Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
Mesa (23.0.3 -> 23.1.2)
Mesa-drivers (23.0.3 -> 23.1.2)
MozillaFirefox (113.0.2 -> 114.0.1)
apparmor (3.1.4 -> 3.1.5)
attica-qt5 (5.106.0 -> 5.107.0)
baloo5 (5.106.0 -> 5.107.0)
bluez-qt (5.106.0 -> 5.107.0)
breeze5-icons (5.106.0 -> 5.107.0)
cracklib (2.9.8 -> 2.9.11)
frameworkintegration (5.106.0 -> 5.107.0)
fuse3 (3.14.1 -> 3.15.0)
hwdata (0.370 -> 0.371)
kactivities-stats (5.106.0 -> 5.107.0)
kactivities5 (5.106.0 -> 5.107.0)
karchive (5.106.0 -> 5.107.0)
kauth (5.106.0 -> 5.107.0)
kbookmarks (5.106.0 -> 5.107.0)
kcmutils (5.106.0 -> 5.107.0)
kcodecs (5.106.0 -> 5.107.0)
kcompletion (5.106.0 -> 5.107.0)
kconfig (5.106.0 -> 5.107.0)
kconfigwidgets (5.106.0 -> 5.107.0)
kcoreaddons (5.106.0 -> 5.107.0)
kcrash (5.106.0 -> 5.107.0)
kdbusaddons (5.106.0 -> 5.107.0)
kdeclarative (5.106.0 -> 5.107.0)
kded (5.106.0 -> 5.107.0)
kdelibs4support (5.106.0 -> 5.107.0)
kdesu (5.106.0 -> 5.107.0)
kdnssd-framework (5.106.0 -> 5.107.0)
kdoctools (5.106.0 -> 5.107.0)
kfilemetadata5 (5.106.0 -> 5.107.0)
kglobalaccel (5.106.0 -> 5.107.0)
kguiaddons (5.106.0 -> 5.107.0)
kholidays (5.106.0 -> 5.107.0)
khtml (5.106.0 -> 5.107.0)
ki18n (5.106.0 -> 5.107.0)
kiconthemes (5.106.0 -> 5.107.0)
kidletime (5.106.0 -> 5.107.0)
kimageformats (5.106.0 -> 5.107.0)
kinit (5.106.0 -> 5.107.0)
kio (5.106.0 -> 5.107.0)
kirigami2 (5.106.0 -> 5.107.0)
kitemmodels (5.106.0 -> 5.107.0)
kitemviews (5.106.0 -> 5.107.0)
kjobwidgets (5.106.0 -> 5.107.0)
kjs (5.106.0 -> 5.107.0)
knewstuff (5.106.0 -> 5.107.0)
knotifications (5.106.0 -> 5.107.0)
knotifyconfig (5.106.0 -> 5.107.0)
kpackage (5.106.0 -> 5.107.0)
kparts (5.106.0 -> 5.107.0)
kpeople5 (5.106.0 -> 5.107.0)
kpty (5.106.0 -> 5.107.0)
kquickcharts (5.106.0 -> 5.107.0)
krunner (5.106.0 -> 5.107.0)
kservice (5.106.0 -> 5.107.0)
ktexteditor (5.106.0 -> 5.107.0)
ktextwidgets (5.106.0 -> 5.107.0)
kunitconversion (5.106.0 -> 5.107.0)
kwallet (5.106.0 -> 5.107.0)
kwayland (5.106.0 -> 5.107.0)
kwidgetsaddons (5.106.0 -> 5.107.0)
kwindowsystem (5.106.0 -> 5.107.0)
kxmlgui (5.106.0 -> 5.107.0)
libKF5ModemManagerQt (5.106.0 -> 5.107.0)
libKF5NetworkManagerQt (5.106.0 -> 5.107.0)
libapparmor (3.1.4 -> 3.1.5)
libjxl
libqt5-qtdeclarative (5.15.9+kde25 -> 5.15.9+kde26)
libstorage-ng (4.5.116 -> 4.5.118)
mozilla-nss
pcsc-lite (1.9.9 -> 2.0.0)
plasma-framework (5.106.0 -> 5.107.0)
prison-qt5 (5.106.0 -> 5.107.0)
publicsuffix (20230426 -> 20230607)
purpose (5.106.0 -> 5.107.0)
python-dbus-python
python-gevent
python-hiredis
python-pymongo
qqc2-desktop-style (5.106.0 -> 5.107.0)
samba (4.18.1+git.298.4ccf830b2a4 -> 4.18.3+git.303.c08b73d523c)
solid (5.106.0 -> 5.107.0)
sonnet (5.106.0 -> 5.107.0)
syndication (5.106.0 -> 5.107.0)
syntax-highlighting (5.106.0 -> 5.107.0)
systemd (253.4 -> 253.5)
threadweaver (5.106.0 -> 5.107.0)
wireless-regdb (20230503 -> 20230601)
xrdb (1.2.1 -> 1.2.2)
xwayland (23.1.1 -> 23.1.2)
zchunk (1.3.0 -> 1.3.1)
=== Details ===
==== Mesa ====
Version update (23.0.3 -> 23.1.2)
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1
- Update to bugfix release 23.1.2
- needed to fix build of Mesa 23.1
* Mesa-drivers: -Dshader-cache=enabled
* Mesa: -Dxlib-lease=enabled
* recommended for both Mesa and Mesa-drivers to avoid some scary messages when
comparing fds: -Dallow-kcmp=enabled
- Credits for figuring this out go to "llyyr" <llyyr.public(a)gmail.com>
- gbm files are no longer needed to be removed manually for -drivers build
- VDPAU support for r300 has been dropped with Mesa 23.1
- supersedes n_no-sse2-on-ix86-except-for-intel-drivers.patch
- Update to bugfix release 23.1.1
- adjusted u_dep_xcb.patch
- Update to 23.1.0
* new feature release
* some highlights
+ Our OpenCL implementation Rusticl added support for AMD GPUs.
+ Both ANV (Intel) and RADV (AMD) got initial support for Vulkan Video
decoding.
+ Vulkan Graphics Pipeline Libraries (GPL) are now supported in RADV.
- adjusted n_stop-iris-flicker.patch
- supersedes U_ReturnME.patch
- meson option "-Ddri-drivers" has been removed; wasn't used any
longer by us --> killed it
==== Mesa-drivers ====
Version update (23.0.3 -> 23.1.2)
Subpackages: Mesa-dri Mesa-gallium Mesa-libva
- Update to bugfix release 23.1.2
- needed to fix build of Mesa 23.1
* Mesa-drivers: -Dshader-cache=enabled
* Mesa: -Dxlib-lease=enabled
* recommended for both Mesa and Mesa-drivers to avoid some scary messages when
comparing fds: -Dallow-kcmp=enabled
- Credits for figuring this out go to "llyyr" <llyyr.public(a)gmail.com>
- gbm files are no longer needed to be removed manually for -drivers build
- VDPAU support for r300 has been dropped with Mesa 23.1
- supersedes n_no-sse2-on-ix86-except-for-intel-drivers.patch
- Update to bugfix release 23.1.1
- adjusted u_dep_xcb.patch
- Update to 23.1.0
* new feature release
* some highlights
+ Our OpenCL implementation Rusticl added support for AMD GPUs.
+ Both ANV (Intel) and RADV (AMD) got initial support for Vulkan Video
decoding.
+ Vulkan Graphics Pipeline Libraries (GPL) are now supported in RADV.
- adjusted n_stop-iris-flicker.patch
- supersedes U_ReturnME.patch
- meson option "-Ddri-drivers" has been removed; wasn't used any
longer by us --> killed it
==== MozillaFirefox ====
Version update (113.0.2 -> 114.0.1)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 114.0.1
* Fix a startup crash (bmo#1837201, boo#1212101)
- Only install vaapitest for wayland-enabled builds, where it gets built
- Rebase mozilla-silence-no-return-type.patch
- Rebase s390x-patches, and remove obsolete patches:
mozilla-bmo1005535.patch mozilla-s390x-skia-gradient.patch
- Mozilla Firefox 114.0
MFSA 2023-20 (bsc#1211922)
* CVE-2023-34414 (bmo#1695986)
Click-jacking certificate exceptions through rendering lag
* CVE-2023-34415 (bmo#1811999)
Site-isolation bypass on sites that allow open redirects to
data: urls
* CVE-2023-34416 (bmo#1752703, bmo#1818394, bmo#1826875,
bmo#1827340, bmo#1827655, bmo#1828065, bmo#1830190,
bmo#1830206, bmo#1830795, bmo#1833339)
Memory safety bugs fixed in Firefox 114 and Firefox ESR
102.12
* CVE-2023-34417 (bmo#1746447, bmo#1820903, bmo#1832832)
Memory safety bugs fixed in Firefox 114
* New: Added UI to manage the DNS over HTTPS exception list.
(bmo#1596847)
* New: Bookmarks can now be searched from the Bookmarks menu.
The Bookmarks menu is accessible by adding the *Bookmarks
menu* button to the toolbar. (bmo#1736937)
* New: Restrict searches to your local browsing history by
selecting *Search history* from the History, Library or
Application menu buttons. (bmo#1736939)
* New: Mac users can now capture video from their cameras in
all supported native resolutions. This enables resolutions
higher than 1280x720. (bmo#1806604)
* New: It is now possible to reorder the extensions listed in
the extensions panel. (bmo#1805924)
* New: Users on macOS, Linux, and Windows 7 can now use FIDO2 /
WebAuthn authenticators over USB. Some advanced features,
such as fully passwordless logins, require a PIN to be set on
the authenticator. (bmo#1814487)
* New: Pocket Recommended content can now be seen in France,
Italy, and Spain. (bmo#None)
* Changed: DNS over HTTPS settings are now part of the
* Privacy & Security* section of the *Settings* page and allow
the user to choose from all the supported modes.
(bmo#1610741)
* HTML5: DOM: Added support for ES Modules on DedicatedWorker
and SharedWorker
* HTML5: WebTransport is now enabled by default and will be
going to release with 114. As the original Explainer notes,
it enables multiple use-cases that are hard or impossible to
handle without it, especially for Gaming and live streaming.
It covers cases that are problematic for alternative
mechanisms, such as WebSockets.
Built on top of HTTP3 (HTTP2 support will be coming later).
The current implementation in Firefox is passing 505 out of
565 Web-Platform Tests.
* HTML5: CSS: The `infinity` and `NaN` constants are now
supported inside the `calc()` function. (bmo#1830759)
* Developer: The *Copy as cURL* feature, available in the
Network panel, has been enhanced. It now supports the
- `-compressed` argument. (bmo#1776120)
* Developer: The Accessibility Inspector has been improved to
accurately recognize all the ARIA roles like `banner`,
`main`, `navigation`, and `contentinfo`, etc. This
enhancement is particularly beneficial for web developers
working with ARIA roles to improve web accessibility.
(bmo#1572512)
* Developer: Firefox now provides support for the CSS Cascading
Level 4 `supports()` syntax for `@import` rules. This allows
for the importation of other stylesheets based on support-
dependency. In addition, the Inspector panel now accurately
displays the conditions at the top of the imported rule.
- requires NSS 3.89.1
==== apparmor ====
Version update (3.1.4 -> 3.1.5)
Subpackages: apparmor-abstractions apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor
- update to AppArmor 3.1.5
- fix handling of mount rules in apparmor_parser
- minor additions to abstractions/base and snap_browsers
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.5
for the full upstream changelog
- remove upstreamed aa-status-fix-json-mr1046.patch
- split off apparmor-enable-precompiled-cache.diff from
apparmor-enable-profile-cache.diff so that the precompiled cache
path doesn't get added in parser.conf for Tumbleweed builds.
This prevents a warning about the non-existing directory when
loading profiles.
==== attica-qt5 ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5Attica5
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== baloo5 ====
Version update (5.106.0 -> 5.107.0)
Subpackages: baloo5-file baloo5-file-lang baloo5-imports baloo5-kioslaves baloo5-kioslaves-lang baloo5-tools baloo5-tools-lang libKF5Baloo5 libKF5BalooEngine5 libKF5BalooEngine5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- Changes since 5.106.0:
* Use common helper for Property/JSON conversion
* Don't install D-Bus interfaces without BUILD_INDEXER_SERVICE
* Make building of the service optional, add packaging documentation
* Minor fixes for DocumentUrlDB::updateUrl method
* [IdTreeDB] Consolidate put/del into common set
* [MetadataMoverTest] Add some more test documentation
* Remove dead code paths from DocumentUrlDB::del
* Cleanup some leftover stale code
* Use more RAII in unit tests
* port to standard C++ smart pointers where possible
* Add some documentation for DocumentDB/DocumentIdDB
* [balooshow] Improve display of property and plaintext terms
* Move KFileMetaData documentation reference up
==== bluez-qt ====
Version update (5.106.0 -> 5.107.0)
Subpackages: bluez-qt-imports bluez-qt-udev libKF5BluezQt6
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== breeze5-icons ====
Version update (5.106.0 -> 5.107.0)
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== cracklib ====
Version update (2.9.8 -> 2.9.11)
Subpackages: libcrack2
- version update to 2.9.11
* Merge fedora patches and man pages
* Fix missing files in dist tarball, other automake fixes (Leandro Nini)
* Fix error handling during build of dictionary (yixiangzhike)
* Fix to localization support (A. Wilcox, nekopsykose)
* Fix to test utilities (Alexander Kanavin)
* Translation updates from weblate
* python: adjust include path for builddir by @thesamesam in #61
* Make buffer static and avoid returning stack-allocated memory by @drfiemost in #63
- modified patches
% 0002-cracklib-2.9.2-visibility.patch (refreshed)
==== frameworkintegration ====
Version update (5.106.0 -> 5.107.0)
Subpackages: frameworkintegration-plugin libKF5Style5
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== fuse3 ====
Version update (3.14.1 -> 3.15.0)
Subpackages: libfuse3-3
- Update to release 3.15.0
* Improved support for some less common systems (32-bit,
alternative libcs)
* Unsupported mount options are no longer silently accepted.
* auto_unmount is now compatible with allow_other.
==== hwdata ====
Version update (0.370 -> 0.371)
- update to 0.371:
* Update pci, usb and vendor ids
==== kactivities-stats ====
Version update (5.106.0 -> 5.107.0)
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kactivities5 ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kactivities5-imports libKF5Activities5
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== karchive ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5Archive5 libKF5Archive5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kauth ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5Auth5 libKF5Auth5-lang libKF5AuthCore5
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kbookmarks ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5Bookmarks5 libKF5Bookmarks5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kcmutils ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kcmutils-imports libKF5KCMUtils5 libKF5KCMUtils5-lang libKF5KCMUtilsCore5
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kcodecs ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5Codecs5 libKF5Codecs5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kcompletion ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5Completion5 libKF5Completion5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kconfig ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kconf_update5 libKF5ConfigCore5 libKF5ConfigCore5-lang libKF5ConfigGui5 libKF5ConfigQml5
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kconfigwidgets ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5ConfigWidgets5 libKF5ConfigWidgets5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- Changes since 5.106.0:
* KColorSchemeMenu: Remove accelerator markers from scheme name
* Give KColorSchemeMenu namespace a short description
* Fixup: Pass scheme name - not path - to KColorSchemeManager::indexForScheme
* Split menu creating functionality out of KColorSchemeManager
==== kcoreaddons ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kcoreaddons-lang libKF5CoreAddons5
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- Changes since 5.106.0:
* use fcntl to fix macOS compile
==== kcrash ====
Version update (5.106.0 -> 5.107.0)
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kdbusaddons ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kdbusaddons-tools libKF5DBusAddons5 libKF5DBusAddons5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kdeclarative ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kdeclarative-components libKF5CalendarEvents5 libKF5Declarative5 libKF5Declarative5-lang libKF5QuickAddons5
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kded ====
Version update (5.106.0 -> 5.107.0)
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kdelibs4support ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kdelibs4support-lang libKF5KDELibs4Support5
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- Changes since 5.106.0:
* kssl: Update for LibreSSL 3.7
==== kdesu ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5Su5 libKF5Su5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kdnssd-framework ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5DNSSD5 libKF5DNSSD5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kdoctools ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kdoctools-lang libKF5DocTools5
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- Changes since 5.106.0:
* Add Arabic Support
==== kfilemetadata5 ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kfilemetadata5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- Changes since 5.106.0:
* Cleanup property name/id mapping test
* Add method to export list of all Property names.
* Reduce PropertyInfo construction overhead
* Add benchmark for PropertyInfo instantiation
* Fix build with exiv2 >= 0.28
==== kglobalaccel ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kglobalaccel5 libKF5GlobalAccel5 libKF5GlobalAccel5-lang libKF5GlobalAccelPrivate5
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kguiaddons ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5GuiAddons5
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kholidays ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5Holidays5 libKF5Holidays5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- Changes since 5.106.0:
* Significantly speed up HolidayRegion::defaultRegionCode()
==== khtml ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5KHtml5 libKF5KHtml5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== ki18n ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5I18n5 libKF5I18n5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kiconthemes ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5IconThemes5 libKF5IconThemes5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- Changes since 5.106.0:
* KIconTheme: allow to also fallback to Breeze-dark when set through QPA
==== kidletime ====
Version update (5.106.0 -> 5.107.0)
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kimageformats ====
Version update (5.106.0 -> 5.107.0)
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- Changes since 5.106.0:
* pcx: multiple fixes (2)
* Avoid unnecessary conversions
* RGB/SGI writer: fix alpha detection and image limit size
* TGA writer: fix alpha detection and performance improvements
* pcx: multiple fixes
* PCX: Fix reading of the extended palette (kde#463951)
==== kinit ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kinit-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kio ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kio-core kio-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- Changes since 5.106.0:
* Deprecate KIO::AccessManager and related classes
* Enable thumbnail caching if thumbnail directory is on an encrypted volume
* KdirLister: update symlink dir content on file removal (kde#469254)
* Polish menu before creating platform window
==== kirigami2 ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kirigami2-lang libKF5Kirigami2-5
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- Changes since 5.106.0:
* ActionTextField: Disable shortcut for invisible and disabled text fields
* BasicListItemTest: Guard against nullable background in ScrollView
* Fix tst_basiclistitem_tooltip
* Make it possible to disable BasicListItem tooltip
* Fix almost all links in the KF5 Kirigami docs
* Fix painting of non-symbolic icons which are fallbacks for symbolic (kde#451538)
==== kitemmodels ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kitemmodels-imports libKF5ItemModels5
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- Changes since 5.106.0:
* Preserve numeric sort roles as well
==== kitemviews ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5ItemViews5 libKF5ItemViews5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kjobwidgets ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5JobWidgets5 libKF5JobWidgets5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kjs ====
Version update (5.106.0 -> 5.107.0)
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== knewstuff ====
Version update (5.106.0 -> 5.107.0)
Subpackages: knewstuff-imports libKF5NewStuff5 libKF5NewStuff5-lang libKF5NewStuffCore5 libKF5NewStuffWidgets5
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- Changes since 5.106.0:
* Remove KF5TextWidgets remnants
==== knotifications ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5Notifications5 libKF5Notifications5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== knotifyconfig ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5NotifyConfig5 libKF5NotifyConfig5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kpackage ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kpackage-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kparts ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5Parts5 libKF5Parts5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- Changes since 5.106.0:
* PartLoader::createPartInstanceForMimeType(): Avoid compiler detected null pointer access
==== kpeople5 ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kpeople5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kpty ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5Pty5 libKF5Pty5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kquickcharts ====
Version update (5.106.0 -> 5.107.0)
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== krunner ====
Version update (5.106.0 -> 5.107.0)
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kservice ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kservice-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== ktexteditor ====
Version update (5.106.0 -> 5.107.0)
Subpackages: ktexteditor-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- Changes since 5.106.0:
* Add missing includes
* Fix incorrect lineHeight for drag pixmap (kde#468196)
==== ktextwidgets ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5TextWidgets5 libKF5TextWidgets5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kunitconversion ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5UnitConversion5 libKF5UnitConversion5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kwallet ====
Version update (5.106.0 -> 5.107.0)
Subpackages: kwallet-tools kwallet-tools-lang kwalletd5 kwalletd5-lang libKF5Wallet5 libkwalletbackend5-5
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kwayland ====
Version update (5.106.0 -> 5.107.0)
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kwidgetsaddons ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5WidgetsAddons5 libKF5WidgetsAddons5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kwindowsystem ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5WindowSystem5 libKF5WindowSystem5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== kxmlgui ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5XmlGui5 libKF5XmlGui5-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== libKF5ModemManagerQt ====
Version update (5.106.0 -> 5.107.0)
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== libKF5NetworkManagerQt ====
Version update (5.106.0 -> 5.107.0)
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== libapparmor ====
Version update (3.1.4 -> 3.1.5)
- update to AppArmor 3.1.5
- fix handling of mount rules in apparmor_parser
- minor additions to abstractions/base and snap_browsers
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.5
for the full upstream changelog
- remove upstreamed aa-status-fix-json-mr1046.patch
- split off apparmor-enable-precompiled-cache.diff from
apparmor-enable-profile-cache.diff so that the precompiled cache
path doesn't get added in parser.conf for Tumbleweed builds.
This prevents a warning about the non-existing directory when
loading profiles.
==== libjxl ====
- Build package in correct phase
- Use macros for ldconfig
==== libqt5-qtdeclarative ====
Version update (5.15.9+kde25 -> 5.15.9+kde26)
- Update to version 5.15.9+kde26:
* qml tool: Use QCommandLineParser::process() rather than parse()
- Add patch to fix crash on aarch64 (boo#1211628, QTBUG-111935):
* 0001-JIT-Add-missing-STORE-LOAD-_ACC-to-CreateCallContext.patch
==== libstorage-ng ====
Version update (4.5.116 -> 4.5.118)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- merge gh#openSUSE/libstorage-ng#934
- handle mkfs options also for swap
- 4.5.118
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.117
==== mozilla-nss ====
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs
- FIPS: Merge the libfreebl3-hmac and libsoftokn3-hmac packages
into the respective libraries. [bsc#1185116]
==== pcsc-lite ====
Version update (1.9.9 -> 2.0.0)
Subpackages: libpcsclite1
- Version 2.0.0
* Adjust USB drivers path at run-time via environment variable PCSCLITE_HP_DROPDIR
* Add '--disable-polkit' option
* Reset eventCounter when a reader is removed
* Add "polkit" in "pcscd -v" output if enabled
* Doxygen: document SCARD_E_INVALID_VALUE for some functions
* use secure_getenv(3) if available
* Some other minor improvements
==== plasma-framework ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5Plasma5 plasma-framework-components plasma-framework-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== prison-qt5 ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5Prison5 prison-qt5-imports
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- Changes since 5.106.0:
* Add EAN13 support
* Factor out code for interfacing with ZXing for barcode generation
==== publicsuffix ====
Version update (20230426 -> 20230607)
- Update to version 20230607:
* util: gTLD data autopull updates for 2023-06-07T15:13:30 UTC (#1772)
* Add test workflow (#1750)
* Update of gov.pl labels (#1752)
==== purpose ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5Purpose5 libKF5PurposeWidgets5 purpose-lang
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== python-dbus-python ====
- Add %{?sle15_python_module_pythons}
==== python-gevent ====
- skip test__util.py in s390x arch
==== python-hiredis ====
- Add %{?sle15_python_module_pythons}
==== python-pymongo ====
- Add %{?sle15_python_module_pythons}
==== qqc2-desktop-style ====
Version update (5.106.0 -> 5.107.0)
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== samba ====
Version update (4.18.1+git.298.4ccf830b2a4 -> 4.18.3+git.303.c08b73d523c)
Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-libs samba-libs samba-libs-python3 samba-python3
- Update to 4.18.3
* Symlinks to files can have random DOS mode information in a
directory listing; (bso#15375).
* vfs_fruit might cause a failing open for delete; (bso#15378).
* winbind recurses into itself via rpcd_lsad; (bso#15361).
* wbinfo -u fails on ad dc with >1000 users; (bso#15366).
* DS ACEs might be inherited to unrelated object classes;
(bso#15338).
* a lot of messages: get_static_share_mode_data:
get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND;
(bso#15362).
* aes256 smb3 encryption algorithms are not allowed in
smb3_sid_parse(); (bso#15374).
* Setting veto files = /.*/ break listing directories;
(bso#15360).
* "samba-tool domain provision" does not run interactive mode
if no arguments are given; (bso#15363).
* dsgetdcname: assumes local system uses IPv4; (bso#15325).
- Update to 4.18.2
* Log flood: smbd_calculate_access_mask_fsp: Access denied:
message level should be lower; (bso#15302).
* Floating point exception (FPE) via cli_pull_send at
source3/libsmb/clireadwrite.c; (bso#15306).
* test_tstream_more_tcp_user_timeout_spin fails intermittently
on Rackspace GitLab runners; (bso#15328).
* Reduce flapping of ridalloc test; (bso#15329).
* large_ldap test is unreliable; (bso#15351).
* New filename parser doesn't check veto files smb.conf
parameter; (bso#15143).
* mdssvc may crash when initializing; (bso#15354).
* large directory optimization broken for non-lcomp path
elements; (bso#15313).
* streams_depot fails to create streams; (bso#15357).
* shadow_copy2 and streams_depot don't play well together;
(bso#15358).
* Flapping tests in samba_tool_drs_show_repl.py; (bso#15316).
* winbindd idmap child contacts the domain controller without a
need; (bso#15317).
* idmap_autorid may fail to map sids of trusted domains for the
first time; (bso#15318).
* idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings;
(bso#15319).
* net ads search -P doesn't work against servers in other
domains; (bso#15323).
* Temporary smbXsrv_tcon_global.tdb can't be parsed;
(bso#15353).
* Tests use depricated and removed methods like
assertRegexpMatches; (bso#15343).
==== solid ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5Solid5 libKF5Solid5-lang solid-imports solid-tools
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== sonnet ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5SonnetCore5 libKF5SonnetCore5-lang libKF5SonnetUi5 sonnet-imports
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== syndication ====
Version update (5.106.0 -> 5.107.0)
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== syntax-highlighting ====
Version update (5.106.0 -> 5.107.0)
Subpackages: libKF5SyntaxHighlighting5 libKF5SyntaxHighlighting5-lang syntax-highlighting-imports
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== systemd ====
Version update (253.4 -> 253.5)
Subpackages: libsystemd0 libudev1 systemd-coredump systemd-doc systemd-lang udev
- Import commit 07bb12a282b0ea378850934c4a76008b448b8bad (merge of v253.5)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/25aec157888f7aa9a36726962fcbbf2…
- Reexecute user managers on package updates.
For now we send signal to user instances to trigger their reexecution. It's
asynchronous but it shouldn't cause any problem in practice and it's probably
safer than triggering reexecution with "systemctl --user -M 1000@
daemon-reexec" command. The latter command creates a new PAM session behind
the scene bringing with it the known issue (upstream issue #8598) with
"(sd-pam)" helper process when the PAM session is being closed.
