64k-pagesize.patch
* Fixes fadvise tests for ppc64
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
7zip (22.01 -> 23.01)
accountsservice (22.08.8 -> 23.13.9)
apparmor (3.1.5 -> 3.1.6)
bind (9.18.15 -> 9.18.16)
cups
health-checker (1.8 -> 1.9)
installation-images-MicroOS (17.88 -> 17.89)
kernel-firmware (20230531 -> 20230620)
libapparmor (3.1.5 -> 3.1.6)
libstorage-ng (4.5.120 -> 4.5.121)
man-pages-ja (20230115 -> 20230615)
mlterm (3.9.2 -> 3.9.3)
systemd
systemd-rpm-macros (23 -> 24)
wtmpdb (0.6.0 -> 0.7.0)
=== Details ===
==== 7zip ====
Version update (22.01 -> 23.01)
- Update to version 23.01:
* 7-Zip now can use new ARM64 filter for compression to 7z and xz archives.
ARM64 filter can increase compression ratio for data containing executable files
compiled for ARM64 (AArch64) architecture.
* Default section size for BCJ2 filter was changed from 64 MiB to 240 MiB. It
can increase compression ratio for executable files larger than 64 MiB.
* UDF: support was improved.
* cpio: support for hard links.
* Some changes and optimizations in WIM creation code.
* When new 7-Zip creates multivolume archive, 7-Zip keeps in open state only
volumes that still can be changed. Previous versions kept all volumes in open
state until the end of the archive creation.
* 7-Zip now can reduce the number of simultaneously open files, when
7-Zip opens, extracts or creates multivolume archive. It allows to avoid the
failures for cases with big number of volumes, bacause there is a limitation for
number of open files allowed for a single program in Linux.
* The bugs were fixed:
* ZIP archives: if multithreaded zip compression was performed with
more than one file to stdout stream (-so switch), 7-zip didn't write "data
descriptor" for some files.
* ext4 archives: 7-Zip couldn't correctly extract symbolic link to directory from ext4 archives.
* HFS and APFS archives: 7-Zip incorrectly decoded uncompressed blocks (64 KiB) in compressed forks.
* Some another bugs were fixed.
- Refresh fix-compatib-with-p7zip.patch
==== accountsservice ====
Version update (22.08.8 -> 23.13.9)
Subpackages: accountsservice-lang libaccountsservice0 typelib-1_0-AccountsService-1_0
- Update to version 23.13.9:
+ daemon: Fix boot delay
+ user-manager:
- Add cancellable to fetch user requests
- Track non-existent users
- Changes from version 23.11.69:
+ Add lightdm autologin support
+ user:
- Return an error when setting invalid language
- Throw a warning for invalid locales
- Support new LocalAccount property in cache file
- Replace usermod -p with chpasswd -e
+ main:
- Use new overridable USERDIR
- Use new overridable ICONDIR
- Use new overridable sysconfdir
+ daemon:
- Add GetUsersLanguages() function
- Don't crash if /etc/shadow doesn't exist
+ Updated translations.
- Rebase patches:
+ accountsservice-sysconfig.patch
+ accountsservice-filter-suse-accounts.patch
==== apparmor ====
Version update (3.1.5 -> 3.1.6)
Subpackages: apparmor-abstractions apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor
- update to AppArmor 3.1.6
- fix regression in mount rules (boo#1211989)
- some additions to the base and authentification abstractions
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6
for the full upstream changelog
==== bind ====
Version update (9.18.15 -> 9.18.16)
- Update to release 9.18.16
Security Fixes:
* The overmem cleaning process has been improved, to prevent the
cache from significantly exceeding the configured
max-cache-size limit. (CVE-2023-2828)
* A query that prioritizes stale data over lookup triggers a
fetch to refresh the stale data in cache. If the fetch is
aborted for exceeding the recursion quota, it was possible for
named to enter an infinite callback loop and crash due to stack
overflow. This has been fixed. (CVE-2023-2911)
New Features:
* The system test suite can now be executed with pytest (along
with pytest-xdist for parallel execution).
Removed Features:
* TKEY mode 2 (Diffie-Hellman Exchanged Keying) is now
deprecated, and will be removed in a future release. A warning
will be logged when the tkey-dhkey option is used in
named.conf.
Bug Fixes:
* BIND could get stuck on reconfiguration when a listen-on
statement for HTTP is removed from the configuration. That has
been fixed.
* Previously, it was possible for a delegation from cache to be
returned to the client after the stale-answer-client-timeout
duration. This has been fixed.
* BIND could allocate too big buffers when sending data via
stream-based DNS transports, leading to increased memory usage.
This has been fixed.
* When the stale-answer-enable option was enabled and the
stale-answer-client-timeout option was enabled and larger than
0, named previously allocated two slots from the
clients-per-query limit for each client and failed to gradually
auto-tune its value, as configured. This has been fixed.
==== cups ====
Subpackages: cups-client cups-config libcups2 libcupsimage2
- cups-2.4.2-CVE-2023-34241.patch fixes CVE-2023-34241
"use-after-free in cupsdAcceptClient()"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
bsc#1212230
==== health-checker ====
Version update (1.8 -> 1.9)
Subpackages: health-checker-plugins-MicroOS
- Update to version 1.9
* Fix failing subvolume mount checks with certain characters in
mount point [gh#openSUSE/health-checker#14].