==== threadweaver ====
Version update (5.106.0 -> 5.107.0)
- Update to 5.107.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.107.0
- No code change since 5.106.0
==== wireless-regdb ====
Version update (20230503 -> 20230601)
- Update to version 20230601:
* wireless-regdb: Update regulatory rules for Philippines (PH)
==== xrdb ====
Version update (1.2.1 -> 1.2.2)
- Updat to version 1.2.2
* gitlab CI: add a basic build test
* gitlab CI: stop requiring Signed-off-by in commits
* Variable scope reduction as recommended by cppcheck
* Use C99 struct initialization
* Rename variable 'dup' to avoid shadowing dup() function
* Fallback asprintf: don't truncate output that has a \0 in string
* configure: raise minimum autoconf requirement to 2.70
==== xwayland ====
Version update (23.1.1 -> 23.1.2)
- Update to version 23.1.2
* This release includes improved DMA-BUF v4 feedback support for
direct scanout, relaxed CVT modes for non-standard modes, fixes
for the CHERI/Morello platform and other various fixes.
==== zchunk ====
Version update (1.3.0 -> 1.3.1)
- update to 1.3.1:
* Fix read off-by-one bug in compressed int function
* Handle read-data errors correctly
* Ensure memory is freed when zrealloc is called with size 0
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
baloo5-widgets (23.04.1 -> 23.04.2)
dolphin (23.04.1 -> 23.04.2)
ffmpegthumbs (23.04.1 -> 23.04.2)
filelight (23.04.1 -> 23.04.2)
ibus-libpinyin (1.15.2 -> 1.15.3)
kaccounts-integration (23.04.1 -> 23.04.2)
kaccounts-providers (23.04.1 -> 23.04.2)
kate (23.04.1 -> 23.04.2)
kde-print-manager (23.04.1 -> 23.04.2)
kdegraphics-thumbnailers (23.04.1 -> 23.04.2)
kdenetwork-filesharing (23.04.1 -> 23.04.2)
kdialog (23.04.1 -> 23.04.2)
khelpcenter5 (23.04.1 -> 23.04.2)
kio-extras5 (23.04.1 -> 23.04.2)
konsole (23.04.1 -> 23.04.2)
kwalletmanager5 (23.04.1 -> 23.04.2)
libimobiledevice (1.3.0+git.20210921 -> 1.3.0+179git.20230430)
libimobiledevice-glue (0~git.20210925 -> 1.0.0+git3.20230513)
libkdcraw (23.04.1 -> 23.04.2)
libkexiv2 (23.04.1 -> 23.04.2)
libselinux-bindings
mobipocket (23.04.1 -> 23.04.2)
mpfr
orc (0.4.33 -> 0.4.34)
perl (5.36.0 -> 5.36.1)
pinentry
pinentry-gui
qpdf (11.3.0 -> 11.4.0)
signon-kwallet-extension (23.04.1 -> 23.04.2)
spectacle (23.04.1 -> 23.04.2)
wayland-utils (1.1.0 -> 1.2.0)
=== Details ===
==== baloo5-widgets ====
Version update (23.04.1 -> 23.04.2)
Subpackages: baloo5-widgets-lang
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- Changes since 23.04.1:
* Allow FileMetata properties on desktop and recentlyused (kde#460117)
==== dolphin ====
Version update (23.04.1 -> 23.04.2)
Subpackages: dolphin-part dolphin-part-lang libdolphinvcs5
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- Changes since 23.04.1:
* Revert "Restrict attaching instances to those on the same activity or same virtual desktop" (kde#408919)
==== ffmpegthumbs ====
Version update (23.04.1 -> 23.04.2)
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- No code change since 23.04.1
==== filelight ====
Version update (23.04.1 -> 23.04.2)
Subpackages: filelight-lang
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- No code change since 23.04.1
==== ibus-libpinyin ====
Version update (1.15.2 -> 1.15.3)
- Update version to 1.15.3
* Fix English mode in Full Pinyin
==== kaccounts-integration ====
Version update (23.04.1 -> 23.04.2)
Subpackages: kaccounts-integration-lang libkaccounts2
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- No code change since 23.04.1
==== kaccounts-providers ====
Version update (23.04.1 -> 23.04.2)
Subpackages: kaccounts-providers-lang
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- No code change since 23.04.1
==== kate ====
Version update (23.04.1 -> 23.04.2)
Subpackages: kate-lang kate-plugins
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- Changes since 23.04.1:
* Fix double drive letters on "Run Current Doc" (kde#469340)
==== kde-print-manager ====
Version update (23.04.1 -> 23.04.2)
Subpackages: kde-print-manager-lang
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- No code change since 23.04.1
==== kdegraphics-thumbnailers ====
Version update (23.04.1 -> 23.04.2)
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- No code change since 23.04.1
==== kdenetwork-filesharing ====
Version update (23.04.1 -> 23.04.2)
Subpackages: kdenetwork-filesharing-lang
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- No code change since 23.04.1
==== kdialog ====
Version update (23.04.1 -> 23.04.2)
Subpackages: kdialog-lang
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- No code change since 23.04.1
==== khelpcenter5 ====
Version update (23.04.1 -> 23.04.2)
Subpackages: khelpcenter5-lang
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- No code change since 23.04.1
==== kio-extras5 ====
Version update (23.04.1 -> 23.04.2)
Subpackages: kio-extras5-lang libkioarchive5
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- No code change since 23.04.1
==== konsole ====
Version update (23.04.1 -> 23.04.2)
Subpackages: konsole-part konsole-part-lang
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- Changes since 23.04.1:
* Adjust selection point coords when scrollback shrinks (kde#470346)
* Add tests to check fix of invalid parent in profile
* Do not allow an invalid parent to be set in profiles (kde#467790)
==== kwalletmanager5 ====
Version update (23.04.1 -> 23.04.2)
Subpackages: kwalletmanager5-lang
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- No code change since 23.04.1
==== libimobiledevice ====
Version update (1.3.0+git.20210921 -> 1.3.0+179git.20230430)
- Update to version 1.3.0+179git.20230430:
* Updated to use latest libplist API changes
* installation_proxy: Handle BundleIDs in instproxy_client_options_add
* idevice: Fix connections to <= iOS 5 devices with OpenSSL 3
* idevicebackup2: Fix missing break in switch case statement
* tools/ideviceimagemounter: Notify user of missing Developer Mode on iOS 16+
* tools: Add idevicedevmodectl tool
* lockdown: Fix error parsing for older iOS versions
* Support OpenSSL built without OPENSSL_ENGINE
* idevicedebugserverproxy: Add support for 'qLaunchGDBServer' command of lldb
* idevice: Fix OpenSSL 3.0 internal error on read timeout
* tools: Fix idevicebackup2 option parsing for --password option
* idevicebackup2: Fix option parsing
* instproxy: Use synchronous mode when callbacks are NULL, as documented
* Add new idevice_events_subscribe/unsubscribe API with context
* Initial commit of working packet logger (idevicebtlogger)
* ideviceinfo: Make sure all error messages go to stderr
* tools: Use getopt for option parsing in all tools
* idevice: Fix mistreatment of 0-byte sent cases
* idevicebackup2: Allow passing backup password via environment variable
* idevicedebug: Add 'kill' command to kill a (debuggable) app by bundle ID
* Handle connection failures in debugserver_client_receive_response; also simplify the code
* Add timeout and interrupt handling to debugserver. Fix debugserver_client_handle_response
* idevicedebug: Process "Wxx" response as "exited with code xx"
* idevicecrashreport: Allow filtering crash reports by filename
* idevicedebugserverproxy: Allow binding to any available port
* idevicedebug: Gracefully fail on invalid bundle IDs
* tools: Correct misspelled directionary -> dictionary in function name
* diagnostics_relay: Check for errors after sending requests to service connection
* Add support for wireless pairing
* tools: Print meaningful error messages when service startup fails
* Add Reverse Proxy implementation
==== libimobiledevice-glue ====
Version update (0~git.20210925 -> 1.0.0+git3.20230513)
- Update to version 1.0.0+git3.20230513:
* Set minimum required libplist version to 2.3.0
* Remove plist-related code in favor of new libplist API
* termcolors: Rename COLOR_* macros to FG_* due to conflict with ncurses
* Updated README with pkg-config requirement
* utils: Use libplist's plist_from_memory instead of duplicating format detection
* Add support for Apple's OPACK encoding and TLV format
* utils: Fix bad malloc result check in buffer_read_from_filename and test arguments for NULL
==== libkdcraw ====
Version update (23.04.1 -> 23.04.2)
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- No code change since 23.04.1
==== libkexiv2 ====
Version update (23.04.1 -> 23.04.2)
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- Changes since 23.04.1:
* Fix build with exiv2 >= 0.28
==== libselinux-bindings ====
- allow building this with different python versions, to make this
usable for the new sle15 macro (using python3.11)
==== mobipocket ====
Version update (23.04.1 -> 23.04.2)
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- No code change since 23.04.1
==== mpfr ====
- Update mpfr-4.2.0-cummulative.patch, adds patches fixing the following bugs
* the mpfr_reldiff function, which computes |b-c|/b, is buggy on special
values, e.g. on the following (b,c) values: (+Inf,+Inf) gives ±0
instead of NaN (like NaN/Inf); (+0,+0) gives 1 instead of NaN (like 0/0);
(+0,1) gives 1 instead of Inf (like 1/0). Moreover, the sign of 0 for
(+Inf,+Inf) or (-Inf,-Inf) is not set, i.e. it is just the sign of the
destination before the call; as a consequence, results are not even
consistent.
* the reuse tests are incomplete: the sign of a result zero is not checked,
so that it can miss bugs (one of the mpfr_reldiff bugs mentioned above,
in particular).
* the general code for the power function (mpfr_pow_general internal
function) has two bugs in particular cases: the first one is an incorrect
computation of the error bound when there has been an intermediate
underflow or overflow (in such a case, the computation is performed
again with a rescaling, thus with an additional error term, but there is
a bug in the computation of this term), so that the result may be
rounded incorrectly (in particular, a spurious overflow is possible);
the second one occurs in a corner case (destination precision 1,
rounding to nearest, and where the rounded result assuming an unbounded
exponent range would be 2emin-2 and the exact result is larger than this
value), with the only consequence being a missing underflow exception
(the underflow flag is not set).
* the mpfr_compound_si function can take a huge amount of memory and time
in some cases (when the argument x is a large even integer and xn is
represented exactly in the target precision) and does not correctly
detect overflows and underflows
* MPFR can crash when a formatted output function is called with
%.2147483648Rg in the format string.
==== orc ====
Version update (0.4.33 -> 0.4.34)
- Update to version 0.4.34
+ Thread-safety improvements around orc codemem
allocation/freeing
+ Add orc_parse_code() with more detailed error reporting
+ Implement Orc function lazy initialization correctly via atomic
operations
+ orc program parser fixes and improvements
+ build fixes and compiler warning fixes
+ coverity and clang scan-build static code analysis fixes
+ meson: Do not always generate static library for test library
+ ci improvements
==== perl ====
Version update (5.36.0 -> 5.36.1)
Subpackages: perl-base
- update to perl 5.36.1 - maintenance release
* Module::CoreList has been upgraded from version 5.20220520 to 5.20230423.
* Fixed: An eval() as the last statement in a regex code block could trigger
an interpreter panic
* An eval EXPR referring to a lexical sub defined in grandparent scope no
longer produces an assertion failures.
* Writing to a magic variables associated with the selected output handle,
$^, $~, $=, $- and $%, no longer crashes perl if the IO object has been
cleared from the selected output handle.
==== pinentry ====
- Update signature file and keyring with latest ones from download
site, they were updated by another approved upstream maintainer.
==== pinentry-gui ====
Subpackages: pinentry-gnome3 pinentry-qt5
- Update signature file and keyring with latest ones from download
site, they were updated by another approved upstream maintainer.
==== qpdf ====
Version update (11.3.0 -> 11.4.0)
- version update to 11.4.0
CLI Enhancements
* The --optimize-images option now optimizes images inside of form XObjects.
Library Enhancements
* Allow QPDFJobâs workflow to be split into a reading phase and a writing
phase to allow the caller to operate on the QPDF object before it is written.
This adds methods QPDFJob::createQPDF and QPDFJob::writeQPDF and corresponding
C API functions qpdfjob_create_qpdf and qpdfjob_write_qpdf.
* Add QPDF::newReserved as a better alternative to QPDFObjectHandle::newReserved.
* If you add an uninitialized QPDFObjectHandle to an array, qpdf will throw a
logic_error. It has always been invalid to do this, but before, it wouldnât
have been caught until later.
Bug fixes
* Ignore an annotationâs appearance state when the annotation only has one
appearance. This prevents qpdfâs annotation flattening logic from throwing
away appearances of annotations whose annotation state is set incorrectly,
as has been seen in some PDF files.
==== signon-kwallet-extension ====
Version update (23.04.1 -> 23.04.2)
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- No code change since 23.04.1
==== spectacle ====
Version update (23.04.1 -> 23.04.2)
Subpackages: spectacle-lang
- Update to 23.04.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.2/
- Changes since 23.04.1:
* Fix the capture option panel width for some languages
==== wayland-utils ====
Version update (1.1.0 -> 1.2.0)
- Update to release 1.2.0
* Support for the drm-lease-v1 protocol.
* Improved linux_dmabuf v4 report now prints the DRM device
paths.
* Restored support for older versions (< 3) of linux_dmabuf.
* New command line option to restrict queries to specific
interfaces.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
apparmor
gtk4 (4.10.3 -> 4.10.4)
kdump (1.0.2+git50.g4b01402 -> 1.0.3)
libapparmor
libnettle (3.9 -> 3.9.1)
mozilla-nss (3.89 -> 3.89.1)
postfix (3.8.0 -> 3.8.1)
python-setuptools (67.7.2 -> 67.8.0)
rust-keylime
sushi (43.0 -> 44.2)
vte (0.72.1 -> 0.72.2)
yast2-storage-ng (4.6.10 -> 4.6.11)
=== Details ===
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor
- fix aa-status --json output (aa-status-fix-json-mr1046.patch,
boo#1211980#c12)
==== gtk4 ====
Version update (4.10.3 -> 4.10.4)
Subpackages: gtk4-lang gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0
- Update to version 4.10.4:
+ GtkFileChooser: Fix some memory leaks
+ GtkUriLauncher: Validate the uri
+ GtkStack: Fix a crash
+ GtkGridView: Respect css border-spacing
+ GtkScrolledWindow: Propagate child measure size whenever
possible
+ GtkPopoverMenu: Avoid unnecessary left padding
+ GtkSearchEntry: Improve size allocation for the clear icon
+ X11:
- Avoid black flickering with xwayland window decorations
- Trap XRandr errors
+ CSS: Various fixes to transitions
+ Updated translations.
- Drop patches fixed upstream:
+ fix-gridview.patch
+ gtk4-correctly-refresh-after-delete.patch
+ 966a2350.patch
==== kdump ====
Version update (1.0.2+git50.g4b01402 -> 1.0.3)
- bumped version update to v1.0.3
- Honor the KDUMP_VERBOSE setting in kdump-save
- fix distro prefix for ALP
- add calibrate values for ALP (copied from TW)
==== libapparmor ====
- fix aa-status --json output (aa-status-fix-json-mr1046.patch,
boo#1211980#c12)
==== libnettle ====
Version update (3.9 -> 3.9.1)
Subpackages: libhogweed6 libnettle8
- Include the nettle library manual in HTML and PDF formats in
the devel package.
- update to 3.9.1: [bsc#1212112]
* Fix bug in the new OCB code may be exploitable for denial of
service or worse due to memory corruption
==== mozilla-nss ====
Version update (3.89 -> 3.89.1)
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs
- update to NSS 3.89.1
* bmo#1804505 - Update the technical constraints for KamuSM.
* bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates.
==== postfix ====
Version update (3.8.0 -> 3.8.1)
- update to 3.8.1
* Optional: harden a Postfix SMTP server against remote SMTP
clients that violate RFC 2920 (or 5321) command pipelining
constraints. With "smtpd_forbid_unauth_pipelining = yes", the
server disconnects a client immediately, after responding with
"554 5.5.0 Error: SMTP protocol synchronization" and after
logging "improper command pipelining" with the unexpected remote
SMTP client input. This feature is disabled by default in Postfix
3.5-3.8 to avoid breaking home-grown utilities, but it is enabled
by default in Postfix 3.9. A similar feature is enabled by
default in the Exim SMTP server.
* Optional: some OS distributions crank up TLS security to 11,
and in doing so increase the number of plaintext email deliveries.
This introduces basic OpenSSL configuration file support that
may be used to override OS-level settings.
Details are in the postconf(5) manpage under tls_config_file
and tls_config_name.
* Bugfix (defect introduced: Postfix 1.0): the command "postconf
.. name=v1 .. name=v2 .." (multiple instances of the same
parameter name) created multiple main.cf name=value entries
with the same parameter name. It now logs a warning and skips
the earlier name(s) and value(s). Found during code maintenance.
* Bugfix (defect introduced: Postfix 3.3): the command "postconf
- M name1/type1='name2 type2 ...'" died with a segmentation
violation when the request matched multiple master.cf entries.
The master.cf file was not damaged. Problem reported by SATOH
Fumiyasu.
* Bugfix (defect introduced: Postfix 2.11): the command "postconf
- M name1/type1='name2 type2 ...'" could add a service definition
to master.cf that conflicted with an already existing service
definition. It now replaces all existing service definitions
that match the service pattern 'name1/type1' or the service
name and type in 'name2 type2 ...' with a single service
definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu.
* Bugfix (defect introduced: Postfix 3.8) the posttls-finger
command could access uninitialized memory when reconnecting.
This also fixes a malformed warning message when a destination
contains ":service" information. Reported by Thomas Korbar.
* Bugfix (defect introduced: Postfix 3.2): the MySQL client could
return "not found" instead of "error" (for example, resulting
in a 5XX SMTP status instead of 4XX) during the time that all
MySQL server connections were turned down after error. Found
during code maintenance. File: global/dict_mysql.c. This was
already fixed in Postfix 3.4-3.7.
==== python-setuptools ====
Version update (67.7.2 -> 67.8.0)
- Update to 67.8.0:
* #3128: In deprecated easy_install, reload and merge the pth file
before saving.
* #3915: Adequate tests to the latest changes in virtualenv for
Python 3.12.
==== rust-keylime ====
Subpackages: keylime-ima-policy
- Recommends the IMA Policy subpackage only if SELinux is configured
==== sushi ====
Version update (43.0 -> 44.2)
Subpackages: sushi-lang
- Update to version 44.2:
+ Fix loading certain documents in evince.
+ Updated translations.
==== vte ====
Version update (0.72.1 -> 0.72.2)
Subpackages: libvte-2_91-0 vte-lang
- Update to version 0.72.2:
* emulation: Fix infinite loop on non-number OSC 104 param
* widget: Don't consume right clicks on gtk4
- Drop 24547fb3.patch: Fixed upstream.
==== yast2-storage-ng ====
Version update (4.6.10 -> 4.6.11)
- Prevent setting the volume label for a mounted btrfs or swap
(bsc#1211337)
- 4.6.11
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
busybox (1.36.0 -> 1.36.1)
criu (3.17.1 -> 3.18)
evolution-data-server (3.48.2 -> 3.48.3)
git (2.40.1 -> 2.41.0)
gnome-shell (44.1 -> 44.2)
gtk4
kernel-firmware (20230517 -> 20230531)
kernel-source (6.3.4 -> 6.3.6)
keylime (7.0.0 -> 7.2.5)
libcontainers-common
libstorage-ng (4.5.115 -> 4.5.116)
libzypp (17.31.11 -> 17.31.12)
llvm16 (16.0.4 -> 16.0.5)
m17n-db (1.8.0 -> 1.8.2)
mutter (44.1+2 -> 44.2)
openssh (8.9p1 -> 9.3p1)
openssh-askpass-gnome (8.9p1 -> 9.3p1)
permissions (1699_20230516 -> 1699_20230602)
polkit-default-privs (1550+20230517.ab68b2d -> 1550+20230606.5001571)
rubygem-ruby-dbus (0.22.1 -> 0.23.0.beta1)
rust-keylime (0.2.1+git.1682587333.b497f1d -> 0.2.1+git.1685699835.3c9d17c)
shim-leap
sof-firmware (2.2.4 -> 2.2.5)
suse-module-tools (16.0.30 -> 16.0.31)
systemd-presets-branding-openSUSE
yast2-trans (84.87.20230516.e4ba802a -> 84.87.20230602.240a95214f)
=== Details ===
==== busybox ====
Version update (1.36.0 -> 1.36.1)
Subpackages: busybox-static
- update to 1.36.1:
* fixes for line editing, detection of hardware sha1/sha256
support, unzip
(do not create suid/sgid files unless -K),
shell (printf and sleep with no args, handing of SIGINT
in sleep), ed.
==== criu ====
Version update (3.17.1 -> 3.18)
- Update to criu 3.18:
New features:
* Allow CRIU to be used as non-root
* Add SIGTSTP support
* Add opt to skip file r/w/x check on restore
Bugfixes:
* Many fixes here and there
Improvements:
* cgroup2: Dump cgroup controllers of every threads in a process
* save IP_FREEBIND option for SOCK_RAW sockets also
* support IP_PKTINFO and IPV6_RECVPKTINFO options
* Implement hw breakpoint for arm64 platform
* Set only used XFEATURE_* in xstate_bv
* Checkpoint and restore some global properties
* A checkpoint optimization for highly sparse ghost files (--ghost-fiemap)
- Refresh criu-py-install-fix.diff:
a workaround for non-working python-pip inside build environment by
reviving the old setup script
- Fix shebang of criu-ns script:
criu-ns-python3-shebang.patch
- Drop obsoleted patches:
criu-fix-conflicting-headers.patch
mount-add-definition-for-FSOPEN_CLOEXEC.patch
==== evolution-data-server ====
Version update (3.48.2 -> 3.48.3)
Subpackages: evolution-data-server-lang libcamel-1_2-64 libebackend-1_2-11 libebook-1_2-21 libebook-contacts-1_2-4 libecal-2_0-2 libedata-book-1_2-27 libedata-cal-2_0-2 libedataserver-1_2-27 libedataserverui-1_2-4
- Update to version 3.48.3:
+ Bug Fixed: EWebDAVSession: Claim also error nodes from propstat
response.
==== git ====
Version update (2.40.1 -> 2.41.0)
- git 2.41.0: This update contains a number of compatible updates,
improvements and extensions to multiple workflows. Some changes
may break backwards compatibility:
* The libsecret credential helper obsoletes direct GNOME keyring
support, which was dropped (git-credential-gnome-keyring)
* "git format-patch" has been taught to ignore end-user
configuration ("diff.noprefix") and always use the standard
prefixes, to avoid breaking the receiving end of the patch
- drop sha256_clone_fix.patch
==== gnome-shell ====
Version update (44.1 -> 44.2)
Subpackages: gnome-extensions gnome-shell-calendar gnome-shell-lang
- Update to version 44.2:
+ Improve built-in screen recorder
+ Use user-defined names in bluetooth menu
+ Fix stuck authentication dialog in remote sessions
+ Fix glitches in calendar when using large-text option
+ Fix IM popup getting stuck on engine changes
+ Fixed crash
+ Misc. bug fixes and cleanups
+ Updated translations.
==== gtk4 ====
Subpackages: gtk4-lang gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0
- Add fix-gridview.patch: Add border-spacing where it was missed.
We were computing column widths without taking border-spacing into
account, making them slightly too big (glgo#GNOME/nautilus#2980).
==== kernel-firmware ====
Version update (20230517 -> 20230531)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd
- Update to version 20230531 (git commit 9d4c9a52c237):
* qcom: apq8016: add Dragonboard 410c WiFi and modem firmware
* cirrus: Add firmware for new Asus ROG Laptops
* brcm: Add symlinks from Pine64 devices to AW-CM256SM.txt
* amdgpu: Update GC 11.0.1 and 11.0.4
* rtw89: 8851b: add firmware v0.29.41.0
* amdgpu: update yellow carp firmware for amd.5.5 release
* amdgpu: update navi14 firmware for amd.5.5 release
* amdgpu: update navi12 firmware for amd.5.5 release
* amdgpu: update vega20 firmware for amd.5.5 release
* amdgpu: update vega12 firmware for amd.5.5 release
* amdgpu: update navi10 firmware for amd.5.5 release
* amdgpu: update vega10 firmware for amd.5.5 release
* amdgpu: update PSP 13.0.11 firmware for amd.5.5 release
* amdgpu: update GC 11.0.4 firmware for amd.5.5 release
* amdgpu: update SDMA 6.0.1 firmware for amd.5.5 release
* amdgpu: update PSP 13.0.4 firmware for amd.5.5 release
* amdgpu: update GC 11.0.1 firmware for amd.5.5 release
* amdgpu: update 13.0.8 firmware for amd.5.5 release
* amdgpu: update GC 10.3.7 firmware for amd.5.5 release
* amdgpu: update vangogh firmware for amd.5.5 release
* amdgpu: update VCN 4.0.4 firmware for amd.5.5 release
* amdgpu: update SMU 13.0.7 firmware for amd.5.5 release
* amdgpu: update PSP 13.0.7 firmware for amd.5.5 release
* amdgpu: update GC 11.0.2 firmware for amd.5.5 release
* amdgpu: update renoir firmware for amd.5.5 release
* amdgpu: update VCN 4.0.0 firmware for amd.5.5 release
* amdgpu: update SMU 13.0.0 firmware for amd.5.5 release
* amdgpu: update PSP 13.0.0 firmware for amd.5.5 release
* amdgpu: update GC 11.0.0 firmware for amd.5.5 release
* amdgpu: update green sardine firmware for amd.5.5 release
* amdgpu: update beige goby firmware for amd.5.5 release
* amdgpu: update dimgrey cavefish firmware for amd.5.5 release
* amdgpu: update arcturus firmware for amd.5.5 release
* amdgpu: update vcn 3.1.2 firmware for amd.5.5 release
* amdgpu: update psp 13.0.5 firmware for amd.5.5 release
* amdgpu: update GC 10.3.6 firmware for amd.5.5 release
* amdgpu: update navy flounder firmware for amd.5.5 release
* amdgpu: update sienna cichlid firmware for amd.5.5 release
* amdgpu: update aldebaran firmware for amd.5.5 release
* amdgpu: DMCUB updates for various AMDGPU asics
* ice: update ice DDP comms package to 1.3.40.0
* cxgb4: Update firmware to revision 1.27.3.0
- Fix the broken symlink targets for cirrus firmware:
cirrus-WHENCE-link-fixes.patch
- Clean up spec template to match with the actual output
==== kernel-source ====
Version update (6.3.4 -> 6.3.6)
- Linux 6.3.6 (bsc#1012628).
- netfilter: ctnetlink: Support offloaded conntrack entry deletion
(bsc#1012628).
- cpufreq: amd-pstate: Add ->fast_switch() callback (bsc#1012628).
- cpufreq: amd-pstate: Update policy->cur in
amd_pstate_adjust_perf() (bsc#1012628).
- bluetooth: Add cmd validity checks at the start of
hci_sock_ioctl() (bsc#1012628).
- net: phy: mscc: enable VSC8501/2 RGMII RX clock (bsc#1012628).
- cpufreq: amd-pstate: Remove fast_switch_possible flag from
active driver (bsc#1012628).
- vfio/type1: check pfn valid before converting to struct page
(bsc#1012628).
- blk-mq: fix race condition in active queue accounting
(bsc#1012628).
- blk-wbt: fix that wbt can't be disabled by default
(bsc#1012628).
- bpf, sockmap: Incorrectly handling copied_seq (bsc#1012628).
- bpf, sockmap: Wake up polling after data copy (bsc#1012628).
- bpf, sockmap: TCP data stall on recv before accept
(bsc#1012628).
- bpf, sockmap: Handle fin correctly (bsc#1012628).
- bpf, sockmap: Improved check for empty queue (bsc#1012628).
- bpf, sockmap: Reschedule is now done through backlog
(bsc#1012628).
- bpf, sockmap: Convert schedule_work into delayed_work
(bsc#1012628).
- bpf, sockmap: Pass skb ownership through read_skb (bsc#1012628).
- gpio-f7188x: fix chip name and pin count on Nuvoton chip
(bsc#1012628).
- net/mlx5: E-switch, Devcom, sync devcom events and devcom comp
register (bsc#1012628).
- Revert "net/mlx5: Expose vnic diagnostic counters for eswitch
managed vports" (bsc#1012628).
- Revert "net/mlx5: Expose steering dropped packets counter"
(bsc#1012628).
- net/mlx5e: TC, Fix using eswitch mapping in nic mode
(bsc#1012628).
- drm/i915: Fix PIPEDMC disabling for a bigjoiner configuration
(bsc#1012628).
- drm/i915: Disable DPLLs before disconnecting the TC PHY
(bsc#1012628).
- drm/i915: Move shared DPLL disabling into CRTC disable hook
(bsc#1012628).
- ASoC: Intel: avs: Fix module lookup (bsc#1012628).
- cxl/port: Fix NULL pointer access in devm_cxl_add_port()
(bsc#1012628).
- net: fec: add dma_wmb to ensure correct descriptor values
(bsc#1012628).
- tls: rx: strp: don't use GFP_KERNEL in softirq context
(bsc#1012628).
- tls: rx: strp: preserve decryption status of skbs when needed
(bsc#1012628).
- tls: rx: strp: factor out copying skb data (bsc#1012628).
- tls: rx: strp: force mixed decrypted records into copy mode
(bsc#1012628).
- tls: rx: strp: fix determining record length in copy mode
(bsc#1012628).
- tls: rx: strp: set the skb->len of detached / CoW'ed skbs
(bsc#1012628).
- tls: rx: device: fix checking decryption status (bsc#1012628).
- gpiolib: fix allocation of mixed dynamic/static GPIOs
(bsc#1012628).
- bpf: netdev: init the offload table earlier (bsc#1012628).
- platform/x86/amd/pmf: Fix CnQF and auto-mode after resume
(bsc#1012628).
- power: supply: rt9467: Fix passing zero to 'dev_err_probe'
(bsc#1012628).
- selftests/bpf: Fix pkg-config call building sign-file
(bsc#1012628).
- ARM: dts: imx6ull-dhcor: Set and limit the mode for PMIC buck 1,
2 and 3 (bsc#1012628).
- coresight: perf: Release Coresight path when alloc trace id
failed (bsc#1012628).
- spi: spi-geni-qcom: Select FIFO mode for chip select
(bsc#1012628).
- firmware: arm_ffa: Fix usage of partition info get count flag
(bsc#1012628).
- firmware: arm_scmi: Fix incorrect alloc_workqueue() invocation
(bsc#1012628).
- commit f583ba4
- drm/amd/display: Only wait for blank completion if OTG active
(https://gitlab.freedesktop.org/drm/amd/-/issues/2447).
- commit fc379fb
- Revert "Remove usrmerge compatibility symlink in buildroot (boo#1211796)"
This reverts commit b8e00c5a84bcd75a1e2c491b6de601278e1572c7. It still
breaks build as it needs support in kmod (SR#1089967).
- commit 6db9c44
- Revert "Fix usrmerge error (boo#1211796)"
This reverts commit da84579e78f4c4efa5b3b910484fdaedc79fefec. It still
breaks build as it needs support in kmod (SR#1089967).
- commit 4b4675f
- Revert "Revert "Remove usrmerge compatibility symlink in buildroot (boo#1211796)""
This reverts commit d3cbce2379049d1657919d6ced51f6f5141f66fd, we will
merge a fix from the packaging branch.
- commit 07d1779
- Fix usrmerge error (boo#1211796)
- commit da84579
- Revert "Remove usrmerge compatibility symlink in buildroot (boo#1211796)"
... changelog too long, skipping 225 lines ...
- commit fc86ff2
==== keylime ====
Version update (7.0.0 -> 7.2.5)
Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python310-keylime
- Update to version v7.2.5:
* bump version to 7.2.5
* installer.sh: remove unused codes
* tpm: Implement BigNum context creation and usage
* tpm: Implement int2bn and bn2int in our class
* tpm_util: Add EC key support for makecredential in python
* tpm: Replace tpm2_makecredential with python implementation
* tpm_util: Implement makecredential in python
* tpm2_objects: Return parameters when unmarshalling tpm2b_public
* The first of several PRs to clean up MBA
* verifier: Update agent dict values only after checking each value
* verifier: Remove assignment to variable overwritten immediately after
* registrar: Reformat initialization of dictionary
* registrar: Check for error case aik_enc being None first
* tpm_main: Remove unused run() method
* tpm_main: Remove unnecessary code for support of tpm2_quote
* tpm_main: Get rid of hashdigest() method
* tpm_main: Get rid of start_hash and use get_start_hash() of given Hash
* algorithms: Make get_START_HASH and get_FF_HASH methods of Hash
* Use <bytes>.hex() to create hex string
* Use bytes.fromhex() instead of codecs for parsing of string with hex number
* Tpm: Rename START_HASH to start_hash
* Tpm: Remove unused parameters of __run method
* tpm: Move EXIT_SUCCESS outside class scope
* tpm: Rename tpm class to Tpm
* tpm: Access agent_id directory from structure
* codestyle: Fix issues detected by older pylint 2.13.9
* tpm: Get rid of AbstractTPM class
* codestyle: Add missing annotations to test_ima_dm.py to pass pyright
* pypright: Remove ignored files that do not exist anymore
* ima: Replace usage of codec to parse hex string with bytes.fromhex()
* ima: Replace usage of codec with hex() method on bytes
* ima: Validate proper JSON before trying to convert from string to JSON
* tenant: fixes a (timing) issue whenever an agent is removed and re-added
* verifier: Simplify initialization of agent_data dict
* verifier: Use kwargs to pass ssl_context if it exists
* verifier: Return an Empty Dict rather than None in case of error
* verifier: Use get() on dict rather than catching an Exception
* cloud_verifier: AgentsHandler: Consolidate checking of input parameters
* registrar: Consolidate __validate_input() in BaseHandler
* registrar: ProtectedHandler: Refactor __validate_input
* registrar: UnprotectedHandler: Consolidate checking of input parameters
* registrar: ProtectedHandler: Consolidate checking of input parameters
* docs: remove Vagrant setup
* registrar: Move getting network parameters into own function
* [tests] Update test coverage task name regexp
* tenant: report when the keystore fails
* ca_util: fix captured exception
* [tests] Simply coverage file URL parsing
* tpm+ima: Convert tables to hold instances of hashers
* docs/rest_apis.rst: remove the comma at the end of the JSON string
* tpm: Activate tpm2_checkquote replacement code
* tests: Add test case for checkquote and parsing of tpms_attest
* tpm: Implement tpm2_checkquote in python
* README.md: fix the invalid URL about IMA stub service.
* README.md: fix the script name(./services/installer.sh) error
* installer.sh: support Alibaba Cloud Linux OS whose ID is alinux
* web_util: handle tls_dir default with cacerts correctly
* codestyle: Add pyright ignore annoatations due to pyright 1.1.306
* codestyle: Ignore import of NoResultFound from sqlalchemy 1.3 file
* CI/CD: Run pyright as part of tox
* agentstates: Reformat construction of returned dictionary
* docker: fix tpm2-tools build
* docker: upate to newer tpm2-tools version
* docs/installation.rst: add the missing popd command in the manual deployment.
* tpm: Implement function to extract clock info from TPMS_ATTEST
* [tests] Reduce duplication in packit-ci test plan
* Enable Packit CI again on all Fedora releases
* Redefine the list of maintainers taking into account activity on the last 12 months, proposing a few new names to be added (please feel free to decline)
==== libcontainers-common ====
- Enforce BCI verification via Podman on openSUSE distributions
using the already shipped container signing keys.
(bsc#1197030)
==== libstorage-ng ====
Version update (4.5.115 -> 4.5.116)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.116
==== libzypp ====
Version update (17.31.11 -> 17.31.12)
- Do not unconditionally release a medium if provideFile failed
(bsc#1211661)
- libzypp.spec.cmake: remove duplicate file listing.
- version 17.31.12 (22)
==== llvm16 ====
Version update (16.0.4 -> 16.0.5)
- Update to version 16.0.5.
* This release contains bug-fixes for the LLVM 16.0.0 release.
This release is API and ABI compatible with 16.0.0.
- Rebase patches:
* llvm-do-not-install-static-libraries.patch
* llvm-remove-clang-only-flags.patch
- Enable ThinLTO on riscv64.
==== m17n-db ====
Version update (1.8.0 -> 1.8.2)
Subpackages: m17n-db-lang
- update to 1.8.2:
* New input methods are added.
* si-sayura.mim: Sinhala input method using the sayura
transliteration system, see https://www.sayura.net/im/
* mr-gamabhana.mim: Marathi input method with GaMaBhaNa
* bn-national-jatiya.mim: Bengali input method National Jatiya
layout
* hu-rovas-post: icon added.
* kn-inscript.mim: Add mapping for ZWNJ
* gu-itrans.mim: Fix e o mappings
* bo-ewts.mim: Fix ld mapping
* bo-ewts.mim: remove whitespace in rn and brn mapping
* Changes in the build system.
* pa-remington.mim: Punjabi input method for remington layout
* ta-remington.mim: Tamil input method for Remington typewriter
layout
* as-inscript2.mim: Input method for enhanced inscript layout
* bn-inscript2.mim: Input method for enhanced inscript layout
* brx-inscript2-deva.mim: Input method for enhanced inscript
layout
* doi-inscript2-deva.mim: Input method for enhanced inscript
layout
* gu-inscript2.mim: Input method for enhanced inscript layout
* hi-inscript2.mim: Input method for enhanced inscript layout
* kn-inscript2.mim: Input method for enhanced inscript layout
* kok-inscript2-deva.mim: Input method for enhanced inscript
layout
* ks-inscript2-deva.mim: Input method for enhanced inscript
layout
* mai-inscript2.mim: Input method for enhanced inscript layout
* ml-inscript2.mim: Input method for enhanced inscript layout
* mni-inscript2-beng.mim: Input method for enhanced inscript
layout
* mni-inscript2-mtei.mim: Input method for enhanced inscript
layout
* mr-inscript2.mim: Input method for enhanced inscript layout
* ne-inscript2-deva.mim: Input method for enhanced inscript
layout
* or-inscript2.mim: Input method for enhanced inscript layout
* pa-inscript2-guru.mim: Input method for enhanced inscript
layout
* sa-inscript2.mim: Input method for enhanced inscript layout
* sat-inscript2-deva.mim: Input method for enhanced inscript
layout
* sat-inscript2-olck.mim: Input method for enhanced inscript
layout
* sd-inscript2-deva.mim: Input method for enhanced inscript
layout
* ta-inscript2.mim: Input method for enhanced inscript layout
* te-inscript2.mim: Input method for enhanced inscript layout
* ml-swanalekha.mim: Adjusted for the latest Unicode
* unicode.mim: allow input of characters above the BMP
* ar-kbd.mim: Use digits 0-9 on the 0-9 keys
* ml-mozhi.mim: fix spurious ZWNJ being added (Resolves:
https://savannah.nongnu.org/bugs/index.php?59681)
==== mutter ====
Version update (44.1+2 -> 44.2)
Subpackages: mutter-lang
- Update to version 44.2:
+ Fix DND in some server-side decorated windows
+ Fix redrawing regression in non-DMA remote sessions
+ Avoid race condition in xwayland-on-demand
+ Do not unminimize windows with initial IconicState
+ Fix mispositioning of some X11 fullscreen windows
+ Fix legacy fullscreen windows appearing on all monitors
+ Improve support for display-attached tablets
+ Fix stuck cursor in some clients
+ Avoid unexpected orientation changes around suspend/resume
+ Fix oversized input region around Xwayland windows
+ Fix X11 client input region issues
+ Plugged leak
+ Fixed crashes
+ Misc. bug fixes and cleanups
+ Updated translations.
- Drop patches fixed upstream:
+ mutter-do-not-unminimize-windows-with-initial-iconic.patch
+ mutter-fix-wacom-tablet-crash.patch
==== openssh ====
Version update (8.9p1 -> 9.3p1)
Subpackages: openssh-clients openssh-common openssh-server
- Update to openssh 9.3p1:
= Security
* ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
per-hop destination constraints (ssh-add -h ...) added in
OpenSSH 8.9, a logic error prevented the constraints from being
communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and
keys without destination constraints are unaffected. This
problem was reported by Luci Stanescu.
* ssh(1): Portable OpenSSH provides an implementation of the
getrrsetbyname(3) function if the standard library does not
provide it, for use by the VerifyHostKeyDNS feature. A
specifically crafted DNS response could cause this function to
perform an out-of-bounds read of adjacent stack data, but this
condition does not appear to be exploitable beyond denial-of-
service to the ssh(1) client.
The getrrsetbyname(3) replacement is only included if the
system's standard library lacks this function and portable
OpenSSH was not compiled with the ldns library (--with-ldns).
getrrsetbyname(3) is only invoked if using VerifyHostKeyDNS to
fetch SSHFP records. This problem was found by the Coverity
static analyzer.
= New features
* ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256
when outputting SSHFP fingerprints to allow algorithm
selection. bz3493
* sshd(8): add a `sshd -G` option that parses and prints the
effective configuration without attempting to load private keys
and perform other checks. This allows usage of the option
before keys have been generated and for configuration
evaluation and verification by unprivileged users.
= Bugfixes
* scp(1), sftp(1): fix progressmeter corruption on wide displays;
bz3534
* ssh-add(1), ssh-keygen(1): use RSA/SHA256 when testing
usability of private keys as some systems are starting to
disable RSA/SHA1 in libcrypto.
* sftp-server(8): fix a memory leak. GHPR363
* ssh(1), sshd(8), ssh-keyscan(1): remove vestigal protocol
compatibility code and simplify what's left.
* Fix a number of low-impact Coverity static analysis findings.
These include several reported via bz2687
* ssh_config(5), sshd_config(5): mention that some options are
not first-match-wins.
* Rework logging for the regression tests. Regression tests will
now capture separate logs for each ssh and sshd invocation in
a test.
* ssh(1): make `ssh -Q CASignatureAlgorithms` work as the manpage
says it should; bz3532.
* ssh(1): ensure that there is a terminating newline when adding
a new entry to known_hosts; bz3529
= Portability
* sshd(8): harden Linux seccomp sandbox. Move to an allowlist of
mmap(2), madvise(2) and futex(2) flags, removing some
concerning kernel attack surface.
* sshd(8): improve Linux seccomp-bpf sandbox for older systems;
bz3537
- Update to openssh 9.2p1:
= Security
* sshd(8): fix a pre-authentication double-free memory fault
introduced in OpenSSH 9.1. This is not believed to be
exploitable, and it occurs in the unprivileged pre-auth process
that is subject to chroot(2) and is further sandboxed on most
major platforms.
* ssh(8): in OpenSSH releases after 8.7, the PermitRemoteOpen
option would ignore its first argument unless it was one of the
special keywords "any" or "none", causing the permission list
to fail open if only one permission was specified. bz3515
* ssh(1): if the CanonicalizeHostname and
CanonicalizePermittedCNAMEs options were enabled, and the
system/libc resolver did not check that names in DNS responses
were valid, then use of these options could allow an attacker
with control of DNS to include invalid characters (possibly
including wildcards) in names added to known_hosts files when
they were updated. These names would still have to match the
CanonicalizePermittedCNAMEs allow-list, so practical
exploitation appears unlikely.
= Potentially-incompatible changes
* ssh(1): add a new EnableEscapeCommandline ssh_config(5) option
that controls whether the client-side ~C escape sequence that
provides a command-line is available. Among other things, the
~C command-line could be used to add additional port-forwards
at runtime.
This option defaults to "no", disabling the ~C command-line
that was previously enabled by default. Turning off the
command-line allows platforms that support sandboxing of the
ssh(1) client (currently only OpenBSD) to use a stricter
default sandbox policy.
= New features
* sshd(8): add support for channel inactivity timeouts via a new
sshd_config(5) ChannelTimeout directive. This allows channels
that have not seen traffic in a configurable interval to be
automatically closed. Different timeouts may be applied to
session, X11, agent and TCP forwarding channels.
* sshd(8): add a sshd_config UnusedConnectionTimeout option to
terminate client connections that have no open channels for a
length of time. This complements the ChannelTimeout option
above.
* sshd(8): add a -V (version) option to sshd like the ssh client
... changelog too long, skipping 345 lines ...
- wtmpdb.patch: add support for wtmpdb to sshd [jsc#PED-3144]
==== openssh-askpass-gnome ====
Version update (8.9p1 -> 9.3p1)
- openssh-askpass-gnome: require only openssh-clients, not the full
openssh (including -server), to avoid pulling in excessive
dependencies when installing git on Gnome (boo#1211446)
- Update to openssh 9.3p1
* No changes for askpass, see main package changelog for
details
==== permissions ====
Version update (1699_20230516 -> 1699_20230602)
Subpackages: chkstat permissions-config
- Update to version 20230602:
* profiles: remove dropped pppoe-wrapper
==== polkit-default-privs ====
Version update (1550+20230517.ab68b2d -> 1550+20230606.5001571)
- Update to version 1550+20230606.5001571:
* Whitelist org.freedesktop.systemd1.bypass-dump-ratelimit (bsc#1211978)
- Update to version 1550+20230602.0c9c3c6:
* profiles: drop dead mousepad action
==== rubygem-ruby-dbus ====
Version update (0.22.1 -> 0.23.0.beta1)
- 0.23.0.beta1
Bug fixes:
* A service can now have more than one name (gh#mvidner/ruby-dbus#69).
Connection#request_service is deprecated in favor of Connection#object_server
and BusConnection#request_name
API:
* Remove Service, splitting it into ProxyService and ObjectServer
* Split off BusConnection from Connection
==== rust-keylime ====
Version update (0.2.1+git.1682587333.b497f1d -> 0.2.1+git.1685699835.3c9d17c)
Subpackages: keylime-ima-policy
- Update to version 0.2.1+git.1685699835.3c9d17c:
* Remove MOUNT_SECURE bool
* rpm: Remove unused directory and add dependency for mount
* keylime-agent/src: update API version to 2.1 to consistent with https://github.com/keylime/keylime/blob/master/docs/rest_apis.rst
* docker/fedora/keylime_rust.Dockerfile: add the logic of cloning and compiling rust-keylime
* [tests] Update test coverage task name regexp
* [tests] Simply coverage file URL parsing
==== shim-leap ====
- Update shim-install to support FDE
+ Read GRUB_CRYPTODISK_PASSWORD and GRUB_TPM2_SEALED_KEY to
create the proper cryptomount command for grub.cfg
+ Save the PCR snapshot if grub2 supports the command
+ Support 'no_grub_install' to skip grub2-install
+ Detect the OS ID of openSUSE Leap
==== sof-firmware ====
Version update (2.2.4 -> 2.2.5)
- Update to version 2.2.5:
There's no FW binary change. This release adds a few new topology
binaries for Intel Alder Lake (ADL) platforms.
- Update supplements for RPL and MTL
==== suse-module-tools ====
Version update (16.0.30 -> 16.0.31)
Subpackages: suse-module-tools-scriptlets
- Update to version 16.0.31:
* rpm-script: skip run_bootloader check (boo#1208117)
==== systemd-presets-branding-openSUSE ====
- fix drkonqi entry, should end with .service
==== yast2-trans ====
Version update (84.87.20230516.e4ba802a -> 84.87.20230602.240a95214f)
Subpackages: yast2-trans-cs yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-fr yast2-trans-hu yast2-trans-it yast2-trans-ja yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ru yast2-trans-zh_CN yast2-trans-zh_TW
- Update to version 84.87.20230602.240a95214f:
* New POT for text domain 'control'.