==== installation-images-MicroOS ====
Version update (17.88 -> 17.89)
- merge gh#openSUSE/installation-images#649
- add shim, mokutil, and grub2-i386-efi to rescue system (bsc#1209985)
- add shim and grub2-i386-efi to rescue system (bsc#1209985)
- 17.89
==== kernel-firmware ====
Version update (20230531 -> 20230620)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd
- Update to version 20230620 (git commit 045b2136a619):
* amdgpu: update DMCUB to v0.0.172.0 for various AMDGPU ASICs
* fix broken cirrus firmware symlinks
* qcom: Update the microcode files for Adreno a630 GPUs.
* qcom: sdm845: rename the modem firmware
* qcom: sdm845: update remoteproc firmware
* rtl_bt: Update RTL8852A BT USB firmware to 0xDAC7_480D
* rtl_bt: Update RTL8852C BT USB firmware to 0x040D_7225
* amdgpu: DMCUB updates for various AMDGPU asics
* linux-firmware: update firmware for MT7922 WiFi device
* linux-firmware: update firmware for MT7921 WiFi device
* linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
* linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
* i915: Add HuC v8.5.0 for MTL
* mediatek: Update mt8195 SCP firmware to support hevc
- Drop obsoleted patch for WHENCE:
cirrus-WHENCE-link-fixes.patch
- Update aliases
==== libapparmor ====
Version update (3.1.5 -> 3.1.6)
- update to AppArmor 3.1.6
- fix regression in mount rules (boo#1211989)
- some additions to the base and authentification abstractions
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6
for the full upstream changelog
==== libstorage-ng ====
Version update (4.5.120 -> 4.5.121)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- merge gh#openSUSE/libstorage-ng#937
- query version of lsscsi (preparation for using json output)
- coding style
- extended documentation
- 4.5.121
==== man-pages-ja ====
Version update (20230115 -> 20230615)
- version update to 20230615
* Improved and updated manual pages
==== mlterm ====
Version update (3.9.2 -> 3.9.3)
Subpackages: mlterm-common mlterm-fcitx mlterm-sdl2
- version update to 3.9.3
* mlterm-wl supports xdg-decoration.
* Add --disable-compact-truecolor option to ./configure script.
* Add vte 0.68 API symbols to libvte compatible library.
* Add libvterm 0.2 API symbols to libvterm compatible library.
* Add --sdpr / simple_scrollbar_dpr option.
(https://github.com/arakiken/mlterm/issues/64)
* Set "COLORTERM=truecolor" environmental variable.
(https://github.com/arakiken/mlterm/issues/36)
* Update unicode property table (generated from UnicodeData.txt and
EastAsianWidth.txt) to version 15.0.0.
* Support mosh-1.4.0.
- deleted patches
- CVE-2022-24130-c_sixel.c-Fix-segmentation-fault-when-the-repeat-cou.patch (upstreamed)
- mlfc-Fix-crash-with-more-than-1024-font-faces-installed.patch (upstreamed)
- mlterm-Fix-buffer-overflow-with-long-plugin-suffix.patch (upstreamed)
- mlterm-SDL2-UI-also-needs-math-libs.patch (upstreamed)
- mlterm-wayland-Detect-compiler-flags.patch (upstreamed)
==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-coredump systemd-doc systemd-lang udev
- Make sure to pre-install the groups systemd and udev rely on. This is needed
when the tmpfiles are run at package installation time. Theoretically with
only "Requires(pre): group()", rpm is allowed to drop the group at the end of
the package installations hence let's keep "Requires: group()" dep.
Note: this is also needed when (post)file-triggers are enabled due to the
current limitation of the default libzypp transaction backend.
- file-triggers: fix lua trigger priority for sysusers (bsc#1212376)
A single digit in the priority used for sysusers got dropped somehow and
upstream commit cd621954ed643c6ee0d869132293e26056a48826 forgot to restore it
in the lua implementation.
- file-triggers: skip the call to systemd-tmpfiles in chroot too. That way we
ensure that packages that really need the tmpfiles in advance use the right
API which is %tmpfiles_create_package.
- file-triggers: to be consistent with what we already does with tmpfiles, we
skip the call to systemd-sysusers and delay system user creations until the
next reboot.
- Temporarily add
5002-Revert-core-service-when-resetting-PID-also-reset-kn.patch until it's
backported to the next stable release
See https://github.com/systemd/systemd/pull/28000
==== systemd-rpm-macros ====
Version update (23 -> 24)
- Bump to version 24
- Drop %tmpfiles_create_package
It can't work during transactional updates because the paths that
systemd-tmpfiles usually operates on (such as /var) can't be changed. It
appears that the only user of this macro doesn't really need this macro so
let's drop it.
- Drop %sysusers_create_inline
It's deprecated and the only user of this macro is being converted to
%sysusers_create_package. So drop it now before the deprecated macro attracts
more users.
- Unlike systemd-tmpfiles call in %tmpfiles_create_package(), systemd-sysusers
must always be called by %sysusers_create_package() even on transactional
systems since it's part of the macro contract. Writing to /etc is not
recommended on such systems but it has to work anyways.
==== wtmpdb ====
Version update (0.6.0 -> 0.7.0)
Subpackages: libwtmpdb0
- Update to version 0.7.0
- wtmpdb rotate: use sqlite3_bind_* internal
- wtmpdb last: Implement -x, -d, -i and -w options
1
0