* Translated using Weblate (Macedonian)
* New POT for text domain 'autoinst'.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
AppStream
ImageMagick (7.1.1.8 -> 7.1.1.11)
MozillaFirefox (112.0.2 -> 113.0.2)
MozillaFirefox-branding-openSUSE
NetworkManager
NetworkManager-openconnect (1.2.8 -> 1.2.10)
QGnomePlatform-qt5 (0.9.0 -> 0.9.1)
apparmor (3.1.3 -> 3.1.4)
at-spi2-core (2.48.0 -> 2.48.3)
attica-qt5 (5.105.0 -> 5.106.0)
autoyast2 (4.6.1 -> 4.6.2)
baloo5 (5.105.0 -> 5.106.0)
baloo5-widgets (23.04.0 -> 23.04.1)
bind (9.18.14 -> 9.18.15)
bluedevil5 (5.27.4 -> 5.27.5)
bluez-qt (5.105.0 -> 5.106.0)
breeze (5.27.4 -> 5.27.5)
breeze-gtk (5.27.4 -> 5.27.5)
breeze5-icons (5.105.0 -> 5.106.0)
btrfsprogs (6.1.3 -> 6.3)
c-ares (1.19.0 -> 1.19.1)
checkmedia (6.1 -> 6.2)
container-selinux (2.211.0 -> 2.215.0)
containerd (1.6.20 -> 1.6.21)
createrepo_c
crypto-policies (20210917.c9d86d1 -> 20230420.3d08ae7)
cups
cups-filters
curl (8.0.1 -> 8.1.2)
dav1d (1.2.0 -> 1.2.1)
diffutils (3.9 -> 3.10)
discover (5.27.4 -> 5.27.5)
dnsmasq
docker (23.0.5_ce -> 23.0.6_ce)
dolphin (23.04.0 -> 23.04.1)
dos2unix (7.4.4 -> 7.5.0)
drkonqi5 (5.27.4 -> 5.27.5)
e2fsprogs (1.46.5 -> 1.47.0)
elfutils
ethtool (6.2 -> 6.3)
evolution-data-server (3.48.1 -> 3.48.2)
ffmpegthumbs (23.04.0 -> 23.04.1)
filelight (23.04.0 -> 23.04.1)
firewalld
frameworkintegration (5.105.0 -> 5.106.0)
freetype2
fuse3
gawk (5.2.1 -> 5.2.2)
gcc13 (13.0.1+git7231 -> 13.1.1+git7364)
gdb
glib2 (2.76.2 -> 2.76.3)
glibc
glslang (12.1.0 -> 12.2.0)
gnome-control-center (44.1 -> 44.2)
gnome-session
gnome-software (44.1 -> 44.2)
gnutls
grantlee5
grep (3.10 -> 3.11)
grub2
gstreamer (1.22.2 -> 1.22.3)
gstreamer-plugins-bad (1.22.2 -> 1.22.3)
gstreamer-plugins-base (1.22.2 -> 1.22.3)
gstreamer-plugins-good (1.22.2 -> 1.22.3)
gtk3 (3.24.37+70 -> 3.24.38)
gupnp-av
harfbuzz (7.2.0 -> 7.3.0)
health-checker (1.7 -> 1.8)
highway
hwdata (0.369 -> 0.370)
icewm (3.3.2 -> 3.3.5)
imlib2 (1.11.0 -> 1.11.1)
installation-images-MicroOS (17.86 -> 17.87)
inxi (3.3.23 -> 3.3.27)
iso-codes (4.13.0 -> 4.15.0)
iso_ent
kaccounts-integration (23.04.0 -> 23.04.1)
kaccounts-providers (23.04.0 -> 23.04.1)
kactivities-stats (5.105.0 -> 5.106.0)
kactivities5 (5.105.0 -> 5.106.0)
kactivitymanagerd (5.27.4 -> 5.27.5)
karchive (5.105.0 -> 5.106.0)
kate (23.04.0 -> 23.04.1)
kauth (5.105.0 -> 5.106.0)
kbookmarks (5.105.0 -> 5.106.0)
kcm_flatpak (5.27.4 -> 5.27.5)
kcm_sddm (5.27.4 -> 5.27.5)
kcmutils (5.105.0 -> 5.106.0)
kcodecs (5.105.0 -> 5.106.0)
kcompletion (5.105.0 -> 5.106.0)
kconfig (5.105.0 -> 5.106.0)
kconfigwidgets (5.105.0 -> 5.106.0)
kcoreaddons (5.105.0 -> 5.106.0)
kcrash (5.105.0 -> 5.106.0)
kdbusaddons (5.105.0 -> 5.106.0)
kde-cli-tools5 (5.27.4 -> 5.27.5)
kde-gtk-config5 (5.27.4 -> 5.27.5)
kde-print-manager (23.04.0 -> 23.04.1)
kdeclarative (5.105.0 -> 5.106.0)
kded (5.105.0 -> 5.106.0)
kdegraphics-thumbnailers (23.04.0 -> 23.04.1)
kdelibs4support (5.105.0 -> 5.106.0)
kdenetwork-filesharing (23.04.0 -> 23.04.1)
kdesu (5.105.0 -> 5.106.0)
kdialog (23.04.0 -> 23.04.1)
kdnssd-framework (5.105.0 -> 5.106.0)
kdoctools (5.105.0 -> 5.106.0)
kernel-firmware (20230427 -> 20230517)
kernel-source (6.3.1 -> 6.3.4)
keylime
kfilemetadata5 (5.105.0 -> 5.106.0)
kgamma5 (5.27.4 -> 5.27.5)
kglobalaccel (5.105.0 -> 5.106.0)
kguiaddons (5.105.0 -> 5.106.0)
khelpcenter5 (23.04.0 -> 23.04.1)
kholidays (5.105.0 -> 5.106.0)
khotkeys5 (5.27.4 -> 5.27.5)
khtml (5.105.0 -> 5.106.0)
ki18n (5.105.0 -> 5.106.0)
kiconthemes (5.105.0 -> 5.106.0)
kidletime (5.105.0 -> 5.106.0)
kimageformats (5.105.0 -> 5.106.0)
kinfocenter5 (5.27.4 -> 5.27.5)
kinit (5.105.0 -> 5.106.0)
kio (5.105.0 -> 5.106.0)
kio-extras5 (23.04.0 -> 23.04.1)
kirigami2 (5.105.0 -> 5.106.0)
kitemmodels (5.105.0 -> 5.106.0)
kitemviews (5.105.0 -> 5.106.0)
kjobwidgets (5.105.0 -> 5.106.0)
kjs (5.105.0 -> 5.106.0)
kmenuedit5 (5.27.4 -> 5.27.5)
knewstuff (5.105.0 -> 5.106.0)
knotifications (5.105.0 -> 5.106.0)
knotifyconfig (5.105.0 -> 5.106.0)
konsole (23.04.0 -> 23.04.1)
kpackage (5.105.0 -> 5.106.0)
kparts (5.105.0 -> 5.106.0)
kpeople5 (5.105.0 -> 5.106.0)
kpipewire (5.27.4 -> 5.27.5)
kpty (5.105.0 -> 5.106.0)
kquickcharts (5.105.0 -> 5.106.0)
krunner (5.105.0 -> 5.106.0)
kscreen5 (5.27.4 -> 5.27.5)
kscreenlocker (5.27.4 -> 5.27.5)
kservice (5.105.0 -> 5.106.0)
ksshaskpass5 (5.27.4 -> 5.27.5)
ksystemstats5 (5.27.4 -> 5.27.5)
ktexteditor (5.105.0 -> 5.106.0)
ktextwidgets (5.105.0 -> 5.106.0)
kunitconversion (5.105.0 -> 5.106.0)
kwallet (5.105.0 -> 5.106.0)
kwalletmanager5 (23.04.0 -> 23.04.1)
kwayland (5.105.0 -> 5.106.0)
kwayland-integration (5.27.4 -> 5.27.5)
kwidgetsaddons (5.105.0 -> 5.106.0)
kwin5 (5.27.4 -> 5.27.5)
kwindowsystem (5.105.0 -> 5.106.0)
kwrited5 (5.27.4 -> 5.27.5)
kxmlgui (5.105.0 -> 5.106.0)
layer-shell-qt (5.27.4 -> 5.27.5)
libKF5ModemManagerQt (5.105.0 -> 5.106.0)
libKF5NetworkManagerQt (5.105.0 -> 5.106.0)
libX11 (1.8.4 -> 1.8.5)
libaom (3.6.0 -> 3.6.1)
libapparmor (3.1.3 -> 3.1.4)
libcap (2.68 -> 2.69)
libcap-ng
libcontainers-common
libdnf (0.70.0 -> 0.70.1)
libgcrypt
libheif (1.16.1 -> 1.16.2)
libkdcraw (23.04.0 -> 23.04.1)
libkdecoration2 (5.27.4 -> 5.27.5)
libkexiv2 (23.04.0 -> 23.04.1)
libkscreen2 (5.27.4 -> 5.27.5)
libksysguard5 (5.27.4 -> 5.27.5)
libnettle (3.8.1 -> 3.9)
libostree
libpng16
libproxy
libproxy-plugins
libqt5-qtbase (5.15.9+kde151 -> 5.15.9+kde154)
libqt5-qtdeclarative (5.15.9+kde23 -> 5.15.9+kde25)
libqt5-qtsvg (5.15.9+kde7 -> 5.15.9+kde8)
libqt5-qtwebengine (5.15.13 -> 5.15.14)
librsvg (2.56.0 -> 2.56.1)
libstorage-ng (4.5.101 -> 4.5.115)
libxcrypt (4.4.33 -> 4.4.34)
libxslt (1.1.37 -> 1.1.38)
libyui (4.5.2 -> 4.6.0)
libyui-ncurses (4.5.2 -> 4.6.0)
libyui-ncurses-pkg (4.5.2 -> 4.6.0)
libyui-qt (4.5.2 -> 4.6.0)
libyui-qt-graph (4.5.2 -> 4.6.0)
libyui-qt-pkg (4.5.2 -> 4.6.0)
libyuv (20220920+f9fda6e -> 20230517+a377993)
llvm16 (16.0.2 -> 16.0.4)
lsof
lua54 (5.4.4 -> 5.4.6)
man-pages (6.02 -> 6.04)
mdadm
milou5 (5.27.4 -> 5.27.5)
mobipocket (23.04.0 -> 23.04.1)
mozilla-nss
mozjs102 (102.10.0 -> 102.11.0)
multipath-tools (0.9.4+86+suse.4d8901e -> 0.9.5+68+suse.d1b6a1c)
mutter (44.1 -> 44.1+2)
nautilus (44.1 -> 44.2)
ncurses (6.4.20230429 -> 6.4.20230520)
nghttp2 (1.52.0 -> 1.53.0)
openSUSE-build-key
openconnect (9.10 -> 9.12)
openssl-3 (3.0.8 -> 3.1.1)
openssl (3.0.8 -> 3.1.1)
openvpn (2.6.3 -> 2.6.4)
orca (44.0 -> 44.1)
oxygen5-sounds (5.27.4 -> 5.27.5)
pam (1.5.2.90 -> 1.5.3)
pam-full-src (1.5.2.90 -> 1.5.3)
pam_kwallet (5.27.4 -> 5.27.5)
patterns-base
patterns-microos
pciutils (3.9.0 -> 3.10.0)
perl-Bootloader (1.0 -> 1.2)
perl-IO-Socket-SSL (2.081 -> 2.083)
perl-libwww-perl (6.68 -> 6.70)
permissions (1699_20230424 -> 1699_20230516)
pipewire (0.3.69 -> 0.3.71)
plasma-branding-MicroOS (20230420 -> 20230519)
plasma-browser-integration (5.27.4 -> 5.27.5)
plasma-framework (5.105.0 -> 5.106.0)
plasma-nm5 (5.27.4 -> 5.27.5)
plasma5-addons (5.27.4 -> 5.27.5)
plasma5-desktop (5.27.4 -> 5.27.5)
plasma5-disks (5.27.4 -> 5.27.5)
plasma5-integration (5.27.4 -> 5.27.5)
plasma5-openSUSE
plasma5-pa (5.27.4 -> 5.27.5)
plasma5-systemmonitor (5.27.4 -> 5.27.5)
plasma5-thunderbolt (5.27.4 -> 5.27.5)
plasma5-workspace (5.27.4.1 -> 5.27.5)
plymouth
podman (4.5.0 -> 4.5.1)
policycoreutils
polkit-default-privs (1550+20230307.7f42172 -> 1550+20230517.ab68b2d)
polkit-kde-agent-5 (5.27.4 -> 5.27.5)
poppler (23.04.0 -> 23.05.0)
poppler-qt5 (23.04.0 -> 23.05.0)
powerdevil5 (5.27.4 -> 5.27.5)
prison-qt5 (5.105.0 -> 5.106.0)
purpose (5.105.0 -> 5.106.0)
python-PyJWT (2.6.0 -> 2.7.0)
python-SQLAlchemy (2.0.12 -> 2.0.15)
python-Twisted
python-anyio
python-attrs (22.2.0 -> 23.1.0)
python-blinker (1.5 -> 1.6.2)
python-gevent (22.10.1 -> 22.10.2)
python-greenlet (1.1.3 -> 2.0.2)
python-httpcore (0.16.3 -> 0.17.0)
python-numpy
python-pip (22.3.1 -> 23.1.2)
python-pycryptodome (3.17.0 -> 3.18.0)
python-pyzmq (24.0.1 -> 25.0.2)
python-redis (4.5.4 -> 4.5.5)
python-requests (2.28.2 -> 2.30.0)
python-responses (0.21.0 -> 0.23.1)
python-rich (13.3.5 -> 13.4.1)
python-rpm
python-setuptools (67.6.1 -> 67.7.2)
python-tornado6 (6.2 -> 6.3.2)
python-urllib3 (1.26.15 -> 2.0.2)
python-zope.event
python310 (3.10.10 -> 3.10.11)
python310-core (3.10.10 -> 3.10.11)
qemu (7.1.0 -> 8.0.2)
qqc2-desktop-style (5.105.0 -> 5.106.0)
raspberrypi-firmware-dt
redis
rpm
ruby-common (3.2 -> 3.2.1)
rubygem-gem2rpm
rubygem-ruby-dbus (0.21.0 -> 0.22.1)
setxkbmap (1.3.3 -> 1.3.4)
shaderc (2023.2 -> 2023.4)
shim
signon-kwallet-extension (23.04.0 -> 23.04.1)
solid (5.105.0 -> 5.106.0)
sonnet (5.105.0 -> 5.106.0)
spectacle (23.04.0 -> 23.04.1)
sqlite3 (3.41.2 -> 3.42.0)
sssd (2.8.2 -> 2.9.0)
syndication (5.105.0 -> 5.106.0)
syntax-highlighting (5.105.0 -> 5.106.0)
systemd
systemd-rpm-macros (20 -> 22)
systemsettings5 (5.27.4 -> 5.27.5)
sysvinit (3.00 -> 3.07)
texlive
threadweaver (5.105.0 -> 5.106.0)
tnftp (20210827 -> 20230507)
tpm2.0-abrmd
tpm2.0-tools
tracker (3.5.1 -> 3.5.3)
tracker-miners (3.5.1 -> 3.5.2)
transactional-update (4.1.5 -> 4.2.1)
update-alternatives
util-linux
util-linux-systemd
vim (9.0.1504 -> 9.0.1572)
vte
vulkan-loader (1.3.247 -> 1.3.250.0)
vulkan-tools (1.3.247 -> 1.3.250.0)
webkit2gtk3 (2.40.1 -> 2.40.2)
webkit2gtk4 (2.40.1 -> 2.40.2)
wget (1.21.3 -> 1.21.4)
wireless-regdb (20230213 -> 20230503)
wireplumber
wpa_supplicant
xdg-desktop-portal-kde (5.27.4 -> 5.27.5)
xdm
xfsprogs (6.2.0 -> 6.3.0)
xrdb
xterm (379 -> 380)
yaml-cpp
yast2-control-center (4.6.0 -> 4.6.1)
yast2-installation (4.6.2 -> 4.6.3)
yast2-network (4.6.2 -> 4.6.3)
yast2-pkg-bindings (4.6.1 -> 4.6.2)
yast2-services-manager (4.6.0 -> 4.6.1)
yast2-storage-ng (4.6.5 -> 4.6.10)
yast2-vm (4.6.0 -> 4.6.1)
zisofs-tools
zstd
=== Details ===
==== AppStream ====
Subpackages: libAppStreamQt2 libappstream4
- refresh patch for new glib-2.76 from upstream
==== ImageMagick ====
Version update (7.1.1.8 -> 7.1.1.11)
Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10
- version update to 7.1.1.11
* upstream changelog:
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-11---2023…
- version update to 7.1.1.10
* fixes CVE-2023-2157 [bsc#1211601]
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-10---2023…
- update to 7.1.1.9:
* support for Oklab
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-9---2023-…
==== MozillaFirefox ====
Version update (112.0.2 -> 113.0.2)
- Mozilla Firefox 113.0.2 (boo#1211696)
* Fixed: Fixed a bug which could cause Firefox to freeze on
some pages when loading them with the Developer Tools Web
Console open (bmo#1828026)
* Fixed: Fixed a bug which would cause the bookmarks and
history sidebars to not properly react to the browser window
being vertically resized (bmo#1831535)
- Mozilla Firefox 113.0.1
* UI fixes for other platforms
- upstream signing key updated
- Mozilla Firefox 113.0
* https://www.mozilla.org/en-US/firefox/113.0/releasenotes
MFSA 2023-16 (bsc#1211175)
* CVE-2023-32205 (bmo#1753339, bmo#1753341)
Browser prompts could have been obscured by popups
* CVE-2023-32206 (bmo#1824892)
Crash in RLBox Expat driver
* CVE-2023-32207 (bmo#1826116)
Potential permissions request bypass via clickjacking
* CVE-2023-32208 (bmo#1646034)
Leak of script base URL in service workers via import()
* CVE-2023-32209 (bmo#1767194)
Persistent DoS via favicon image
* CVE-2023-32210 (bmo#1776755)
Incorrect principal object ordering
* CVE-2023-32211 (bmo#1823379)
Content process crash due to invalid wasm code
* CVE-2023-32212 (bmo#1826622)
Potential spoof due to obscured address bar
* CVE-2023-32213 (bmo#1826666)
Potential memory corruption in FileReader::DoReadData()
* MFSA-TMP-2023-0002 (bmo#1814560, bmo#1814790, bmo#1819796)
Race condition in dav1d decoding
* CVE-2023-32214 (bmo#1828716)
Potential DoS via exposed protocol handlers
* CVE-2023-32215 (bmo#1540883, bmo#1751943, bmo#1814856, bmo#1820210,
bmo#1821480, bmo#1827019, bmo#1827024, bmo#1827144, bmo#1827359,
bmo#1830186)
Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
* CVE-2023-32216 (bmo#1746479, bmo#1806852, bmo#1815987,
bmo#1820359, bmo#1823568, bmo#1824803, bmo#1824834, bmo#1825170,
bmo#1827020, bmo#1828130)
Memory safety bugs fixed in Firefox 113
- removed obsolete mozilla-bmo1568145.patch
==== MozillaFirefox-branding-openSUSE ====
- add sle_version 150500 check
- add some useful links about openSUSE in the about:newtab page
- add sle_version 150300 and 150400 check
==== NetworkManager ====
Subpackages: NetworkManager-bluetooth NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0
- Add nm-runstatedir.patch: to correct rundir from /var/run to /run
for systemd FHS compatibility
==== NetworkManager-openconnect ====
Version update (1.2.8 -> 1.2.10)
Subpackages: NetworkManager-openconnect-gnome
- Update to version 1.2.10:
+ Improved cancellation handling.
+ Support SAML/SSO authentication for some VPN protocols.
+ Allow useragent override.
+ Support webkit2gtk-4.1.
+ Allow choosing certificates/keys from PKCS#11 tokens.
+ Allow custom interface name.
+ Allow UDP connectivity to be disabled.
+ Support multi-certificate authentication for AnyConnect.
+ Fix hangs with external browsers which spam stdout.
+ Updated translations.
- Drop dbus-location.patch: Fixed upstream.
- Add pkgconfig(webkit2gtk-4.1) BuildRequires: New dependency.
==== QGnomePlatform-qt5 ====
Version update (0.9.0 -> 0.9.1)
- Update to version 0.9.1:
+ Changes:
- Thinner border between window and decorations
- Added support for KColorScheme using Adwaita-like color
schemes
- Added integration for QtQuick Controls2 applications
- Added support for color-scheme in GSettings backend
- Implemented reasonable icon fallback - depends on Qt change
476542
- Qt6: implemented support for QPlatformTheme::MouseCursorSize
and QPlatformTheme::MouseCursorTheme
+ Fixes:
- Do not crash when GSettings shema is not found
- Respect QT_STYLE_OVERRIDE env variable
- Fixed titlebar dimming on Wayland
- Fixed regression in rendering titlebar on vanilla Qt
- Drop 0001-fix-qt-6.5-compilation.patch as it is included in
version 0.9.1
- Adjust fix-XSetTransientForHint.patch for version 0.9.1
- Split QGnomePlatform's new color schemes into a new package
called "QGnomePlatform-colorschemes"
==== apparmor ====
Version update (3.1.3 -> 3.1.4)
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- update to AppArmor 3.1.4
- parser: fix mount rules encoding (CVE-2016-1585)
- aa-logprof: fix error when choosing named exec with plain profile names
- aa-status: fix json output
- several fixes for profiles and abstractions
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4
for the full upstream changelog
==== at-spi2-core ====
Version update (2.48.0 -> 2.48.3)
Subpackages: libatk-1_0-0 libatk-bridge-2_0-0 libatspi0 typelib-1_0-Atk-1_0 typelib-1_0-Atspi-2_0
- Update to version 2.48.3:
+ Fix the build when dbus-broker is not set to be used by
default.
+ Fix a couple of use after frees when finalizing devices.
+ atk-adaptor: Fix handling of sockets in impl_GetChildren.
- Update to version 2.48.2:
+ Fixed a regression in 2.48.1 where the bus launcher would fail
if dbus-broker was configured at build time but not installed
on the system.
- Update to version 2.48.1:
+ Fixes for atk-only builds under Windows.
+ meson: Avoid requiring libsystemd when configured to use
dbus-daemon.
+ Fix crash when a bad index is passed to
atspi_accessible_get_child_at_index.
+ Fix possible infinite recursion in
atspi_accessible_clear_cache.
- Add or dbus-broker to existing dbus-1 Requires: we already pass
dbus_broker=/usr/bin/dbus-broker-launch and
default_bus=dbus-broker to meson during build.
==== attica-qt5 ====
Version update (5.105.0 -> 5.106.0)
Subpackages: libKF5Attica5
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== autoyast2 ====
Version update (4.6.1 -> 4.6.2)
- Properly install the selected products, do not lose them after
resetting the package manager internally (bsc#1202234)
- 4.6.2
==== baloo5 ====
Version update (5.105.0 -> 5.106.0)
Subpackages: baloo5-file baloo5-file-lang baloo5-imports baloo5-kioslaves baloo5-kioslaves-lang baloo5-tools baloo5-tools-lang libKF5Baloo5 libKF5BalooEngine5 libKF5BalooEngine5-lang
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* baloosearch: Inform the user when the specified dir is not canonical
* aggressively resource constrain baloo_file
==== baloo5-widgets ====
Version update (23.04.0 -> 23.04.1)
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- No code change since 23.04.0
==== bind ====
Version update (9.18.14 -> 9.18.15)
- Update to release 9.18.15
Bug Fixes:
* The max-transfer-time-in and max-transfer-idle-in statements
have not had any effect since the BIND 9 networking stack was
refactored in version 9.16. The missing functionality has been
re-implemented and incoming zone transfers now time out
properly when not progressing.
* The read timeout in rndc is now 60 seconds, matching the
behavior in BIND 9.16 and earlier. It had previously been
lowered to 30 seconds by mistake.
* When the ISC_R_INVALIDPROTO (ENOPROTOOPT, EPROTONOSUPPORT)
error code is returned by libuv, it is now treated as a network
failure: the server for which that error code is returned gets
marked as broken and is not contacted again during a given
resolution process.
* When removing delegations from an opt-out range,
empty-non-terminal NSEC3 records generated by those delegations
were not cleaned up. This has been fixed.
* Log file rotation code did not clean up older versions of log
files when the logging channel had an absolute path configured
as a file destination. This has been fixed.
Known Issues:
* Sending NOTIFY messages silently fails when the source port
specified in the notify-source statement is already in use.
This can happen e.g. when multiple servers are configured as
NOTIFY targets for a zone and some of them are unresponsive.
This issue can be worked around by not specifying the source
port for NOTIFY messages in the notify-source statement; note
that source port configuration is already deprecated and will
be removed altogether in a future release.
==== bluedevil5 ====
Version update (5.27.4 -> 5.27.5)
Subpackages: bluedevil5-lang
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* applet: introduce a brief animation for section height estimates (kde#438610)
* applet: Fix Toolbar padding in RTL mode
==== bluez-qt ====
Version update (5.105.0 -> 5.106.0)
Subpackages: bluez-qt-imports bluez-qt-udev libKF5BluezQt6
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== breeze ====
Version update (5.27.4 -> 5.27.5)
Subpackages: breeze5-cursors breeze5-decoration breeze5-style breeze5-style-lang breeze5-wallpapers libbreezecommon5-5
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* ProgressBar: Stop emitting polish requests when item becomes invisible (kde#468903)
* ToolButton: Fix subcontrol menu buttons outline in RTL mode
* Remove unused methods
* ToolButton: Fix text & icon position in textUnderIcon RTL mode
- Drop patches, now upstream:
* 0001-ProgressBar-Stop-emitting-polish-requests-when-item-.patch
==== breeze-gtk ====
Version update (5.27.4 -> 5.27.5)
Subpackages: gtk2-metatheme-breeze gtk3-metatheme-breeze gtk4-metatheme-breeze metatheme-breeze-common
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* ðgtk3/titlebutton: reduce right margin of {max/minimize} button
* gtk4/windowcontrols: use updated SVG assets
* assets: resize viewports of titlebutton SVGs
* gtk3: restore old icon size for titlebutton (kde#468203)
* gtk3: remove invalid icon size property
- Drop patches, now upstream:
* 0001-gtk3-restore-old-icon-size-for-titlebutton.patch
==== breeze5-icons ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Make monochrome MS-DOS executable icons respect the color scheme
* Increase moon size for redshift-status-on icon
* Add mimetype icons for alembic files
* Add new Partition Manager app icon
* Make media-flash icon actually look like a typical flash memory card (kde#468006)
* Add new icons for the pixelate and blur tools in Spectacle
==== btrfsprogs ====
Version update (6.1.3 -> 6.3)
Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1
- qgroup show: fix formatting of limit values in json output (bsc#1206960,
bsc#1209136)
- Added patch: btrfs-progs-qgroup-show-fix-formatting-of-limit-valu.patch
- update to 6.3
* mkfs: option -R deprecated, options unified in -O (-R still works)
* mkfs: fix potential race with udev leading to EBUSY due to repeatedly
opened file descriptors
* block-group-tree is out of experimental mode
* available as 'mkfs.btrfs -O block-group-tree'
* btrfstune can do in-place conversion to/from (use with care)
* balance: fix recognizing old and new syntax
* subvol snapshot: specific error if a failure is caused by an active swapfile
* tree-stats: rephrase warning when run on a mounted filesystem
* completion: 'filesystem du' also completes files
* check: fix docs, help text and warning that --force + --repair works on a
mounted filesystem
* build: fix static build when static libudev is available
* documentation:
* more updates from wiki, developer docs, changelogs
* reformatting
* updates and fixes
* other:
* test updates and fixes
* CI cleanups and old files removed
* integration with Github actions
- Use pre-generated documentation from tarball, fixes build on SLE targets
where sphinx might not be available
- update to 6.2.2
* fix build on old x86 architectures with builtin crypto
* device stats: fix printing wrong values in tabular output
* qgroup show: fix qgroup id formatting in json output
* restore: fix restoring xattrs on directories
* restore: don't modify metadata in dry-run mode
* balance: fix some cases wrongly parsed as old syntax
* balance: warn when deprecated syntax is used
* seeding: fall back to old way if sysfs device fsid is not available
* convert: handle orphan file ext4 feature
* other:
* sync ioctl definitions
* enable github CI
* update documentation
- update to 6.2.1
* fix build with crypto libraries
* CI images updated, build tests extended
- update to 6.2:
* receive: fix a corruption when decompressing zstd extents
* subvol sync: print total number and deletion progress
* accelerated hash algorithm implementations in fallback mode on x86_64
* fi mkswapfile: new option --uuid
* new global option --log=level to set the verbosity level directly
* other:
* experimental: update checksum conversion (not usable yet)
* build actually requires -std=gnu11
* refactor help option formatting, auto wrap long lines
==== c-ares ====
Version update (1.19.0 -> 1.19.1)
- Update to version 1.19.1
Security:
* CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
(bsc#1211604)
* CVE-2023-31147 Moderate. Insufficient randomness in generation
of DNS query IDs (bsc#1211605)
* CVE-2023-31130. Moderate. Buffer Underwrite in
ares_inet_net_pton() (bsc#1211606)
* CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE
during cross compilation (bsc#1211607)
Bug fixes:
* Fix uninitialized memory warning in test
* ares_getaddrinfo() should allow a port of 0
* Fix memory leak in ares_send() on error
* Fix comment style in ares_data.h
* Fix typo in ares_init_options.3
* Sync ax_pthread.m4 with upstream
* Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
==== checkmedia ====
Version update (6.1 -> 6.2)
Subpackages: libmediacheck6
- merge gh#openSUSE/checkmedia#17
- do not select EFI System Partition for digest calculation
(bsc#1211953)
- use default for SKIPSECTORS only for RH media
- add man pages for checkmedia and tagmedia
- add spec file for OBS
- 6.2
==== container-selinux ====
Version update (2.211.0 -> 2.215.0)
- Update to version 2.215.0:
* Add some MLS rules to policy
* Allow container runtime to dyntransition to spc_t
* Tighten controls on confined users
* Add labels for /var/lib/shared
* Cleanup entrypoint definitions
* Allow container_device_plugin_t access to debugfs
* Allow containers which use devices to map them
==== containerd ====
Version update (1.6.20 -> 1.6.21)
- Update to containerd v1.6.21 for Docker v23.0.6-ce. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.21> bsc#1211578
- Require a minimum Go version explicitly rather than using golang(API).
Fixes the change for bsc#1210298.
[ This was only released in SLE. ]
- unversion to golang requires to always use the current default go.
(bsc#1210298)
==== createrepo_c ====
Subpackages: libcreaterepo_c0 python3-createrepo_c
- disable DeltaRPM for ALP
==== crypto-policies ====
Version update (20210917.c9d86d1 -> 20230420.3d08ae7)
Subpackages: crypto-policies-scripts
- FIPS: Enable to set the kernel FIPS mode with fips-mode-setup
and fips-finish-install commands, add also the man pages. The
required FIPS modules are left to be installed by the user.
* Rebase crypto-policies-FIPS.patch
- Revert a breaking change that introduces the config option
rh-allow-sha1-signatures that is unkown to OpenSSL and fails
on startup. We will consider adding this option to openssl.
* https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/commit/97fe4494
* Add crypto-policies-revert-rh-allow-sha1-signatures.patch
- Update the update-crypto-policies(8) man pages and README.SUSE
to mention the supported back-end policies. [bsc#1209998]
* Add crypto-policies-supported.patch
- Update to version 20230420.3d08ae7:
* openssl, alg_lists: add brainpool support
* openssl: set Groups explicitly
* codespell: ignore aNULL
* rpm-sequoia: allow 1024 bit DSA and SHA-1 per FeSCO decision 2960
* sequoia: add separate rpm-sequoia backend
* crypto-policies.7: state upfront that FUTURE is not so interoperable
* Makefile: update for asciidoc 10
* Skip not needed LibreswanGenerator and SequoiaGenerator:
- Add crypto-policies-policygenerators.patch
* Remove crypto-policies-test_supported_modules_only.patch
* Rebase crypto-policies-no-build-manpages.patch
- Update to version 20221214.a4c31a3:
* bind: expand the list of disableable algorithms
* libssh: Add support for openssh fido keys
* .gitlab-ci.yml: install krb5-devel for krb5-config
* sequoia: check using sequoia-policy-config-check
* sequoia: introduce new back-end
* Makefile: support overriding asciidoc executable name
* openssh: make none and auto explicit and different
* openssh: autodetect and allow forcing RequiredRSASize presence/name
* openssh: remove _pre_8_5_ssh
* pylintrc: update
* Revert "disable SHA-1 further for a Fedora 38 Rawhide "jump scare"..."
* disable SHA-1 further for a Fedora 38 Rawhide "jump scare"...
* Makefile: exclude built manpages from codespell
* add openssh HostbasedAcceptedAlgorithms
* openssh: add RSAMinSize option following min_rsa_size
* Revert ".gitlab-ci.yml: skip pylint (bz2069837)"
* docs: add customization recommendation
* tests/java: fix java.security.disableSystemPropertiesFile=true
* policies: add FEDORA38 and TEST-FEDORA39
* bind: control ED25519/ED448
* openssl: disable SHA-1 signatures in FUTURE/NO-SHA1
* .gitlab-ci.yml: skip pylint (bz2069837)
* openssh: add support for sntrup761x25519-sha512(a)openssh.com
* fips-mode-setup: fix one unrelated check to intended state
* fips-mode-setup, fips-finish-install: abandon /etc/system-fips
* Makefile: fix alt-policy test of LEGACY:AD-SUPPORT
* fips-mode-setup: catch more inconsistencies, clarify --check
* fips-mode-setup: improve handling FIPS plus subpolicies
* .gitlab-ci.yml: use rawhide so that we get gnutls 3.7.3
* gnutls: enable SHAKE, needed for Ed448
* gnutls: use allowlisting
* openssl: add newlines at the end of the output
* FIPS:OSPP: relax -ECDSA-SHA2-512, -FFDHE-*
* fips-mode-setup, fips-finish-install: call zipl more often
* Add crypto-policies-rpmlintrc file to avoid files-duplicate,
zero-length and non-conffile-in-etc warnings.
* Rebase patches:
- crypto-policies-FIPS.patch
- crypto-policies-no-build-manpages.patch
* Update README.SUSE
==== cups ====
Subpackages: cups-client cups-config libcups2 libcupsimage2
- cups-2.4.2-CVE-2023-32324.patch fixes CVE-2023-32324
"Heap buffer overflow in cupsd"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
bsc#1211643
==== cups-filters ====
- cups-filters-1.28.15-0001-beh-backend-Use-execv-instead-of-system-CVE-2023-24805.patch
cups-filters-1.28.15-0002-beh-backend-Extra-checks-against-odd-forged-input-CVE-2023-24805.patch
cups-filters-1.28.15-0003-beh-backend-Further-improvements-CVE-2023-24805.patch
are the upstream
0001-beh-backend-Use-execv-instead-of-system-CVE-2023-24805.patch
0002-beh-backend-Extra-checks-against-odd-forged-input-CVE-2023-24805.patch
0003-beh-backend-Further-improvements-CVE-2023-24805.patch
backported to cups-filters-1.28.15
to fix CVE-2023-24805: RCE in cups-filters, beh CUPS backend
(bsc#1211340) and
https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb6…
==== curl ====
Version update (8.0.1 -> 8.1.2)
Subpackages: libcurl4
- Update to 8.1.2:
* Bugfixes:
- configure: quote the assignments for run-compiler
- configure: without pkg-config and no custom path, use -lnghttp2
- curl: cache the --trace-time value for a second
- http2: fix EOF handling on uploads with auth negotiation
- http3: send EOF indicator early as possible
- lib1560: verify more scheme guessing
- lib: remove unused functions, make single-use static
- libcurl.m4: remove trailing 'dnl' that causes this to break autoconf
- libssh: when keyboard-interactive auth fails, try password
- misc: fix spelling mistakes
- page-header: mention curl version and how to figure out current release
- page-header: minor wording polish in the URL segment
- scripts/singleuse.pl: add more API calls
- urlapi: remove superfluous host name check
- Update to 8.1.1:
* Bugfixes:
- cf-socket: completely remove the disabled
USE_RECV_BEFORE_SEND_WORKAROUND
- checksrc: disallow spaces before labels
- curl_easy_getinfo: clarify on return data types
- docs: document that curl_url_cleanup(NULL) is a safe no-op
- hostip: move easy_lock.h include above curl_memory.h
- http2: double http request parser max line length
- http2: increase stream window size to 10 MB
- lib: rename struct 'http_req' to 'httpreq'
- ngtcp2: proper handling of uint64_t when adjusting send buffer
- sectransp.c: make the code c89 compatible
- select: avoid returning an error on EINTR from select() or poll()
- url: provide better error message when URLs fail to parse
- urlapi: allow numerical parts in the host name
- Update to 8.1.0:
* Security fixes:
- UAF in SSH sha256 fingerprint [bsc#1211230, CVE-2023-28319]
- siglongjmp race condition [bsc#1211231, CVE-2023-28320]
- IDN wildcard match [bsc#1211232, CVE-2023-28321]
- POST-after-PUT confusion [bsc#1211233, CVE-2023-28322]
- See also: https://curl.se/docs/security.html
* Changes:
- curl: add --proxy-http2
- CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2
- hostip: refuse to resolve the .onion TLD
- tool_writeout: add URL component variables
* Bugfixes:
- See full changelog here: https://curl.se/changes.html#8_1_0
==== dav1d ====
Version update (1.2.0 -> 1.2.1)
- Update to version 1.2.1
* Fix a threading race on task_thread.init_done
* NEON z2 8bpc and high bit-depth optimizations
* SSSE3 z2 high bit-depth optimziations
* Fix a desynced luma/chroma planes issue with Film Grain
* Reduce memory consumption
* Improve dav1d_parse_sequence_header() speed
* OBU: Improve header parsing and fix potential overflows
* OBU: Improve ITU-T T.35 parsing speed
* Misc buildsystems, CI and headers fixes
- Add to description some performance mentions that set it apart
from other packages e.g. gav1.
==== diffutils ====
Version update (3.9 -> 3.10)
- diffutils 3.10:
* cmp/diff can again work with file dates past Y2K38
* diff -D no longer fails to output #ifndef lines
==== discover ====
Version update (5.27.4 -> 5.27.5)
Subpackages: discover-backend-flatpak discover-backend-fwupd discover-backend-packagekit discover-lang discover-notifier
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* Fix margins around distro upgrade message (kde#469163)
* rpm-ostree: Do not offer resources when the search doesn't pertain (kde#468162)
* Updates page: fix missing clip causing items to paint over logging scrollview
* updates ui: Simplify bottom toolbar logic (kde#468459)
* flatpak: Do not crash if for any reason we lack a ref's source (kde#467827)
* PackageKitNotifier: Do not refresh database if update is in progress
* fwupd: Set user agent, and allow following redirects
* Allow building against libmarkdown3
* Always clear offline updates file after a repair operation (kde#451753,kde#450973)
* ApplicationPage: Fix layout for content rating dialog (kde#466815)
* flatpak: Report latest available version (kde#465864,kde#448521)
==== dnsmasq ====
- Correct rundir from /var/run to /run for pid file
==== docker ====
Version update (23.0.5_ce -> 23.0.6_ce)
Subpackages: docker-bash-completion
- Update to Docker 23.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/23.0/#2306>. bsc#1211578
- Rebase patches:
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Re-unify packaging for SLE-12 and SLE-15.
- Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers
(the uapi headers in SLE-12 are too old).
+ 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- Re-numbered patches:
- 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch`
==== dolphin ====
Version update (23.04.0 -> 23.04.1)
Subpackages: dolphin-part libdolphinvcs5
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- Changes since 23.04.0:
* Fix build without KF5Activities
* Fix activating the Selection Mode with a keyboard shortcut (kde#465489)
* Restrict attaching instances to those on the same activity or same virtual desktop
==== dos2unix ====
Version update (7.4.4 -> 7.5.0)
- update to 7.5.0:
* New option -e, --add-eol to add a line break to the last line
if the isn't one
* New option -O, --to-stdout to write to standard output
==== drkonqi5 ====
Version update (5.27.4 -> 5.27.5)
Subpackages: drkonqi5-lang
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== e2fsprogs ====
Version update (1.46.5 -> 1.47.0)
Subpackages: libcom_err2 libext2fs2
- Update to 1.47.0:
* Add support for the orphan_file feature, which speeds up workloads
that are deleting or truncating a large number files in parallel.
This compat feature was first supported in the v5.15 Linux kernel.
* The mke2fs program (via the mke2fs.conf file) now enables the
metadata_csum_seed and orphan_file features by default.
The metadata_csum_seed feature is an incompat feature which is
first supported in the Linux kernel starting in the 4.4 kernel.
* Mke2fs now supports the extended option "assume_storage_prezeroed"
which causes mke2fs to skip zeroing the journal and inode tables
and to mark the inode tables as zeroed.
* Add support to tune2fs and e2label to set the label and UUID for
a mounted file system using a ioctl, which is more reliable than
modifying the superblock via writing to the block device.
The kernel support for setting the label landed in v5.17, while
the support for adding the UUID landed in v6.0. If the ioctls
are not supported, tune2fs and e2label will fall back old
strategy of directly modifying the superblock.
* Allow tune2fs to disable the casefold feature after scanning all
of the directories do not have the Casefold flag set.
==== elfutils ====
Subpackages: libasm1 libdw1 libelf1
- Add _multibuild to define 2nd spec file as additional flavor.
Eliminates the need for source package links in OBS.
==== ethtool ====
Version update (6.2 -> 6.3)
Subpackages: ethtool-bash-completion
- update to upstream release 6.3
* Feature: PLCA support (--[gs]et-plca-cfg, --get-plca-status)
* Feature: MAC Merge layer support (--show-mm, --set-mm)
* Feature: pass source of statistics for port stats
* Feature: get/set rx push in ringparams (-g and -G)
* Feature: coalesce tx aggregation parameters (-c and -C)
* Feature: PSE and PD devices (--show-pse, --set-pse)
* Fix: minor fixes of help text (--help)
* Fix: fix build on systems with older system headers
* Fix: fix netlink support when PLCA is not present (no option)
* Fix: fixes for issues found with gcc13 -fanalyzer
* Fix: fix return code in rxclass_rule_ins (-N)
* Fix: more robust argc/argv handling
==== evolution-data-server ====
Version update (3.48.1 -> 3.48.2)
Subpackages: libcamel-1_2-64 libebackend-1_2-11 libebook-1_2-21 libebook-contacts-1_2-4 libecal-2_0-2 libedata-book-1_2-27 libedata-cal-2_0-2 libedataserver-1_2-27 libedataserverui-1_2-4
- Update to version 3.48.2:
+ Bug Fixed:
- Camel: Set proper S/MIME signature verification status.
- IMAP: Cannot remove labels added in Thunderbird.
- WebDAV: Fails to discover iCloud address book.
- Wrong S/MIME certificate selection for encrypted email.
==== ffmpegthumbs ====
Version update (23.04.0 -> 23.04.1)
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- No code change since 23.04.0
==== filelight ====
Version update (23.04.0 -> 23.04.1)
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- Changes since 23.04.0:
* disable qml disk cache (kde#466415)
* use the default loading text for polish (kde#468395)
==== firewalld ====
Subpackages: firewalld-bash-completion python3-firewall
- Add firewalld-runstatedir.patch: change pid file location from
/var/run to /run
==== frameworkintegration ====
Version update (5.105.0 -> 5.106.0)
Subpackages: frameworkintegration-plugin libKF5Style5
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== freetype2 ====
- Do not limit ftdump conflict to < version-release, but only to
version. Ftdump is built in a second build flavor and as such the
release counters are not guaranteed to be in sync.
==== fuse3 ====
Subpackages: libfuse3-3
- update the license tag matching the code (LGPL-2.1-only and
GPL-2.0-only)
==== gawk ====
Version update (5.2.1 -> 5.2.2)
- enable profiling
- Update to gawk 5.2.2
* will now diagnose if a heap file was created with a different
setting of -M/--bignum than in the current invocation and exit
with a fatal message if so.
* no longer "leaks" its free list of NODEs in the heap file,
resulting in much more efficient usage of persistent storage
* PROCINFO["pma"] exists if the PMA allocator is compiled into
gawk. Its value is the PMA version.
* The time extension is no longer deprecated. The strptime()
function from gawkextlib's timex extension has been added to
it.
* Better information is passed to input parsers for when they
want to decide whether or not to take control of a file.
* The various PNG files are now installed for Info and HTML
* Bug fixes and developer visible fixes
==== gcc13 ====
Version update (13.0.1+git7231 -> 13.1.1+git7364)
Subpackages: cpp13 libgcc_s1 libgfortran5 libgomp1 libobjc4 libstdc++6 libstdc++6-pp libubsan1
- Bump to dd36656ada05731c069ecd5b1878380294fb1f3e, git7364.
* Includes the RISC-V atomic changes
- Remove riscv-atomic.patch and riscv-pthread.patch now included
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Bump to 910735c5d7ce7607384fc1eec4189e90c8ae5c84, git7256.
* Includes GCC 13.1 release and first bugfixes
- Update riscv-atomic.patch from the version committed upstream.
==== gdb ====
- disable werror as a workaround for deprecation warnings with
python 3.11 (bsc#1211052)
- Revert to singlespec multibuild.
==== glib2 ====
Version update (2.76.2 -> 2.76.3)
Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0
- Update to version 2.76.3:
+ Bugs fixed: glgo#GNOME/GLib#1264, glgo#GNOME/GLib!3402,
glgo#GNOME/GLib!3403, glgo#GNOME/GLib!3427,
glgo#GNOME/GLib!3428, glgo#GNOME/GLib!3434.
+ Updated translations.
==== glibc ====
Subpackages: glibc-extra glibc-locale glibc-locale-base nscd
- ulp-prologue-into-asm-functions.patch: Add support for livepatches in
ASM written functions (bsc#1210777)
==== glslang ====
Version update (12.1.0 -> 12.2.0)
- Update to release 12.2.0
* Support GLSL_EXT_shader_tile_image,
GL_EXT_ray_tracing_position_fetch, and custom include callbacks
via the C API
* Add preamble-text command-line option
* Accept variables as parameters of spirv_decorate_id
==== gnome-control-center ====
Version update (44.1 -> 44.2)
Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces
- Update to version 44.2:
+ Various small accessibility fixes.
+ Fixes in Gtk template usage that causes crashes on some
systems.
+ Appearance: Clear dconf when resetting to defaults.
+ Mouse: Hide entire "Touchpad" row when touchpad cannot be
disabled.
+ Network: Fix racy radio buttons in connection editor.
+ Users: Remove autologin row tooltip when unlocked.
+ Updated translations.
==== gnome-session ====
Subpackages: gnome-session-core gnome-session-default-session gnome-session-wayland
- Drop pkgconfig(dbus-glib-1) BuildRequires: Only needed when
building with consolekit support, and we do not do that anymore.
- Replace dbus-1-x11 with explicit /usr/bin/dbus-launch Requires,
as that is what is really needed.
==== gnome-software ====
Version update (44.1 -> 44.2)
Subpackages: gnome-software-plugin-packagekit
- Update to version 44.2:
+ Fix subsequent checking for updates if the first check after
login fails.
+ Fix checking for updates when automatic updates are disabled.
+ Fix rare stall when many background jobs are running.
+ Donât download rpm-ostree updates when only checking if updates
are available.
+ Fix bug with listing flatpak addons when multiple flathub
remotes are enabled.
+ Fix duplicated sources in app details page when using an
appstream URL.
+ Reduce background resource consumption when idle.
+ Updated translations.
==== gnutls ====
- FIPS: Fix baselibs.conf to mention libgnutls30-hmac [bsc#1211476]
Extend also the checks in gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
- FIPS: Skip the fixed HMAC verification for nettle, hogweed and
gmp libraries. These calculated HMACs change for every build of
each of these packages, we only have to verify that for gnutls.
* Add gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch [bsc#1211476]
- FIPS: Merge libgnutls30-hmac package into the library [bsc#1185116]
- Disable GNULIB's year2038 also for 32-bit arm - boo#1211394
==== grantlee5 ====
- Add patch to fix test failures on Leap 15:
* 0001-Add-a-call-to-registerComparators-in-testbuiltins.patch
==== grep ====
Version update (3.10 -> 3.11)
- update to 3.11:
* With -P, patterns like [\d] now work again. Fixing this
has caused grep to revert to the behavior of grep 3.8, in that
patterns like \w and ^H go back to using ASCII rather
than Unicode interpretations.
However, future versions of GNU grep and/or PCRE2 are
likely to fix this and change the behavior of \w and ^H
back to Unicode again, without breaking [\d] as 3.10 did.
==== grub2 ====
Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin
- add 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch,
0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch:
* support more featureful extX filesystems (backport from
upstream git)
- grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563)
==== gstreamer ====
Version update (1.22.2 -> 1.22.3)
Subpackages: libgstreamer-1_0-0 typelib-1_0-Gst-1_0
- Update to version 1.22.3:
+ Highlighted bugfixes:
- avdec: fix occasional video decoder deadlock on seeking with
FFmpeg 6.0.
- decodebin3: fix regression handling input streams without
CAPS or TIME segment such as e.g. udpsrc or `pushfilesrc.
- bluez: a2dpsink: fix Bluetooth SIG Certification test
failures.
- osxvideosink: fix deadlock upon closing output window.
- qtdemux: fix edit list handling regression and AV1 codec box
parsing.
- qtmux: fix extraction of CEA608 closed caption data from
S334-1A packets.
- rtspsrc: Fix handling of * control path.
- splitmux: timestamp handling improvements.
- v4l2videodec: Rework dynamic resolution change handling
(needed for IMX6 mainline codec).
- videoflip: fix regression with automatically rotating video
based on tags.
- d3d11: many d3d11videosink and d3d11compositor fixes.
- webrtc, rtp: numerous data race fixes and stability fixes.
- various bug fixes, memory leak fixes, and other stability and
reliability improvements.
+ gstreamer:
- tracing: Initialize tracing infrastructure even if the debug
system is not compiled in.
- parse-launch: fix missing unref of looked-up child element.
- gstutils: Add category and object to most logging messages.
- Rebase reduce-required-meson.patch.
==== gstreamer-plugins-bad ====
Version update (1.22.2 -> 1.22.3)
Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0
- Update to version 1.22.3:
+ a2dpsink: Fails many tests in Bluetooth SIG Certification.
+ avdtputil: Use int instead of int range for fixed bitpool
values.
+ ccconverter:
- reintroduce frame count reset on cycle completion
- integer overflow & crashing
+ codectimestamper: remove PC file generation from plugin's own
meson.build.
+ cudamemory: Fix for semi planar YUV memory size decision.
+ d3d11compositor:
- Reconfigure resource only when output caps is changed.
- Skip zero alpha input.
+ d3d11convert: Fix for runtime property update.
+ d3d11memory: Don't clear wrapped texture memory.
+ d3d11videosink:
- Fix for ignored initial render rectangle.
- Fix race condition in window unprepare.
- Enhancement for initial window size decision.
- Don't clear prepared buffer on unlock_stop().
+ dashdemux: mpdclient: fix divide by 0 if segment has no
duration.
+ dtlstransport: Keep strong ref of dtls encoder/decoder.
+ GstPlay:
- Avoid getting property of playbin2 if subtitle_sid is null.
- Fix critical log when using playbin3.
+ h264decoder: Drop nonexisting picture silently without error.
+ dtmf: element classification improvements.
+ mfvideoenc: Allow only even resolution numbers.
+ sctpenc:
- Fix potential shutdown deadlock.
- Fix "srtp-key" check.
+ tests: disable dtls test if openssl is not present.
+ tsdemux: Set number of channels to 2 for dual mono Opus.
+ va: Various fixes for defects found with MSVC.
+ wasapi2: Allows process loopback capture on Windows 10.
+ webrtcdatachannel: Bind to parent webrtcbin using a weak
reference.
+ webrtcbin: Fix potential deadlock when closing before any data
was sent.
+ webrtc:
- Plug leaks of resolved ICE addresses.
- Do not tear down data channel before data is flushed.
- Rebase reduce-required-meson.patch.
- use additional codecs on ALP
==== gstreamer-plugins-base ====
Version update (1.22.2 -> 1.22.3)
Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstTag-1_0
- Update to version 1.22.3:
+ allocators: Fix fdmem unit test with recent GLib versions.
+ audiotestsrc: Initialize all samples in wave=ticks mode.
+ decodebin3:
- Handle input streams without CAPS or TIME segment such as
e.g. udpsrc or pushfilesrc.
- Fix regression handling streams without caps.
- Fix random hang when remove failing stream.
+ uridecodebin3: Ensure atomic urisourcebin state change.
+ glvideoflip: fix leaked caps.
+ glcontext_wgl: fix missing unref.
+ playsink: Fix volume leak.
- Rebase reduce-required-meson.patch.
==== gstreamer-plugins-good ====
Version update (1.22.2 -> 1.22.3)
Subpackages: gstreamer-plugins-good-gtk
- Update to version 1.22.3:
+ adaptivedemux2: fix critical when using an unsupported URI.
+ dashdemux2: mpdclient: fix divide by 0 if segment has no
duration.
+ imagesequencesrc: Properly set default location.
+ multifile: error out if no filename was set.
+ osxvideosink: fix deadlock upon closing output window.
+ rtpmanager: rtpsession:
- Data race leading to critical warnings.
- Race conditions leading to critical warnings.
+ rtspsrc: Fix handling of * control path.
+ splitmuxsink: Catch invalid DTS to avoid running into problems
later.
+ splitmuxsrc: Make PTS contiguous by preference.
+ qtdemux: emit no-more-pads after pruning old pads.
+ Revert "qtdemux: fix conditions for end of segment in reverse
playback" to fix edit list regression.
+ qtdemux: Fix av1C parsing.
+ qtmux: Fix extraction of CEA608 data from S334-1A packets.
+ qtwindow: unref caps in destructor.
+ v4l2:
- device provider: Fix GMainLoop leak.
- videodec: Rework dynamic resolution change handling.
- videodec: Prefer acquired caps over anything downstream.
+ videoflip:
- Fix setting of method property at construction time.
- Videoflip 1.22.2 not rotating video when extracting frames.
- Rebase reduce-required-meson.patch.
==== gtk3 ====
Version update (3.24.37+70 -> 3.24.38)
Subpackages: gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-tigrigna gtk3-immodule-vietnamese gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0
- Update to version 3.24.38:
+ GtkFileChooser: Avoid warnings with GLib 2.76.
+ Theme: Set caret color in the dark theme.
+ Windows: Fix running under GLES.
+ Wayland:
- Notify on initial setting changes.
- Don't crash on 0 size cursors.
- Don't crash if xdg_activation_v1 is missing.
+ Debugging: Show more information in the inspector.
+ Updated translations.
==== gupnp-av ====
Subpackages: libgupnp-av-1_0-3
- Add upstream patch fix: 767388bc.patch: build: Fix Requires: line
of pkg-config file.
==== harfbuzz ====
Version update (7.2.0 -> 7.3.0)
Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0
- update to version 7.3.0:
+ Speedup applying glyph variation in VarComposites fonts
(over 40% speedup)
+ Speedup instancing some fonts
(over 20% speedup in instancing RobotoFlex)
+ Speedup shaping some fonts (over 30% speedup in shaping Roboto
+ Support subsetting VarComposites and beyond-64k fonts
+ New configuration macro HB_MINIMIZE_MEMORY_USAGE to favor
optimizing memory usage over speed
+ Supporting setting the mapping between old and new glyph
indices during subsetting
+ Various fixes and improvements
==== health-checker ====
Version update (1.7 -> 1.8)
Subpackages: health-checker-plugins-MicroOS
- Update to version 1.8
* Don't rely on t-u's good states in GRUB
With the introduction of the "apply" command in
transactional-update the snapshots don't require a reboot any
more to be registered as a "good" snapshot. Due to
[boo#1048088] the GRUB part of health-checker was using the t-u
file as a workaround which cannot be done any more now, so
store the last good snapshot path from a health-checker
perspective independently now.
==== highway ====
- Update memory limiter from 900 to 1400/process.
- Add memory-constraints to build
- Add no-forced-inline.diff [boo#1211093]
==== hwdata ====
Version update (0.369 -> 0.370)
- update to 0.370:
* Update pci, usb and vendor ids
==== icewm ====
Version update (3.3.2 -> 3.3.5)
Subpackages: icewm-config-upstream icewm-default icewm-lang
- Update to 3.3.5:
* Lookup icons in more context directories for issue ice-wm/icewm#132.
* An Escape key release event must match the key press event for #726.
* Report when icon could not be found for issue ice-wm/icewm#133.
* Use "firefox" instead of "mozilla" as Firefox icon for ice-wm/icewm#132.
* Rescale workspace buttons when taskbar is rather high.
* Temporarily hide the taskbar collapse button when collapsing or expanding.
* Compute the ultimate workspace button height, before creating them.
* Limit the resource string of an unresponsive client for issue #729.
* Check for TaskBarDoubleHeight when computing workspace button height.
* Also focus last window when hiding and Click-to-focus for issue #727.
* Let icesh exit with zero if the last action was a successful manager
action.
- Update to 3.3.4:
* Fix compile error for yximage.cc.
* Deprecate XRRDisable.
* Fix corrupted text if built without i18n for issue ice-wm/icewm#131.
* When internationalization is disabled, unset LIBICONV.
* Improve the quality of drawing gradients for the Imlib2 renderer.
* Improve arrow navigation in the system dialog.
* Let icesh also pick icewm internal and override redirect windows.
* Improve the quality of drawing gradients for the GdkPixbuf renderer.
* Cache workspace button backgrounds for faster redrawing.
* Guard against workspace button gradient being undefined.
* Cache toolbar button gradients to speedup drawing. Eliminate half of the
button drawings on startup.
* Let icesh report up to 1024 bytes of a property in "prop".
* Support icesh "focusmodel" for client windows without a WM_HINTS property.
* When managing a new client, postpone sending a Configure event until the
final position is known, for issue #720.
==== imlib2 ====
Version update (1.11.0 -> 1.11.1)
Subpackages: imlib2-loaders libImlib2-1
- update to 1.11.1:
* imlib2: added loader for y4m files (uses liby4m and
libyuv)
* imlib2: add y4m test examples
* Y4M loader: Various minor changes
* autofoo: Tweak PACKAGE_DATA_DIR definition
* XPM loader: Add rgb.txt
* loaders: Fix loaders potentially being loaded more than
once
* loaders: Change method used to not unload loaders
* Add JXL saver
* loaders: Cosmetics
==== installation-images-MicroOS ====
Version update (17.86 -> 17.87)
- merge gh#openSUSE/installation-images#646
- etc: update module.config to match 6.4
- 17.87
==== inxi ====
Version update (3.3.23 -> 3.3.27)
- Update to version 3.3.27:
+ /usr/share/doc/packages/inxi/inxi.changelog.
==== iso-codes ====
Version update (4.13.0 -> 4.15.0)
Subpackages: iso-codes-lang
- update to 4.15.0:
+ Updated translation for ISO 3166-1, ISO 3166-3, ISO 639-2,
ISO 3166-1, ISO 3166-2, ISO 3166-3, ISO 639-2, ISO 639-3,
ISO 639-5, ISO 4217, and ISO 15924.
+ ISO 3166-2: Fix wrong Spanish translation.
==== iso_ent ====
- Modernise spec file
==== kaccounts-integration ====
Version update (23.04.0 -> 23.04.1)
Subpackages: libkaccounts2
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- No code change since 23.04.0
==== kaccounts-providers ====
Version update (23.04.0 -> 23.04.1)
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- No code change since 23.04.0
==== kactivities-stats ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kactivities5 ====
Version update (5.105.0 -> 5.106.0)
Subpackages: kactivities5-imports libKF5Activities5
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kactivitymanagerd ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== karchive ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* karchiveentry.h: add missing KArchive forward declaration
==== kate ====
Version update (23.04.0 -> 23.04.1)
Subpackages: kate-plugins
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- Changes since 23.04.0:
* ensure sidebars are properly collapsed (kde#460160)
==== kauth ====
Version update (5.105.0 -> 5.106.0)
Subpackages: libKF5Auth5 libKF5Auth5-lang libKF5AuthCore5
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kbookmarks ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kcm_flatpak ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Too many changes to list here
==== kcm_sddm ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* Sync cursor size too (kde#467326)
==== kcmutils ====
Version update (5.105.0 -> 5.106.0)
Subpackages: kcmutils-imports libKF5KCMUtils5 libKF5KCMUtilsCore5
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* KCModuleQml: Set and inherit LayoutMirroring on an off-screen window
==== kcodecs ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kcompletion ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kconfig ====
Version update (5.105.0 -> 5.106.0)
Subpackages: kconf_update5 libKF5ConfigCore5 libKF5ConfigGui5 libKF5ConfigQml5
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Add workaround to support config name with minus sign
==== kconfigwidgets ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kcoreaddons ====
Version update (5.105.0 -> 5.106.0)
Subpackages: libKF5CoreAddons5
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* exportUrlsToPortal: let it work in a non-KDE session (kde#458643)
* exportUrlsToPortal: don't export when there are non-sendable non-local files
* KDirWatch: Don't append fileName to fileName in Delete event (kde#467095)
==== kcrash ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kdbusaddons ====
Version update (5.105.0 -> 5.106.0)
Subpackages: kdbusaddons-tools libKF5DBusAddons5
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kde-cli-tools5 ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* add kinfo (kde#403077)
- Add patch to fix kinfo (sigh):
* 0001-kinfo-Use-kcmshell5-with-Plasma-5.patch
==== kde-gtk-config5 ====
Version update (5.27.4 -> 5.27.5)
Subpackages: kde-gtk-config5-gtk3
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* kded: add explicit waiting time before setting colors
* kded: don't update text scale on kdeglobals change events
==== kde-print-manager ====
Version update (23.04.0 -> 23.04.1)
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- No code change since 23.04.0
==== kdeclarative ====
Version update (5.105.0 -> 5.106.0)
Subpackages: kdeclarative-components libKF5CalendarEvents5 libKF5Declarative5 libKF5QuickAddons5
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Guard nullable property access, and bind instead of assigning once
* CalendarEventsPlugin: fix wrong deprecation for signal alternateDateReady
==== kded ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kdegraphics-thumbnailers ====
Version update (23.04.0 -> 23.04.1)
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- No code change since 23.04.0
==== kdelibs4support ====
Version update (5.105.0 -> 5.106.0)
Subpackages: libKF5KDELibs4Support5
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kdenetwork-filesharing ====
Version update (23.04.0 -> 23.04.1)
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- No code change since 23.04.0
==== kdesu ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kdialog ====
Version update (23.04.0 -> 23.04.1)
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- No code change since 23.04.0
==== kdnssd-framework ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kdoctools ====
Version update (5.105.0 -> 5.106.0)
Subpackages: libKF5DocTools5
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kernel-firmware ====
Version update (20230427 -> 20230517)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network
- Update to version 20230517 (git commit 08b854f02066):
* rtlwifi: Add firmware v6.0 for RTL8192FU
* rtlwifi: Update firmware for RTL8188EU to v28.0
* cirrus: Add firmware and tuning files for HP G10 series laptops
* linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
* WHENCE: Cleanup Realtek BT firmware provenance
* linux-firmware: update firmware for MT7922 WiFi device
* cnm: update chips&media wave521c firmware.
* cirrus: Add firmware and tuning files for Lenovo ThinkPad P1 Gen 6
* check_whence: error on directory listed as File
* check_whence: error on duplicate file entries
* WHENCE: comment out duplicate MediaTek firmware
* i915: Add GuC v70.6.6 for MTL
* amdgpu: update DCN 3.1.6 DMCUB firmware
* rtl_bt: Update RTL8852B BT USB firmware to 0xDBC6_B20F
* rtl_bt: Update RTL8761B BT USB firmware to 0xDFC6_D922
* rtl_bt: Update RTL8761B BT UART firmware to 0x9DC6_D922
- Update aliases from 6.4-rc3
==== kernel-source ====
Version update (6.3.1 -> 6.3.4)
- xfs: fix livelock in delayed allocation at ENOSPC (brc#2208553
xfs-issue).
- commit 2c66b1f
- Linux 6.3.4 (bsc#1012628).
- drm/fbdev-generic: prohibit potential out-of-bounds access
(bsc#1012628).
- drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values (bsc#1012628).
- drm/nouveau/disp: More DP_RECEIVER_CAP_SIZE array fixes
(bsc#1012628).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (bsc#1012628).
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
(bsc#1012628).
- net: skb_partial_csum_set() fix against transport header magic
value (bsc#1012628).
- net: mdio: mvusb: Fix an error handling path in
mvusb_mdio_probe() (bsc#1012628).
- perf/core: Fix perf_sample_data not properly initialized for
different swevents in perf_tp_event() (bsc#1012628).
- scsi: ufs: core: Fix I/O hang that occurs when BKOPS fails in
W-LUN suspend (bsc#1012628).
- tick/broadcast: Make broadcast device replacement work correctly
(bsc#1012628).
- linux/dim: Do nothing if no time delta between samples
(bsc#1012628).
- net: stmmac: Initialize MAC_ONEUS_TIC_COUNTER register
(bsc#1012628).
- net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs()
(bsc#1012628).
- net: phy: bcm7xx: Correct read from expansion register
(bsc#1012628).
- netfilter: nf_tables: always release netdev hooks from notifier
(bsc#1012628).
- netfilter: conntrack: fix possible bug_on with enable_hooks=1
(bsc#1012628).
- bonding: fix send_peer_notif overflow (bsc#1012628).
- netlink: annotate accesses to nlk->cb_running (bsc#1012628).
- net: annotate sk->sk_err write from do_recvmmsg() (bsc#1012628).
- net: deal with most data-races in sk_wait_event() (bsc#1012628).
- net: add vlan_get_protocol_and_depth() helper (bsc#1012628).
- tcp: add annotations around sk->sk_shutdown accesses
(bsc#1012628).
- gve: Remove the code of clearing PBA bit (bsc#1012628).
- ipvlan:Fix out-of-bounds caused by unclear skb->cb
(bsc#1012628).
- net: mscc: ocelot: fix stat counter register values
(bsc#1012628).
- drm/sched: Check scheduler work queue before calling timeout
handling (bsc#1012628).
- net: datagram: fix data-races in datagram_poll() (bsc#1012628).
- af_unix: Fix a data race of sk->sk_receive_queue->qlen
(bsc#1012628).
- af_unix: Fix data races around sk->sk_shutdown (bsc#1012628).
- drm/i915/guc: Don't capture Gen8 regs on Xe devices
(bsc#1012628).
- drm/i915: Fix NULL ptr deref by checking new_crtc_state
(bsc#1012628).
- drm/i915/dp: prevent potential div-by-zero (bsc#1012628).
- drm/i915: taint kernel when force probing unsupported devices
(bsc#1012628).
- fbdev: arcfb: Fix error handling in arcfb_probe() (bsc#1012628).
- ext4: reflect error codes from ext4_multi_mount_protect()
to its callers (bsc#1012628).
- ext4: don't clear SB_RDONLY when remounting r/w until quota
is re-enabled (bsc#1012628).
- ext4: allow to find by goal if EXT4_MB_HINT_GOAL_ONLY is set
(bsc#1012628).
- ext4: allow ext4_get_group_info() to fail (bsc#1012628).
- refscale: Move shutdown from wait_event() to wait_event_idle()
(bsc#1012628).
- selftests: cgroup: Add 'malloc' failures checks in
test_memcontrol (bsc#1012628).
- rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access
(bsc#1012628).
- open: return EINVAL for O_DIRECTORY | O_CREAT (bsc#1012628).
- fs: hfsplus: remove WARN_ON() from
hfsplus_cat_{read,write}_inode() (bsc#1012628).
- drm/displayid: add displayid_get_header() and check bounds
better (bsc#1012628).
- drm/amd/display: populate subvp cmd info only for the top pipe
(bsc#1012628).
- drm/amd/display: Correct DML calculation to align HW formula
(bsc#1012628).
- drm/amd/display: enable DPG when disabling plane for phantom
pipe (bsc#1012628).
- platform/x86: x86-android-tablets: Add Acer Iconia One 7 B1-750
data (bsc#1012628).
- drm/amd/display: Enable HostVM based on rIOMMU active
(bsc#1012628).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function
(bsc#1012628).
- regmap: cache: Return error in cache sync operations for
REGCACHE_NONE (bsc#1012628).
- remoteproc: imx_dsp_rproc: Add custom memory copy implementation
for i.MX DSP Cores (bsc#1012628).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks
(bsc#1012628).
- accel/habanalabs: postpone mem_mgr IDR destruction to
hpriv_release() (bsc#1012628).
- drm/amd/display: reallocate DET for dual displays with high
... changelog too long, skipping 2170 lines ...
- commit d6c8c20
==== keylime ====
Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python310-keylime
- Add missing jsonschema dependecy
==== kfilemetadata5 ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Test HEIF in Exiv2Extractor
* Test JXL in Exiv2Extractor, extend JPEG coverage
* Move static private helper out of Exiv2ExtractorTest class
* Clean up Exiv2/C++14 warning message
* Remove usage of deprecated MP4::ItemListMap in taglib extractor
* Disable external extractor/writer test on Windows
* Modernize and extend CMake check for Python3
* Extend dignostics for taglib autotests
* Make fb2 extractor compilation dependent on KF5Archive
==== kgamma5 ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== kglobalaccel ====
Version update (5.105.0 -> 5.106.0)
Subpackages: kglobalaccel5 libKF5GlobalAccel5 libKF5GlobalAccelPrivate5
- Fix systemd_user_preun/postun calls: all systemd_user macros take
service names as parameter.
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kguiaddons ====
Version update (5.105.0 -> 5.106.0)
Subpackages: libKF5GuiAddons5
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== khelpcenter5 ====
Version update (23.04.0 -> 23.04.1)
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- No code change since 23.04.0
==== kholidays ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== khotkeys5 ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== khtml ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== ki18n ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kiconthemes ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kidletime ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kimageformats ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Fix wrong alpha conversion (kde#468288)
==== kinfocenter5 ====
Version update (5.27.4 -> 5.27.5)
Subpackages: kinfocenter5-lang
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* about-distro: add a dump mode to print to cli (kde#403077)
* nics: reset model on update (kde#468026)
==== kinit ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kio ====
Version update (5.105.0 -> 5.106.0)
Subpackages: kio-core
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* ApplicationLauncherJob: find mimetype before showing open with dialog
* KPropertiesDialog: Don't quote the path unnecessarily (kde#467369)
* KEncodingFileDialog: Sort the list of encodings by name
* WidgetsAskUserActionHandler: make sure all dialogs are created in the main thread (kde#458709)
* WidgetsAskUserActionHandler: create message dialog in the main thread (kde#465454)
* file: make sure to cancel reading if the worker was aborted (kde#358231)
* autotests: Fix Qt 6.5 compatibility
* KFileItemActions: don't add service submenus that don't have active actions
* Improve grammar, wording, add a test check
* KCoreDirLister: AutoUpdate wasn't incremented when a new lister opened an already listed dir
* SlaveInterface: Set button icon for "Continue Loading"
* Set ExitType when running applications as transient systemd services
==== kio-extras5 ====
Version update (23.04.0 -> 23.04.1)
Subpackages: libkioarchive5
- Add some missing BuildRequires (boo#1211933)
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- No code change since 23.04.0
==== kirigami2 ====
Version update (5.105.0 -> 5.106.0)
Subpackages: libKF5Kirigami2-5
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Fix spacing issue in OverlaySheet
* GlobalToolBar: Fix enabled state of the BackButton in RTL mode
* CardsGridView: improve columns property codeblock
* SelectableLabel: Prevent it from participating in Tab chain
* Tutorials: docs/use with docs/getting-started
* Update Mainpage.dox KF5
* Fix disabled text color in Material style with dark color scheme
* ActionButton: Fix reference to a tooltip attached property
* BreadcrumbControl: Fix wrong heading offset in RTL layout direction
* Documentation refresh/fixups
* Port actionsMenu manual test away from manual header management
* ContextDrawer: Remove top padding as well
* BreadcrumbControl: Fix errors from wrong indexing
* Fix accessibility of back and forward button
* toolbarlayout: addAction(): return early if action is empty
* Don't use id in background item
* private/ActionsMenu: Remove empty unused component
* fix dragging from toolbar (kde#467857)
* SwipeListItem: Fix for QT_QUICK_CONTROLS_MOBILE (kde#467884)
* OverlayDrawer: Fix z value being too high for OverlaySheets (kde#466219)
* Added keyboard search icon to SearchField
==== kitemmodels ====
Version update (5.105.0 -> 5.106.0)
Subpackages: kitemmodels-imports libKF5ItemModels5
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kitemviews ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kjobwidgets ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kjs ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kmenuedit5 ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== knewstuff ====
Version update (5.105.0 -> 5.106.0)
Subpackages: knewstuff-imports libKF5NewStuff5 libKF5NewStuffCore5 libKF5NewStuffWidgets5
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Remove unused dependencies
==== knotifications ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== knotifyconfig ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== konsole ====
Version update (23.04.0 -> 23.04.1)
Subpackages: konsole-part konsole-part-lang
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- Changes since 23.04.0:
* Invalidate selection reference points on resize (kde#464040)
* Fix kglobalaccel integration
* Draw selected background for right half of double width char if selected (kde#468465)
==== kpackage ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Deprecate KPackage::Package::name, add default for parameters
==== kparts ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kpeople5 ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kpipewire ====
Version update (5.27.4 -> 5.27.5)
Subpackages: kpipewire-imports libKPipeWire5 libKPipeWireDmaBuf5 libKPipeWireRecord5
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* Item: hide the cursor when we start getting null positions
* Item: Make sure we have a texture at all times
* Do not process corrupt frames
* Record: Do not crash when closing while recording (kde#467593)
* Expose the stream size in PipewireSourceItem
==== kpty ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kquickcharts ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== krunner ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Backport new API for RunnerSyntax, deprecated old API
* Repair binary compatibility for RunnerSyntax
==== kscreen5 ====
Version update (5.27.4 -> 5.27.5)
Subpackages: kscreen5-plasmoid
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* yet more QRect right() fixes (kde#455394)
* don't stumble over nullptrs if outputs changed during saving (kde#466960)
* kcm: notify changes in kcmfonts when global scale changes
==== kscreenlocker ====
Version update (5.27.4 -> 5.27.5)
Subpackages: kscreenlocker-lang libKScreenLocker5
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* greeter: track various properties persistently (kde#456210)
==== kservice ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Fix querying actions for service of a service action
* Parse actions last when creating a service
==== ksshaskpass5 ====
Version update (5.27.4 -> 5.27.5)
Subpackages: ksshaskpass5-lang
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== ksystemstats5 ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== ktexteditor ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Fix Save Copy As.. not working anymore (kde#468672)
* Fix indenting removes characters if line has tabs at start (kde#468495)
* Printer: AlignVCenter line numbers
* Dont ignore folding when printing code (kde#417138)
* Use m_fontAscent instead of fm.ascent()
* Draw caret ourselves (kde#172630)
* Fix selection highlight for RTL text with custom line height (kde#464087)
* Include range.js when initializing the engine (kde#456701)
* Fix RTL text with format incorrectly shaped (kde#438755)
* xml-indent: Optimize getCode
==== ktextwidgets ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kunitconversion ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Add "kph" as a unit synonym for Kilometers per Hour
==== kwallet ====
Version update (5.105.0 -> 5.106.0)
Subpackages: kwallet-tools kwalletd5 libKF5Wallet5 libkwalletbackend5-5
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kwalletmanager5 ====
Version update (23.04.0 -> 23.04.1)
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- Changes since 23.04.0:
* Fix import menu actions status Disable import/export
menu items when starting kwalletmanager and wallet
is closed (kde#373753)
==== kwayland ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kwayland-integration ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== kwidgetsaddons ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kwin5 ====
Version update (5.27.4 -> 5.27.5)
- Add patch to fix pointer constraint region handling (kde#469555):
* revert-avoid-pointer-warp.patch
- Add patch to fix a rounding error with scaling (kde#459373):
* 0001-xcbutils-fix-nativeFloor.patch
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* wayland: Avoid pointer warp if constraint region is invalid (kde#457021)
* cmake: Correct gbm version check
* kwineffects: Initialize m_reason
* screencast: Disable screencasting when a window closes (kde#469055)
* screencast: Do not push frames when not in a streaming state
* Use non-rotated physical size of an output when required
* ci: Pass --repeat until-pass to ctest
* platformsupport/scenes/opengl: filter out external formats properly
* effects/screenshot: Fix potentially leaking screenshot fds to child processes
* backends/drm: fix buffer orientation check for direct scanout
* plugins/screencast: Provide absolute timestamps
* Don't create Plasma activation feedback if StartupNotify is false
* effects/screenshot: Provide screenshot scale information
* effects/screenshot: Provide information about captured window or screen
* effects/screenshot: Introduce CaptureWorkspace
* screencast: Base the frame skippin on max_framerate
* screencast: Ensure we respect the negotiated framerate
* screencast: Offer the real framerate range we have available
* Blacklist Spectacle for all window open/close effects (kde#467890,kde#463105)
* backends/drm: set the scaling mode to none (kde#468235)
* screencast: Still set the size to 0 for cursor-only frames
* screencast: Improve how we communicate that a frame has just cursor info
* kcms/rules: fix invalid tooltip visible condition in rule items
- Drop patches, now upstream:
* 0001-backends-drm-set-the-scaling-mode-to-none.patch
==== kwindowsystem ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== kwrited5 ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== kxmlgui ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Take two: Cherry-pick KMainWindow documentation fixes to KF5
* Take two: Cherry-pick KXmlGuiWindow documentation fixes to KF5
* kcheckaccelerators: Don't blindly cast to QWidget (kde#468576)
* Fix Qt 6.5 compatibility
==== layer-shell-qt ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== libKF5ModemManagerQt ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== libKF5NetworkManagerQt ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Add Q_ENUM to VPN Connection enums
==== libX11 ====
Version update (1.8.4 -> 1.8.5)
Subpackages: libX11-6 libX11-data libX11-xcb1
- Update to version 1.8.5
* gitlab CI: Add libtool to required packages
* configure: raise minimum autoconf requirement to 2.70
* configure: replace deprecated AC_HELP_STRING with AS_HELP_STRING
* configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
* gitlab CI: add workflow rules
* nls: delete compose sequences that pointlessly mix upper and lower case
* nls: remove four hundred and sixty untypable Greek compose sequences
* nls: remove twenty two untypable Greek compose sequences
* XSetScreenSaver.man: restore the part that was accidentally snipped
* nls: make the Amharic compose sequences use the dead-vowel symbols
* nls: sort three sequences alphabetically in their group, like all others
* nls: delete six compose sequences that cannot be typed
* nls: use a slash instead of a combining solidus in compose sequences
* NLS: move long S compositions to respective blocks
* NLS: implement the expansion of the six Breton N-graph keysyms
* NLS: move dead-caron subscript compositions to the relevant Unicode block
* NLS: Remove strange dead_cedilla cedi sign sequences
* nls: add compose sequence for capital schwa, and delete a deviant one
- Users of the Amharic (am_ET.UTF-8) compose key sequences provided by libX11
will also want to upgrade to xkeyboard-config 2.39 (releasing soon), in order
to keep those sequeunces working with this release.
==== libaom ====
Version update (3.6.0 -> 3.6.1)
- Update to version 3.6.1:
* aomedia:2871: Guard the support of the 7.x and 8.x levels for
AV1 under the CONFIG_CWG_C013 config flag, and only output the
7.x and 8.x levels when explicitly requested.
* aomedia:3382: Choose sb_size by ppi instead of svc.
* aomedia:3384: Fix fullpel search limits.
* aomedia:3388: Replace left shift of xq_active by
multiplication.
* aomedia:3389: Fix MV clamping in av1_mv_pred.
* aomedia:3390: set_ld_layer_depth: cap max_layer_depth to
MAX_ARF_LAYERS.
* aomedia:3418: Fix MV clamping in av1_int_pro_motion_estimation.
* aomedia:3429: Move lpf thread data init to
lpf_pipeline_mt_init().
* b:266719111: Fix undefined behavior in Arm Neon code.
* b:269840681: nonrd_opt: align scan tables.
* rtc: Fix is_key_frame setting in variance partition.
* Build: Fix build with clang-cl and Visual Studio.
==== libapparmor ====
Version update (3.1.3 -> 3.1.4)
- update to AppArmor 3.1.4
- parser: fix mount rules encoding (CVE-2016-1585)
- aa-logprof: fix error when choosing named exec with plain profile names
- aa-status: fix json output
- several fixes for profiles and abstractions
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4
for the full upstream changelog
==== libcap ====
Version update (2.68 -> 2.69)
- updated to 2.69
- An audit was performed on libcap and friends by https://x41-dsec.de/ (blog) . The audit (final report, 2023-05-10) was sponsored by the the Open Source Technology Improvement Fund, https://ostif.org/ (blog). Five issues were found. Four of them are addressed in this release. Each issue was labeled in the audit results as follows:
- LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir (bsc#1211418)
- LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger (bsc#1211419)
- LCAP-CR-23-100 (SEVERITY) NONE
- LCAP-CR-23-101 (SEVERITY) NONE
- LCAP-CR-23-102 (SEVERITY) NONE
- Man page style improvement from Emanuele Torre
==== libcap-ng ====
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
==== libcontainers-common ====
- Introduce new subpackage that adds SLE-specific mounts only
on SLE systems (if sles-release) hence avoiding superfluous
warnings on non-SLE systems while running podman commands.
(bsc#1211124)
==== libdnf ====
Version update (0.70.0 -> 0.70.1)
Subpackages: libdnf-repo-config-zypp libdnf2
- update to 0.70.1:
* Add repoid to solver errors for RPMs (RhBug:2179413)
* Avoid using obsolete RPM API and drop redundant calls
* Remove DNF from list of protected packages
- avoid bashism
==== libgcrypt ====
- FIPS: Merge the libgcrypt20-hmac package into the library and
remove the "module is complete" trigger file .fips [bsc#1185116]
* Remove libgcrypt-1.10.0-use-fipscheck.patch
==== libheif ====
Version update (1.16.1 -> 1.16.2)
Subpackages: gdk-pixbuf-loader-libheif libheif-rav1e libheif1
- update to 1.16.2:
* adds an option to heif-convert to set the PNG compression level
* fixes a few build issues with some compilers
* fixes the --encoder option in heif-enc
* fixes heif_item_get_properties_of_type and
heif_item_get_transformation_properties
==== libkdcraw ====
Version update (23.04.0 -> 23.04.1)
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- No code change since 23.04.0
==== libkdecoration2 ====
Version update (5.27.4 -> 5.27.5)
Subpackages: libkdecorations2-5 libkdecorations2-5-lang libkdecorations2private10
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== libkexiv2 ====
Version update (23.04.0 -> 23.04.1)
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- No code change since 23.04.0
==== libkscreen2 ====
Version update (5.27.4 -> 5.27.5)
Subpackages: libKF5Screen8 libKF5ScreenDpms8 libkscreen2-plugin
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* xrandr: always try to update primary
* Cleanup dpms object in destructor
* Update edid when plugging a monitor
==== libksysguard5 ====
Version update (5.27.4 -> 5.27.5)
Subpackages: ksysguardsystemstats-data libKSysGuardSystemStats1 libksysguard5-imports libksysguard5-plugins
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* Formatter: Don't try to prefix units that we don't have a prefixed version of
* Formatter: Format UnitWattHour in formatValue
==== libnettle ====
Version update (3.8.1 -> 3.9)
Subpackages: libhogweed6 libnettle8
- update to 3.9
* rewrite of the C and plain x86_64 assembly implementations of
GHASH to use precomputed tables in a different way, with tables
always accessed in the same sequential manner. This should make
Nettle's GHASH implementation side-channel silent on all
platforms, but considerably slower on platforms without carry-
less mul instructions. E.g., benchmarks of the C implementation
on x86_64 showed a slowdown of 3 times.
* Fix bug in ecdsa and gostdsa signature verify operation, for
the unlikely corner case that point addition really is point
duplication.
* Fix for chacha on Power7, nettle's assembly used an instruction
only available on later processors
* Add support for the SM4 block cipher
* Add support for the Balloon password hash
* Add support for SIV-GCM authenticated encryption mode
* Add support for OCB authenticated encryption mode.
* New exported functions md5_compress, sha1_compress,
sha256_compress, sha512_compress
* multiple performance optimizations
* Delete all arcfour assembly code. Affects 32-bit x86, 32-bit
and 64-bit sparc
==== libostree ====
Subpackages: libostree-1-1
- Make gjs BuildRequires conditional if tests are built and used.
==== libpng16 ====
- do not use NEON instructions [bsc#1211176]
==== libproxy ====
- Only build mono support on openSUSE, not SLE nor SUSE ALP.
==== libproxy-plugins ====
Subpackages: libproxy1-config-gnome3 libproxy1-config-kde libproxy1-networkmanager libproxy1-pacrunner-duktape
- Only build mono support on openSUSE, not SLE nor SUSE ALP.
==== libqt5-qtbase ====
Version update (5.15.9+kde151 -> 5.15.9+kde154)
Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3
- Update to version 5.15.9+kde154:
* Hsts: match header names case insensitively (CVE-2023-32762)
* Fix specific overflow in qtextlayout (CVE-2023-32763)
* QDnsLookup/Unix: make sure we don't overflow the buffer
- Amend patch to fix mouse grabbing as well (bsc#1211024):
* big-endian-scroll.patch
==== libqt5-qtdeclarative ====
Version update (5.15.9+kde23 -> 5.15.9+kde25)
- Update to version 5.15.9+kde25:
* Accessibility: respect value in attached Accessible in controls
* Revert "QQuickItem: Fix effective visibility for items without parent"
(boo#1210980)
==== libqt5-qtsvg ====
Version update (5.15.9+kde7 -> 5.15.9+kde8)
- Update to version 5.15.9+kde8:
* QSvgFont: Initialize used member, remove unused
(boo#1211298, CVE-2023-32573)
==== libqt5-qtwebengine ====
Version update (5.15.13 -> 5.15.14)
- Update to version 5.15.14:
* Blacklist TouchInputTest::touchTap for sles 15.4
* Blacklist tst_QWebEnginePage::mouseMovementProperties for SLES-15
* Do not allow universal with debug builds
* Enable accessibility by default on Linux
* Fix blacklisting of mouseMovementProperties for sles 15.4
* Fix build with GCC 13
* Fix initialization of QWebEngineDownloadItem::totalBytes for Widgets
* Fix memory management in QPdfDocument functions
* Update Chromium:
* Fixes for building with GCC-13
* [Backport] CVE-2023-1215: Type Confusion in CSS
* [Backport] CVE-2023-1217: Stack buffer overflow in Crash reporting
* [Backport] CVE-2023-1219: Heap buffer overflow in Metrics
* [Backport] CVE-2023-1220: Heap buffer overflow in UMA
* [Backport] CVE-2023-1222: Heap buffer overflow in Web Audio API
* [Backport] CVE-2023-1529: Out of bounds memory access in WebHID
* [Backport] CVE-2023-1530: Use after free in PDF
* [Backport] CVE-2023-1531: Use after free in ANGLE
* [Backport] CVE-2023-1534: Out of bounds read in ANGLE
* [Backport] CVE-2023-1810: Heap buffer overflow in Visuals
* [Backport] CVE-2023-1811: Use after free in Frames
* [Backport] CVE-2023-2033: Type Confusion in V8
* [Backport] CVE-2023-2137: Heap buffer overflow in sqlite
* [Backport] CVE-2023-29469 / Security bug 1433328
* [Backport] Security bug 1337747
* [Backport] Security bug 1417585
* [Backport] Security bug 1418734
* [Backport] Security bug 1423360
* [Backport] Security bug 1427388
- Drop patch, merged upstream:
* 0001-Fixes-for-building-with-GCC-13.patch
==== librsvg ====
Version update (2.56.0 -> 2.56.1)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0
- Update to version 2.56.1:
+ The minimum supported Rust version (MSRV) is 1.65.
Unfortunately the assert_cmd crate, used in the test suite,
bumped its MSRV and is forcing us to do the same.
+ Shrink the shared library by telling the linker to omit unused
code.
+ Updates to dependencies.
==== libstorage-ng ====
Version update (4.5.101 -> 4.5.115)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.115
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.114
- Translated using Weblate (Indonesian) (bsc#1149754)
- 4.5.113
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.112
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.111
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.110
- merge gh#openSUSE/libstorage-ng#933
- provide functions to query category of partition id (bsc#1211107)
- added unit tests
- 4.5.109
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.108
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.107
- merge gh#openSUSE/libstorage-ng#932
- check for more aliases when looking up udev info
- 4.5.106
- merge gh#openSUSE/libstorage-ng#931
- added test programs for nvme list and list-subsys
- 4.5.105
- merge gh#openSUSE/libstorage-ng#930
- avoid to handle some fstab entries twice
- 4.5.104
- Translated using Weblate (German) (bsc#1149754)
- 4.5.103
- merge gh#openSUSE/libstorage-ng#929
- check for aliases when looking up blk devices
- check for aliases when looking up udev info
- remove now unneeded mockups
- speed up probing
- 4.5.102
==== libxcrypt ====
Version update (4.4.33 -> 4.4.34)
- Update to 4.4.34
* Optimize some cast operation for performance in
lib/alg-yescrypt-platform.c.
* Add SHA-2 Maj() optimization proposed by Wei Dai in lib/alg-sha512.c.
* Explicitly clean the stack and context state after computation in
lib/alg-gost3411-2012-hmac.c, lib/alg-hmac-sha1.c, and lib/alg-sha256.c
(issue #168).
==== libxslt ====
Version update (1.1.37 -> 1.1.38)
Subpackages: libexslt0 libxslt-tools libxslt1
- Removed patch 0009-Make-generate-id-deterministic.patch as it's
already fixed upstream.
- Update to version 1.1.38:
* Major changes:
- About 40 memory errors in code paths handling malloc failures
have been fixed.
- While these issues shouldn't impact security, this improves
robustness under memory pressure.
- The result of generate-id() is now deterministic across
multiple transformations fixing many issues with reproducible
builds.
- Most of the test suite has been ported to C.
* Bug fixes:
- Fix memory errors in code handling malloc failures
- imports: Fix import/include cycle check
- xsltlocale: Fix xsltNewLocale on macOS
- Make xsl:sort thread-safe
- Make generate-id() deterministic
* Improvements
- Stop using xmlStringCurrentChar
- attributes.h needs to include xsltInternals.h (David Kilzer)
- transform: Avoid null deref on documents without root node
- numbers: Fix floating point overflows
- date: Fix integer overflow in exsltDateFormatDuration
- numbers: Fix harmless integer sign change
- date: Add more overflow checks to formatting code (David Kilzer)
- date: Fix rounding to make Windows tests pass
- date: Rewrite duration and seconds formatting
- xsltlocale: Make API platform-independent
- Also accept application/xslt+xml media type in stylesheet PIs
- warnings: Fix strict prototypes warning
- xsltEvalUserParams() and xsltQuoteUserParams() are susceptible to integer
overflow when iterating through const char** array (David Kilzer)
- xslt: Return NULL stylesheet on attribute set errors
- xsltproc: Fix unused variable warning
- xslt: Remove declaration for old libxml2
- Fix various compiler warnings
- Fix compiler warnings in xsltGenerateIdFunction
- Disable Python bindings for debugger
- Don't declare disabled functions
- Migrate from PyEval_ to PyObject_
==== libyui ====
Version update (4.5.2 -> 4.6.0)
- NCurses UI: Prevent buffer overflow when drawing very wide labels
(bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
CMake: use pkg-config to find and use ncurses libs
by Wang Zichong <wangzichong(a)deepin.org>
==== libyui-ncurses ====
Version update (4.5.2 -> 4.6.0)
- NCurses UI: Prevent buffer overflow when drawing very wide labels
(bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
CMake: use pkg-config to find and use ncurses libs
by Wang Zichong <wangzichong(a)deepin.org>
==== libyui-ncurses-pkg ====
Version update (4.5.2 -> 4.6.0)
- NCurses UI: Prevent buffer overflow when drawing very wide labels
(bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
CMake: use pkg-config to find and use ncurses libs
by Wang Zichong <wangzichong(a)deepin.org>
==== libyui-qt ====
Version update (4.5.2 -> 4.6.0)
- NCurses UI: Prevent buffer overflow when drawing very wide labels
(bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
CMake: use pkg-config to find and use ncurses libs
by Wang Zichong <wangzichong(a)deepin.org>
==== libyui-qt-graph ====
Version update (4.5.2 -> 4.6.0)
- NCurses UI: Prevent buffer overflow when drawing very wide labels
(bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
CMake: use pkg-config to find and use ncurses libs
by Wang Zichong <wangzichong(a)deepin.org>
==== libyui-qt-pkg ====
Version update (4.5.2 -> 4.6.0)
- NCurses UI: Prevent buffer overflow when drawing very wide labels
(bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
CMake: use pkg-config to find and use ncurses libs
by Wang Zichong <wangzichong(a)deepin.org>
==== libyuv ====
Version update (20220920+f9fda6e -> 20230517+a377993)
- Trim redundancies and compact descriptions.
- Update to snapshot 20230517+a377993:
* ARGBToI420Alpha function to convert ARGB to I420 with Alpha
* Enable I{422,444}AlphaToARGBRow_RVV & ARGBAttentuateRow_RVV
* Bump version and apply clang format
* Enable ARGBToYMatrixRow_RVV/RGBAToYMatrixRow_RVV/RGBToYMatrixRow_RVV
* Enable RVV if qemu is detected
* Add ARGBToRAWRow_RVV, ARGBToRGB24Row_RVV, RGB24ToARGBRow_RVV
* YUY2ToNV12 using YUY2ToY and YUY2ToNVUV
* Remove old cipd clobber gclient hook.
* Roll chromium_revision 004bde16df..28dca358ed (1051775:1052960)
* Roll chromium_revision 7d683aeda8..004bde16df (1050091:1051775)
* [code-health] Migrate presubmit to python3
* Enable unlimited data for YUV to RGB
* Roll chromium_revision 829c6df33d..7d683aeda8 (945687:1050098th
- Add libyuv-tools package
- Run test suite in %check
- drop Don-t-install-conversion-tool.patch
- add Install-missing-yuvconstants-binary.patch
- add cmake-minimum-required.patch
- drop Link-main-library-against-libjpeg.patch applied upstream
- add convert_test-little-endian.patch
==== llvm16 ====
Version update (16.0.2 -> 16.0.4)
- Update to version 16.0.4.
* This release contains bug-fixes for the LLVM 16.0.0 release.
This release is API and ABI compatible with 16.0.0.
- Rebase patches:
* llvm-do-not-install-static-libraries.patch
* llvm-remove-clang-only-flags.patch
- Update to version 16.0.3.
* This release contains bug-fixes for the LLVM 16.0.0 release.
This release is API and ABI compatible with 16.0.0.
- Rebase llvm-do-not-install-static-libraries.patch.
==== lsof ====
- Repacked tarball to remove proprietary code in dialects/uw/uw7/sys/fs
==== lua54 ====
Version update (5.4.4 -> 5.4.6)
- Library is always liblua5_4-5: due to SOVERSION leading digit
being 5
- Final release of 5.4.6. No change in the changelog.
- Experimenting with lua 5.4.6-rc1 (release 5.4.5 has been
effectively withdrawn).
- Update to 5.4.5:
- this is a bug-fix release.
- Lua 5.4.5 also contains several internal improvements and
includes a revised reference manual
- Remove upstreamed patches:
- luabugs1.patch
- luabugs10.patch
- luabugs11.patch
- luabugs2.patch
- luabugs3.patch
- luabugs4.patch
- luabugs5.patch
- luabugs6.patch
- luabugs7.patch
- luabugs8.patch
- luabugs9.patch
==== man-pages ====
Version update (6.02 -> 6.04)
- update to 6.04:
* Newly documented interfaces in existing pages
* proc.5
KPF_PGTABLE (Linux 4.18)
* landlock.7
LANDLOCK_ACCESS_FS_REFER (Linux 5.19)
* udp.7
UDP_GRO (Linux 5.0)
UDP_SEGMENT (Linux 4.18)
* Changes to individual pages
==== mdadm ====
- Grow: fix possible memory leak (bsc#1208618)
0060-Grow-fix-possible-memory-leak.patch
- Grow: fix can't change bitmap type from none to clustered
(bsc#1208618)
0061-Grow-fix-can-t-change-bitmap-type-from-none-to-clustered.patch
- Use source code mdadm-4.2.tar.xz from kernel.org version for
checksum
- mdadm-4.2.tar.xz
==== milou5 ====
Version update (5.27.4 -> 5.27.5)
Subpackages: milou5-lang
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== mobipocket ====
Version update (23.04.0 -> 23.04.1)
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- No code change since 23.04.0
==== mozilla-nss ====
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs
- Move testsuite to %check-section and move env-variables to
files for easier chroot-debugging
==== mozjs102 ====
Version update (102.10.0 -> 102.11.0)
- Update to version 102.11.0:
+ Various security fixes.
+ CVE-2023-32205: Browser prompts could have been obscured by
popups
+ CVE-2023-32206: Crash in RLBox Expat driver
+ CVE-2023-32207: Potential permissions request bypass via
clickjacking
+ CVE-2023-32211: Content process crash due to invalid wasm code
+ CVE-2023-32212: Potential spoof due to obscured address bar
+ CVE-2023-32213: Potential memory corruption in
FileReader::DoReadData()
+ CVE-2023-32214: Potential DoS via exposed protocol handlers
+ CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and
Firefox ESR 102.11
==== multipath-tools ====
Version update (0.9.4+86+suse.4d8901e -> 0.9.5+68+suse.d1b6a1c)
Subpackages: kpartx libmpath0
- Update to version 0.9.5+68+suse.d1b6a1c:
Upstream bugfixes:
* libmultipath: use directio checker for LIO targets
(gh#opensvc/multipath-tools#54)
* multipathd.service: remove "Also=multipathd.socket"
(gh#opensvc/multipath-tools#65)
* libmultipathd: Avoid parsing errors due to unsupported designators
==== mutter ====
Version update (44.1 -> 44.1+2)
- Add mutter-do-not-unminimize-windows-with-initial-iconic.patch:
mutter used to unminimize windows with initial IconicState, which
is a workaround for some old wine games, it breaks apps like
xterm starts with -iconic, this patch revert it (bsc#1193190,
glgo#GNOME/mutter!3001).
- Add mutter-fix-wacom-tablet-crash.patch: Use clutter error trap
to fix x11 error of some input device configuration like wacom
tablet (bsc#1211413, glgo#GNOME/mutter#2796).
- Update to version 44.1+2:
+ screen-cast/src: Never dequeue pw_buffer's we refuse to record
to.
+ frames: Disable XDND support on the frame window.
==== nautilus ====
Version update (44.1 -> 44.2)
Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension4
- Update to version 44.2:
+ Fix crashes with expandable folders and on Other Locations.
+ Avoid inconsistent search states.
+ Prevent lingering tracker cursors.
+ Fix rubberband range behavior on list view.
+ Updated translations.
- Drop 0e5b4c34.patch and 6e37d15f.patch: Fixed upstream.
- Drop mount-archive.desktop. This was a feature based on
FATE#308344 and bgo#602147. However, the provided functionality
of mounting archives through gvfsd-archive has been broken for a
long time due to the Exec line pointing to a non-existent path
(/usr/lib/gvfs/gvfsd-archive, rather than /usr/libexec/...).
Besides, there is a similar functionality which allow users to
see the content of archives, without extracting them, through
File Roller that serves as a replacement.
- Add upstream bug fix patches:
+ 0e5b4c34.patch general: Use GtkSwitch active property
consistently. app-chooser sets the state instead of active
property. Similar to d7af60161d30c885ebab69c58b346896f1565387,
we really meant to set active (whether the switch is toggled)
and not the state (i.e. the color of the switch). Use
gtk_switch_set_active().
In properties we've already fixed this, but there's a lingering
call to gtk_switch_get_state(). This is probably fine because
state is in sync with active when the default handler is used,
but let's get :active, to be consistent and safe.
+ 6e37d15f.patch window-slot: Manage search props set with
action. Manages search property change through "search-visible"
action. The action triggers other related functions that if not
executed will causes buggy behavior.
Fixes https://gitlab.gnome.org/GNOME/nautilus/-/issues/2875
==== ncurses ====
Version update (6.4.20230429 -> 6.4.20230520)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen
- Add ncurses patch 20230520
+ fixes for compiler warnings in MinGW environments.
- Add ncurses patch 20230514
+ modify test-package "ncurses6-doc" to use manpage-aliases, which in
turn required a change to the configure script to factor in the
extra-suffix option when deriving alias names.
+ add mode 1004 to xterm+sm+1006 from xterm #380 -TD
- Port and correct offsets of patch ncurses-6.4.dif
- Add ncurses patch 20230506
> build-fixes related to configure-options and/or platform:
+ fix for --enable-fvisibility
+ fix for unusual values of --with-rel-version
+ fix for unusual values of --with-abi-version
+ fix for --disable-tcap-names
+ fix for termcap in nc_access.h (report by Werner Fink).
- Delete patch ncurses-6.4-makeuseof_secure_open.dif as now upstream
==== nghttp2 ====
Version update (1.52.0 -> 1.53.0)
- Update to version 1.53.0:
* https://nghttp2.org/blog/2023/05/10/nghttp2-v1-53-0/
==== openSUSE-build-key ====
- Added a new 4096 openSUSE container key
- build-container-202304-d684afec-64390cff.asc
- build-container-202304-d684afec-64390cff.pem
- Removed and obsoleted old 2048 build key of Tumbleweed
- gpg-pubkey-3dbdc284-53674dd4.asc
==== openconnect ====
Version update (9.10 -> 9.12)
Subpackages: libopenconnect5 openconnect-bash-completion
- Update to release 9.12:
* Explicitly reject overly long tun device names.
* Increase maximum input size from stdin (#579).
* Ignore 0.0.0.0 as NBNS address (!446, vpnc-scripts#58).
* Fix stray (null) in URL path after Pulse authentication (4023bd95).
* Fix config XML parsing mistake that left GlobalProtect ESP non-working in v9.10 (!475).
* Fix case sensitivity in GPST header matching (!474).
==== openssl-3 ====
Version update (3.0.8 -> 3.1.1)
Subpackages: libopenssl3
- Update to 3.1.1:
* Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate
(CVE-2023-2650, bsc#1211430)
* Multiple algorithm implementation fixes for ARM BE platforms.
* Added a -pedantic option to fipsinstall that adjusts the various settings
to ensure strict FIPS compliance rather than backwards compatibility.
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can
trigger a crash of an application using AES-XTS decryption if the memory
just after the buffer being decrypted is not mapped. Thanks to Anton
Romanov (Amazon) for discovering the issue. (CVE-2023-1255, bsc#1210714)
* Add FIPS provider configuration option to disallow the use of truncated
digests with Hash and HMAC DRBGs (q.v. FIPS 140-3 IG D.R.). The
option '-no_drbg_truncated_digests' can optionally be supplied
to 'openssl fipsinstall'.
* Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that
it does not enable policy checking. Thanks to David Benjamin for
discovering this issue. (CVE-2023-0466, bsc#1209873)
* Fixed an issue where invalid certificate policies in leaf certificates are
silently ignored by OpenSSL and other certificate policy checks are
skipped for that certificate. A malicious CA could use this to
deliberately assert invalid certificate policies in order to circumvent
policy checking on the certificate altogether. (CVE-2023-0465, bsc#1209878)
* Limited the number of nodes created in a policy tree to mitigate against
CVE-2023-0464. The default limit is set to 1000 nodes, which should be
sufficient for most installations. If required, the limit can be adjusted
by setting the OPENSSL_POLICY_TREE_NODES_MAX build time define to a
desired maximum number of nodes or zero to allow unlimited growth.
(CVE-2023-0464, bsc#1209624)
* Update openssl.keyring with key
A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C (Tomas Mraz)
* Rebased patches:
- openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
- openssl-Add_support_for_Windows_CA_certificate_store.patch
* Removed patches:
- openssl-CVE-2023-0464.patch
- openssl-Fix-OBJ_nid2obj-regression.patch
- openssl-CVE-2023-0465.patch
- openssl-CVE-2023-0466.patch
- FIPS: Merge libopenssl3-hmac package into the library [bsc#1185116]
- Add support for Windows CA certificate store [bsc#1209430]
https://github.com/openssl/openssl/pull/18070
* Add openssl-Add_support_for_Windows_CA_certificate_store.patch
- Security Fix: [CVE-2023-0465, bsc#1209878]
* Invalid certificate policies in leaf certificates are silently ignored
* Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
* Certificate policy check not enabled
* Add openssl-CVE-2023-0466.patch
- Fix regression in the OBJ_nid2obj() function: [bsc#1209430]
* Upstream https://github.com/openssl/openssl/issues/20555
* Add openssl-Fix-OBJ_nid2obj-regression.patch
- Fix compiler error "initializer element is not constant" on s390
* Add openssl-z16-s390x.patch
- Security Fix: [CVE-2023-0464, bsc#1209624]
* Excessive Resource Usage Verifying X.509 Policy Constraints
* Add openssl-CVE-2023-0464.patch
- Pass over with spec-cleaner
- Update to 3.1.0:
* Add FIPS provider configuration option to enforce the Extended Master
Secret (EMS) check during the TLS1_PRF KDF. The option '-ems-check' can
optionally be supplied to 'openssl fipsinstall'.
* The FIPS provider includes a few non-approved algorithms for backward
compatibility purposes and the "fips=yes" property query must be used for
all algorithm fetches to ensure FIPS compliance. The algorithms that are
included but not approved are Triple DES ECB, Triple DES CBC and EdDSA.
* Added support for KMAC in KBKDF.
* RNDR and RNDRRS support in provider functions to provide random number
generation for Arm CPUs (aarch64).
* s_client and s_server apps now explicitly say when the TLS version does not
include the renegotiation mechanism. This avoids confusion between that
scenario versus when the TLS version includes secure renegotiation but the
peer lacks support for it.
* AES-GCM enabled with AVX512 vAES and vPCLMULQDQ.
* The various OBJ_* functions have been made thread safe.
* Parallel dual-prime 1536/2048-bit modular exponentiation for AVX512_IFMA
capable processors.
* The functions OPENSSL_LH_stats, OPENSSL_LH_node_stats,
OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio,
OPENSSL_LH_node_stats_bio and OPENSSL_LH_node_usage_stats_bio are now
marked deprecated from OpenSSL 3.1 onwards and can be disabled by defining
OPENSSL_NO_DEPRECATED_3_1. The macro DEFINE_LHASH_OF is now deprecated in
favour of the macro DEFINE_LHASH_OF_EX, which omits the corresponding
type-specific function definitions for these functions regardless of
whether OPENSSL_NO_DEPRECATED_3_1 is defined. Users of DEFINE_LHASH_OF may
start receiving deprecation warnings for these functions regardless of
whether they are using them. It is recommended that users transition to the
new macro, DEFINE_LHASH_OF_EX.
* When generating safe-prime DH parameters set the recommended private key
length equivalent to minimum key lengths as in RFC 7919.
* Change the default salt length for PKCS#1 RSASSA-PSS signatures to the
maximum size that is smaller or equal to the digest length to comply with
FIPS 186-4 section 5. This is implemented by a new option
OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX ("auto-digestmax") for the
rsa_pss_saltlen parameter, which is now the default. Signature verification
is not affected by this change and continues to work as before.
* Update openssl.keyring with key
8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 (Matt Caswell)
==== openssl ====
Version update (3.0.8 -> 3.1.1)
- Update to 3.1.1
- Update to 3.1.0
==== openvpn ====
Version update (2.6.3 -> 2.6.4)
Subpackages: openvpn-auth-pam-plugin
- Update to 2.6.4:
* DCO: support kernel-triggered key rotation (avoid IV reuse after
2^32 packets). This is the userland side, accepting a message
from kernel, and initiating a TLS renegotiation. As of release,
* fix pkcs#11 usage with OpenSSL 3.x and PSS signing (Github #323)
* fix compile error on TARGET_ANDROID
* fix typo in help text
* manpage updates (--topology)
* encoding of non-ASCII windows error messages in log + management fixed
- Update openvpn.keyring
==== orca ====
Version update (44.0 -> 44.1)
- Update to version 44.1:
+ Web:
- Support aria-disabled on application, tab, group, and
focusable separator/splitter
- Fix bug in identification of inline iframes
+ General:
- Improve performance by checking for duplicate object events
- Filter duplicate events when checking for double presses of
the orca modifier
+ Updated translations.
==== oxygen5-sounds ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== pam ====
Version update (1.5.2.90 -> 1.5.3)
- Update to final 1.5.3 release:
- configure: added --enable-logind option to use logind instead of utmp
in pam_issue and pam_timestamp.
- pam_modutil_getlogin: changed to use getlogin() from libc instead of
parsing utmp.
- Added libeconf support to pam_env and pam_shells.
- Added vendor directory support to pam_access, pam_env, pam_group,
pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit,
pam_shells, and pam_time.
- pam_limits: changed to not fail on missing config files.
- pam_pwhistory: added conf= option to specify config file location.
- pam_pwhistory: added file= option to specify password history file
location.
- pam_shells: added shells.d support when libeconf and vendordir are enabled.
- Deprecated pam_lastlog: this module is no longer built by default because
it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe,
even on 64bit architectures.
pam_lastlog will be removed in one of the next releases, consider using
pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or
pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead.
- Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply()
macros provided by _pam_macros.h; the memory override performed by these
macros can be optimized out by the compiler and therefore can no longer
be relied upon.
==== pam-full-src ====
Version update (1.5.2.90 -> 1.5.3)
- Update to final 1.5.3 release:
- configure: added --enable-logind option to use logind instead of utmp
in pam_issue and pam_timestamp.
- pam_modutil_getlogin: changed to use getlogin() from libc instead of
parsing utmp.
- Added libeconf support to pam_env and pam_shells.
- Added vendor directory support to pam_access, pam_env, pam_group,
pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit,
pam_shells, and pam_time.
- pam_limits: changed to not fail on missing config files.
- pam_pwhistory: added conf= option to specify config file location.
- pam_pwhistory: added file= option to specify password history file
location.
- pam_shells: added shells.d support when libeconf and vendordir are enabled.
- Deprecated pam_lastlog: this module is no longer built by default because
it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe,
even on 64bit architectures.
pam_lastlog will be removed in one of the next releases, consider using
pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or
pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead.
- Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply()
macros provided by _pam_macros.h; the memory override performed by these
macros can be optimized out by the compiler and therefore can no longer
be relied upon.
==== pam_kwallet ====
Version update (5.27.4 -> 5.27.5)
Subpackages: pam_kwallet-common
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== patterns-base ====
Subpackages: patterns-base-base patterns-base-bootloader patterns-base-documentation patterns-base-enhanced_base patterns-base-minimal_base patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced
- base: Add wtmpdb as Y2038 safe wtmp replacement
==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap
- Use wtmpdb as Y2038 safe wtmp replacement
==== pciutils ====
Version update (3.9.0 -> 3.10.0)
Subpackages: libpci3
- Update to 3.10.0:
- Fixed bug in definition of versioned symbol aliases
in shared libpci, which made compiling with link-time
optimization fail.
- Filters now accept "0x..." syntax for backward compatibility.
- Windows: The cfgmgr32 back-end which provides the list of devices
can be combined with another back-end which provides access
to configuration space.
- ECAM (Enhanced Configuration Access Mechanism), which is defined
by the PCIe standard, is now supported. It requires root privileges,
access to physical memory, and also manual configuration on some
systems.
- lspci: Tree view now works on multi-domain systems. It now respects
filters properly.
- Last but not least, pci.ids were updated to the current snapshot
of the database. This includes overall cleanup of entries with
non-ASCII characters in their names -- such characters are allowed,
but only if they convey interesting information (e.g., umlauts
in German company names, but not the "registered trade mark" sign).
==== perl-Bootloader ====
Version update (1.0 -> 1.2)
- merge gh#openSUSE/perl-bootloader#148
- UEFI: update also default location, if it is controlled by SUSE
(bsc#1210799, bsc#1201399)
- 1.2
- no not install kexec-bootloader
- 1.1
- merge gh#openSUSE/perl-bootloader#144
- add default-settings script
- add new kexec-bootloader
- add --default-settings option (bsc#1211082)
==== perl-IO-Socket-SSL ====
Version update (2.081 -> 2.083)
- updated to 2.083
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.083 2023/05/18
- fix t/protocol_version.t for OpenSSL versions which don't support SECLEVEL
(regression from #122)
2.082 2023/05/17
- SSL_version default now TLS 1.2+ since TLS 1.1 and lower deprecated #122
- fix output of alert string when debugging #132
- improve regex for hostname validation #130, #126
- add can_ciphersuites subroutine for feature checking #127
- Utils::CERT_create - die if unexpected arguments are given instead of ignoring
these
==== perl-libwww-perl ====
Version update (6.68 -> 6.70)
- updated to 6.70
see /usr/share/doc/packages/perl-libwww-perl/Changes
6.70 2023-04-30 13:22:56Z
- Add cookie_jar_class attribute to allow different cookie jar modules
to be used more easily (GH#91) (Tom Hukins, Julien Fiegehenn)
- POD now contains all default attributes (GH#428) (Julien Fiegehenn)
6.69 2023-04-29 13:14:31Z
- Timeouts for cached connections now update (GH#73) (Eric Johnson)
- The conn_cache() can now be unset (GH#424) (Julien Fiegehenn)
- LWP::Protocol now only attempts to load modules once (GH#62) (Burak Gursoy)
- Fix a bug in no_proxy that allowed partial matches to a proxy address
to disable a proxy (GH#421) (Julien Fiegehenn)
==== permissions ====
Version update (1699_20230424 -> 1699_20230516)
Subpackages: chkstat permissions-config
- Update to version 20230516:
* common permissions: add icingaweb2 setgid directory (bsc#1211314)
==== pipewire ====
Version update (0.3.69 -> 0.3.71)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Have pipewire-spa-plugins-0_2 suggest pipewire-libjack-%{apiver_str}:
this package requires libjack.so.0, so we best use our own
implementation.
- Add patch from upstream to fix JACK buffersize updates:
* 0001-jack-update-bufsize-and-samplerate-when-skipping-not.patch
- Create a pipewire-jack package that provides jack-daemon (and
conflicts with any other) and requires the pipewire-libjack
library.
Move the ld configuration from pipewire-libjack, so that only
pipewire-jack forces PipeWire to be the default JACK.
- Update to version 0.3.71:
* Highlights
- A new zero-latency jackdbus bridge was added. This works
similar to what PulseAudio has to offer and creates a
sink/source when jackdbus is started. It is however much more
efficient and runs the complete PipeWire graph as a
synchronous JACK client with no added latency.
- Many performance improvements. Activation of remote nodes is
more efficient, fewer eventfds are required on the clients,
less callback overhead in performence critical paths and an
optimized poll function was added. This was mainly driven by
the jackdbus module to get the lowest possible overhead when
running the graph.
- The JACK notify callback implementation was reworked to
emulate better what JACK does, improving compatibility with
ardour7 and the JACK stress test.
- More work on BAP devices. Device latency is now passed on to
applications also for multi-device headsets, and channel
allocation is handled better.
- Many more improvements and bugfixes.
* PipeWire
- Remove the hardcoded limit on io_areas. This is used to link
nodes together and exchange buffers, it was limited to 2048
but now dynamically scales based on requirements.
- Rate and quantum changes are now applied correctly in more
cases. (#3159)
- Updates to client-node to more efficiently process the
driver.
- The profiler information was improved to be more accurate.
It should now work better for remote drivers.
- Some potential memory map errors were fixed in the protocol
because in some case with large messages, some fds were
closed too soon.
- pw-filter now implements the pw_filter_set_active() method.
- A potential out-of-buffers case was fixed in capture
pw-streams where buffers were not moved to the recycle queue
when the node suspended.
- Nodes are now always woken up with the eventfd. Previously
there were some optimiztions in the server to directly call
into the node process function but that optimization is not
necessary. Without this optimization it is now possible to
run nodes in different threads.
- pw-stream trigger is now implemented correctly in all cases.
- Remote nodes now use one eventfd less because they get
triggered with the node eventfd directly.
- Monitor ports are now ignored in latency updates.
- A potential race when reporting an error to a client was
fixed. (#3192)
- Fix a bug where always_process nodes would sometimes IDLE.
(#3189)
- Optimize peer activation. Nodes are now activated more
efficiently and independent of the number of links. It also
reduces the number of eventfds and memory in remote clients.
- A bug in property serialization was fixed. Values with spaces
would only serialize the first part of the value.
* Modules
- Correctly handle the echo-canceler plugin init method
fallback. The samplerate was not correctly configured. This
is only a regression for people that have external
echo-canceler plugins.
- RAOP sink now only sets the volume on the remote end when the
stream is recording. (#3175)
- RAOP discover now tries to deduplicate entries from the same
host.
- A new zero-latency jackdbus bridge was added. This works
similar to what pulseaudio has to offer and creates a
sink/source when jackdbus is started. It is however much more
efficient and runs the complete PipeWire graph as a
synchronous JACK client.
- The access module uses a more secure way to check the
application executable.
- module-combine-stream now has configurable delay and latency
for each stream. This can be used to align sinks/sources with
different latencies.
- A potential crash in module-pulse-tunnel was fixed when
shutting down. (#3199)
- Module-rt will now clamp the nice value to the min allowed
value to avoid errors from rtkit. (#3186)
- Fix a bug with the session counters in module-rtp-sap. Also
use the right format for L24. Improve the AES67 example
config.
- Improve some warning and info messages in module-rt. (#3194)
- module-rtp-session should now do something when started
without arguments.
- A potential crash in module-rtp-session was fixed. (#3217)
- module-filter-chain has better error reporting when a
convolver fails to load. (#3223)
* SPA
- Move some things around to avoid compiler warnings. (#3171)
... changelog too long, skipping 125 lines ...
- reenable ffmpeg plugin by building against ffmpeg-5-mini
==== plasma-branding-MicroOS ====
Version update (20230420 -> 20230519)
- Add Ark to default flatpak installation script (boo#1211555)
- 20230519
==== plasma-browser-integration ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== plasma-framework ====
Version update (5.105.0 -> 5.106.0)
Subpackages: libKF5Plasma5 plasma-framework-components
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Fix osd- icon IDs (kde#469303)
* Label: set horizontalAlignment explicitly
* Rename nepomuk icon to search (kde#416072)
* Fix build with Qt 6.5
==== plasma-nm5 ====
Version update (5.27.4 -> 5.27.5)
Subpackages: plasma-nm5-openconnect plasma-nm5-openvpn
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* Use nm_conn_wireguard_import to import WireGuard files (kde#420066,kde#468365,kde#452952,kde#423973,kde#427222)
* Persist imported VPN connections on disk (kde#468666)
==== plasma5-addons ====
Version update (5.27.4 -> 5.27.5)
Subpackages: plasma5-addons-lang
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* applets/colorpicker: disable pick button when compositing is disabled (kde#466230)
* ProfilesModel: Adjust to kate using different folder for storing sessions than konsole (kde#466824)
* runners/datetime: fix test failure
* applets/colorpicker: Use native relative positioning Menu API
* applets/colorpicker: Open context menu on Menu key press
* applets/colorpicker: Fix copying color via keyboard
* applets/colorpicker: Factor out logic from signal handler
* applets/colorpicker: Only reset global current index from a real current item
* applets/colorpicker: Fix QML/JS code style, add explicit signal arguments
==== plasma5-desktop ====
Version update (5.27.4 -> 5.27.5)
Subpackages: plasma5-desktop-emojier
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* [kcm/keys] Fix loading service data
* desktoppackage: Fix ScrollBar overlapping configuration category delegates
* desktoppackage: Fix visual overlap of items in applet configuration view
* landingpage: Port "Most Used Pages" grid to Kirigami.SizeGroup
* landingpage: Fix broken binding in "Most Used Pages" grid
* landingpage: Set implicit size, so that kcmshell doesn't open too small
* kcms/keys: Make adding a script file work even if its path has spaces in the name
* kcms/keys: Make Add Command work with percent characters in commands
* applets/taskmanager: also check title contains "-"
* applets/taskmanager: fix tooltip text with custom window title (kde#462760)
* automounter: don't track ignored devices (kde#468410)
* applets/taskmanager: don't show Unpin menu item while app is launching (kde#468668)
* KCM/mouse: enable compatibility with x11-libinput 1.3 (kde#468217)
* Folder View: fix keyboard shortcuts handling (kde#436362)
* applets/taskmanager: show Activity icons in relevant context menu items (kde#419225)
* emojier: enable asynchronous loading in Instantiator (kde#468328)
* CompactApplet: show tabbar for Breeze Twilight (kde#468313)
* kcms/landingpage: add accessible name to animation speed slider
* kcms/landingpage: use explanation label as accessible description
* applets/taskmanager: also match row index before skipping updating bindings
* applets/taskmanager: reset `parentTask` after a task was moved
* applets/taskmanager: Improve scrolling usability
- Drop patches, now upstream:
* 0001-KCM-mouse-enable-compatibility-with-x11-libinput-1.3.patch
==== plasma5-disks ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== plasma5-integration ====
Version update (5.27.4 -> 5.27.5)
Subpackages: plasma5-integration-plugin plasma5-integration-plugin-lang
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* wayland: Only set decoration palette once for each change (kde#468408)
==== plasma5-openSUSE ====
Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE plasma5-workspace-branding-openSUSE sddm-theme-openSUSE
- Update to 5.27.5
==== plasma5-pa ====
Version update (5.27.4 -> 5.27.5)
Subpackages: plasma5-pa-lang
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== plasma5-systemmonitor ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== plasma5-thunderbolt ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== plasma5-workspace ====
Version update (5.27.4.1 -> 5.27.5)
Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-libs xembedsniproxy
- Require cpp explicitly, xrdb doesn't do it anymore
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Too many changes to list here
==== plymouth ====
Subpackages: libply-splash-core5 libply-splash-graphics5 libply5 plymouth-dracut plymouth-lang plymouth-plugin-label plymouth-plugin-two-step plymouth-scripts plymouth-theme-bgrt plymouth-theme-spinner
- Proporly list services as parameters to
%service_del_postun_without_restart: new versions mandate the
parameters to further down the line eliminate errors. For the
time being, the code does not care for the parameters.
==== podman ====
Version update (4.5.0 -> 4.5.1)
Subpackages: podman-cni-config
- Update to version 4.5.1:
* Release v4.5.1
* [CI:DOCS] Final release notes for v4.5.1
* [CI:BUILD] Packit: set propose-downstream action type to pre-sync
* Revert "Resolve symlink path for qemu directory if possible"
* no need for podman-next rpm test on maint branch
* [CI:BUILD] Packit: add jobs for downstream Fedora package builds
* libpod: configureNetNS() tear down on errors
* libpod: rootlessNetNs.Cleanup() fix error message
* network create/update: allow dns servers comma separated
* machine: fix default connection URL to use 127.0.0.1
* compat: accept tag in /images/create?fromSrc
* compat container create: match duplicate mounts correctly
* machine: qemu only remove connection after confirmation
* windows: podman save allow the use of stdout
* remote: exec inspect update exec session status
* podman-remote logs: handle server error correctly
* libpod: stop containers with --restart=always
* Do not include image annotations when building spec
* [v4.5] system tests: fix race in kube-play read-only
* api: fix parsing filters
* Support systemd optional prefix '-' for devices.
* *: migrate image registry to registry.k8s.io
* Makefile: include `release-artifacts` target
* [CI:BUILD] Packit: Initial Enablement
* Bump to v4.5.1-dev
==== policycoreutils ====
Subpackages: policycoreutils-python-utils python3-policycoreutils
- Add python-wheel build dependency to build correctly with latest
python-pip version.
==== polkit-default-privs ====
Version update (1550+20230307.7f42172 -> 1550+20230517.ab68b2d)
- Update to version 1550+20230517.ab68b2d:
* rename com.deepin.api to org.deepin.dde (bsc#1211376)
==== polkit-kde-agent-5 ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* force extreme focus protection (kde#312325)
==== poppler ====
Version update (23.04.0 -> 23.05.0)
Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools
- update to 23.05.0:
* Fix crash when filling some forms
* Set SigFlags when signing unsigned signature
* Add some infrastructure code to support multiple signing
backends
* Fix potential stack overflow in PostScriptFunction::parseCode
* Fix some minor uninitialised memory reads
==== poppler-qt5 ====
Version update (23.04.0 -> 23.05.0)
- update to 23.05.0:
* Fix crash when filling some forms
* Set SigFlags when signing unsigned signature
* Add some infrastructure code to support multiple signing
backends
* Fix potential stack overflow in PostScriptFunction::parseCode
* Fix some minor uninitialised memory reads
==== powerdevil5 ====
Version update (5.27.4 -> 5.27.5)
Subpackages: powerdevil5-lang
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* Fix for screen backlight not working on Planet Computers Astro Slide PDA
* Fix and consolidate discharge rate and remaining time calculation
* Remove unused "BatteryState" from backend interface
* Fix possible race between DeviceAdded signal and device enumeration
* Remove support for UPower < 0.99.0
==== prison-qt5 ====
Version update (5.105.0 -> 5.106.0)
Subpackages: libKF5Prison5 prison-qt5-imports
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Fix PDF417 with binary content not producing any output with ZXing 2.0
==== purpose ====
Version update (5.105.0 -> 5.106.0)
Subpackages: libKF5Purpose5 libKF5PurposeWidgets5
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Fix build with Qt 6.5
==== python-PyJWT ====
Version update (2.6.0 -> 2.7.0)
- update to version 2.7.0
* Add classifier for Python 3.11 by @eseifert in #818
* Add Algorithm.compute_hash_digest and use it to implement at_hash validation example by @sirosen in #775
* fix: use datetime.datetime.timestamp function to have a milliseconds by @daillouf in #821
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #825
* Custom header configuration in jwk client by @thundercat1 in #823
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #828
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #833
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #835
* Add PyJWT._{de,en}code_payload hooks by @akx in #829
* Add sort_headers parameter to api_jwt.encode by @evroon in #832
* Make mypy configuration stricter and improve typing by @akx in #830
* Bump actions/stale from 6 to 7 by @dependabot in #840
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #838
* Add more types by @Viicos in #843
* Differentiate between two errors by @irdkwmnsb in #809
* Fix _validate_iat validation by @Viicos in #847
* Improve error messages when cryptography isn't installed by @Viicos in #846
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #852
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #855
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #859
* Make Algorithm an abstract base class by @Viicos in #845
* docs: correct mistake in the changelog about verify param by @gbillig in #866
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #868
* Bump actions/stale from 7 to 8 by @dependabot in #872
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #874
* Add a timeout for PyJWKClient requests by @daviddavis in #875
* Add client connection error exception by @daviddavis in #876
* Add complete types to take all allowed keys into account by @Viicos in #873
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #878
* Build and upload PyPI package by @jpadilla in #884
* Fix for issue #862 - ignore invalid keys in a jwks. by @timw6n in #863
* Add as_dict option to Algorithm.to_jwk by @fluxth in #881
==== python-SQLAlchemy ====
Version update (2.0.12 -> 2.0.15)
- Switch documentation to be within the main package.
- Update to 2.0.15
[#] orm
* As more projects are using new-style â2.0â ORM querying, itâs
becoming apparent that the conditional nature of âautoflushâ,
being based on whether or not the given statement refers to ORM
entities, is becoming more of a key behavior. Up until now, the
âORMâ flag for a statement has been loosely based around
whether or not the statement returns rows that correspond to
ORM entities or columns; the original purpose of the âORMâ flag
was to enable ORM-entity fetching rules which apply
post-processing to Core result sets as well as ORM loader
strategies to the statement. For statements that donât build on
rows that contain ORM entities, the âORMâ flag was considered
to be mostly unnecessary.
* It still may be the case that âautoflushâ would be better
taking effect for all usage of Session.execute() and related
methods, even for purely Core SQL constructs. However, this
still could impact legacy cases where this is not expected and
may be more of a 2.1 thing. For now however, the rules for the
âORM-flagâ have been opened up so that a statement that
includes ORM entities or attributes anywhere within, including
in the WHERE / ORDER BY / GROUP BY clause alone, within scalar
subqueries, etc. will enable this flag. This will cause
âautoflushâ to occur for such statements and also be visible
via the ORMExecuteState.is_orm_statement event-level attribute.
References: #9805
[#] postgresql
* Repaired the base Uuid datatype for the PostgreSQL dialect to
make full use of the PG-specific UUID dialect-specific datatype
when ânative_uuidâ is selected, so that PG driver behaviors are
included. This issue became apparent due to the
insertmanyvalues improvement made as part of #9618, where in a
similar manner as that of #9739, the asyncpg driver is very
sensitive to datatype casts being present or not, and the
PostgreSQL driver-specific native UUID datatype must be invoked
when this generic type is used so that these casts take place.
References: #9808
- Release 2.0.13
[#] orm
* Modified the JoinedLoader implementation to use a simpler
approach in one particular area where it previously used a
cached structure that would be shared among threads. The
rationale is to avoid a potential race condition which is
suspected of being the cause of a particular crash thatâs been
reported multiple times. The cached structure in question is
still ultimately âcachedâ via the compiled SQL cache, so a
performance degradation is not anticipated.
References: #9777
* Fixed regression where use of update() or delete() within a CTE
construct, then used in a select(), would raise a CompileError
as a result of ORM related rules for performing ORM-level
update/delete statements.
References: #9767
* Fixed issue in new ORM Annotated Declarative where using a
ForeignKey (or other column-level constraint) inside of
mapped_column() which is then copied out to models via pep-593
Annotated would apply duplicates of each constraint to the
Column as produced in the target Table, leading to incorrect
CREATE TABLE DDL as well as migration directives under Alembic.
References: #9766
* Fixed issue where using additional relationship criteria with
the joinedload() loader option, where the additional criteria
itself contained correlated subqueries that referred to the
joined entities and therefore also required âadaptionâ to
aliased entities, would be excluded from this adaption,
producing the wrong ON clause for the joinedload.
References: #9779
[#] sql
* Generalized the MSSQL try_cast() function into the sqlalchemy.
import namespace so that it may be implemented by third party
dialects as well. Within SQLAlchemy, the try_cast() function
remains a SQL Server-only construct that will raise
CompileError if used with backends that donât support it.
* try_cast() implements a CAST where un-castable conversions are
returned as NULL, instead of raising an error. Theoretically,
the construct could be implemented by third party dialects for
Google BigQuery, DuckDB, and Snowflake, and possibly others.
Pull request courtesy Nick Crews.
References: #9752
* Fixed issue in values() construct where an internal compilation
error would occur if the construct were used inside of a scalar
subquery.
References: #9772
[#] postgresql
* Fixed apparently very old issue where the ENUM.create_type
parameter, when set to its non-default of False, would not be
propagated when the Column which itâs a part of were copied, as
is common when using ORM Declarative mixins. References: #9773
[#] tests
* Fixed test that relied on the sys.getsizeof() function to not
run on pypy, where this function appears to have different
behavior than it does on cpython. References: #9789
- PEP517
- Add missing runtime requirement
- update to 2.0.13:
* https://docs.sqlalchemy.org/en/20/changelog/changelog_20.html#change-2.0.13
- drop unnecessary mypy dependency
==== python-Twisted ====
Subpackages: python310-Twisted python310-Twisted-tls
- Switch documentation to be within the main package.
==== python-anyio ====
- Add patch fix-failing-tls-tests.patch:
* Fix test failures with Python TLS changes.
==== python-attrs ====
Version update (22.2.0 -> 23.1.0)
- Update to 23.1.0:
[#] Backwards-incompatible Changes
* Python 3.6 has been dropped and packaging switched to static
package data using Hatch. #993
[#] Deprecations
* The support for zope-interface via the attrs.validators.provides
validator is now deprecated and will be removed in, or after,
April 2024.
* The presence of a C-based package in our developement dependencies
has caused headaches and we're not under the impression it's used
a lot.
* Let us know if you're using it and we might publish it as a
separate package. #1120
[#] Changes
* attrs.filters.exclude() and attrs.filters.include() now support
the passing of attribute names as strings. #1068
* attrs.has() and attrs.fields() now handle generic classes
correctly. #1079
* Fix frozen exception classes when raised within e.g.
contextlib.contextmanager, which mutates their __traceback__
attributes. #1081
* @frozen now works with type checkers that implement PEP-681 (ex.
pyright). #1084
* Restored ability to unpickle instances pickled before 22.2.0.
[#1085]
* attrs.asdict()'s and attrs.astuple()'s type stubs now accept the
attrs.AttrsInstance protocol. #1090
* Fix slots class cellvar updating closure in CPython 3.8+ even when
__code__ introspection is unavailable. #1092
* attrs.resolve_types() can now pass include_extras to
typing.get_type_hints() on Python 3.9+, and does so by default.
[#1099]
* Added instructions for pull request workflow to CONTRIBUTING.md.
[#1105]
* Added type parameter to attrs.field() function for use with
attrs.make_class().
* Please note that type checkers ignore type metadata passed into
make_class(), but it can be useful if you're wrapping attrs. #1107
* It is now possible for attrs.evolve() (and attr.evolve()) to
change fields named inst if the instance is passed as a positional
argument.
* Passing the instance using the inst keyword argument is now
deprecated and will be removed in, or after, April 2024. #1117
* attrs.validators.optional() now also accepts a tuple of validators
(in addition to lists of validators). #1122
==== python-blinker ====
Version update (1.5 -> 1.6.2)
- Update to 1.6.2:
* Type annotations are not evaluated at runtime. typing-extensions
is not a runtime dependency. :pr:`94`
- 1.6.1:
* Ensure that py.typed is present in the distributions (to enable
other projects to use blinker's typing).
* Require typing-extensions > 4.2 to ensure it includes ParamSpec.
:issue:`90`
- 1.6:
* Add a muted context manager to temporarily turn off a signal.
:pr:`84`
* Allow int senders (alongside existing string senders). :pr:`83`
* Add a send_async method to the Signal to allow signals to send to
coroutine receivers. :pr:`76`
* Update and modernise the project structure to match that used by
the pallets projects. :pr:`77`
* Add an intial set of type hints for the project.
==== python-gevent ====
Version update (22.10.1 -> 22.10.2)
- handle-python-ssl-changes.patch: refresh to handle ssl.shared_ciphers()
behavior change in python 3.11 as well
- Add patch handle-python-ssl-changes.patch:
* Handle Python 3.10 changes where ssl.shared_ciphers() changes
behaviour.
- skip one more test from testsuite
- update to 22.10.2:
* Update to greenlet 2.0. This fixes a deallocation issue that
required a change in greenlet's ABI. The design of greenlet 2.0 is
intended to prevent future fixes and enhancements from
requiring an ABI change, making it easier to update gevent
and greenlet independently.
- Switch documentation to be within the main package.
==== python-greenlet ====
Version update (1.1.3 -> 2.0.2)
- update to 2.0.2:
* Fix calling ``greenlet.settrace()`` with the same tracer
object that was currently active.
* Various compilation and standards conformance fixes.
* Python 3.11: Fix a memory leak. See issue 328 and gevent issue 1924.
- 2.0.0.post0 (2022-11-03)
* Add Programming Language :: Python :: 3.11 to the PyPI classifier
metadata.
- 2.0.0rc5 (2022-10-31)
* Linux: Fix another group of rare crashes that could occur when shutting
down an interpeter running multiple threads. See issue 325.
- 2.0.0rc4 (2022-10-30)
* Linux: Fix a rare crash that could occur when shutting down an interpreter
running multiple threads, when some of those threads are in greenlets
making calls to functions that release the GIL.
- 2.0.0rc1 (2022-10-27)
* Deal gracefully with greenlet switches that occur while deferred
deallocation of objects is happening using CPython's "trash can"
mechanism. Previously, if a large nested container held items that
switched greenlets during delayed deallocation, and that second greenlet
also invoked the trash can, CPython's internal state could become corrupt.
This was visible as an assertion error in debug builds. Now, the relevant
internal state is saved and restored during greenlet switches. See also
gevent issue 1909.
* Rename the C API function PyGreenlet_GET_PARENT to PyGreenlet_GetParent
for consistency. The old name remains available as a deprecated alias.
- 2.0.0a1 (2022-01-20)
* Drop support for very old versions of GCC and MSVC.
Compilation now requires a compiler that either supports C++11 or has some
other intrinsic way to create thread local variables; for older GCC, clang
and SunStudio we use __thread, while for older MSVC we use
__declspec(thread).
* This version of greenlet is known to compile and pass tests on CPython
3.11.0a4. Earlier or later 3.11 releases may or may not work. See PR 280.
Special thanks to Brandt Bucher and the CPython developers.
* Fix several leaks that could occur when using greenlets from multiple
threads. For example, it is no longer necessary to call getcurrent()
before exiting a thread to allow its main greenlet to be cleaned up. See
issue 252.
* Fix the C API PyGreenlet_Throw to perform the same error checking that the
Python API greenlet.throw() does. Previously, it did no error checking.
- drop sphinx-6.0.0.patch (upstream)
==== python-httpcore ====
Version update (0.16.3 -> 0.17.0)
- update to 0.17.0:
* Add DEBUG level logging. (#648)
* Respect HTTP/2 max concurrent streams when settings updates
are sent by server. (#652)
* Increase the allowable HTTP header size to 100kB. (#647)
* Add `retries` option to SOCKS proxy classes. (#643)
==== python-numpy ====
- Add patch remove-deprecated-hypothesis-funcs.patch:
* Change to a non-deprecated function from hypothesis.
==== python-pip ====
Version update (22.3.1 -> 23.1.2)
- Update to 23.1.2
- Upgrade setuptools to 67.7.2
- 23.1.1:
- Revert #11487, as it causes issues with virtualenvs created by the
Windows Store distribution of Python. (#11987)
- Revert pkg_resources (via setuptools) back to 65.6.3
- Update documentation to reflect the new behavior of using the
cache of locally built wheels in hash-checking mode. (#11967)
- 23.1:
- Remove support for the deprecated --install-options. (#11358)
- --no-binary does not imply setup.py install anymore. Instead a
wheel will be built locally and installed. (#11451)
- --no-binary does not disable the cache of locally built wheels
anymore. It only means "don't download wheels". (#11453)
- Deprecate --build-option and --global-option. Users are invited to
switch to --config-settings. (#11859)
- Using --config-settings with projects that don't have a
pyproject.toml now prints a deprecation warning. In the future the
presence of config settings will automatically enable the default
build backend for legacy projects and pass the setttings to it.
(#11915)
- Remove setup.py install fallback when building a wheel failed for
projects without pyproject.toml. (#8368)
- When the wheel package is not installed, pip now uses the default
build backend instead of setup.py install and setup.py develop for
project without pyproject.toml. (#8559)
- Specify egg-link location in assertion message when it does not
match installed location to provide better error message for
debugging. (#10476)
- Present conflict information during installation after each choice
that is rejected (pass -vv to pip install to show it) (#10937)
- Display dependency chain on each Collecting/Processing log line.
(#11169)
- Support a per-requirement --config-settings option in requirements
files. (#11325)
- The --config-settings/-C option now supports using the same key
multiple times. When the same key is specified multiple times, all
values are passed to the build backend as a list, as opposed to
the previous behavior, where pip would only pass the last value if
the same key was used multiple times. (#11681)
- Add -C as a short version of the --config-settings option.
(#11786)
- Reduce the number of resolver rounds, since backjumping makes the
resolver more efficient in finding solutions. This also makes
pathological cases fail quicker. (#11908)
- Warn if --hash is used on a line without requirement in a
requirements file. (#11935)
- Stop propagating CLI --config-settings to the build dependencies.
They already did not propagate to requirements provided in
requirement files. To pass the same config settings to several
requirements, users should provide the requirements as CLI
arguments. (#11941)
- Support wheel cache when using --require-hashes. (#5037)
- Add --keyring-provider flag. See the Authentication page in the
documentation for more info. (#8719)
- In the case of virtual environments, configuration files are now
also included from the base installation. (#9752)
- Fix grammar by changing "A new release of pip available:" to "A
new release of pip is available:" in the notice used for
indicating that. (#11529)
- Normalize paths before checking if installed scripts are on PATH.
(#11719)
- Correct the way to decide if keyring is available. (#11774)
- More consistent resolution backtracking by removing legacy hack
related to setuptools resolution (#11837)
- Include AUTHORS.txt in pip's wheels. (#11882)
- The uninstall and install --force-reinstall commands no longer
call normalize_path() repeatedly on the same paths. Instead, these
results are cached for the duration of an uninstall operation,
resulting in improved performance, particularly on Windows.
(#11889)
- Fix and improve the parsing of hashes embedded in URL fragments.
(#11936)
- When package A depends on package B provided as a direct URL
dependency including a hash embedded in the link, the
- -require-hashes option did not warn when user supplied hashes
were missing for package B. (#11938)
- Correctly report requested_extras in the installation report when
extras are specified for a local directory installation. (#11946)
- When installing an archive from a direct URL or local file,
populate download_info.info.hashes in the installation report, in
addition to the legacy download_info.info.hash key. (#11948)
- 23.0.1:
- Change the hashes in the installation report to be a mapping. Emit
the archive_info.hashes dictionary in direct_url.json. (#11312)
- Implement logic to read the EXTERNALLY-MANAGED file as specified
in PEP 668. This allows a downstream Python distributor to prevent
users from using pip to modify the externally managed environment.
(#11381)
- Enable the use of keyring found on PATH. This allows keyring
installed using pipx to be used by pip. (#11589)
- The inspect and installation report formats are now declared
stable, and their version has been bumped from 0 to 1. (#11757)
- Wheel cache behavior is restored to match previous versions,
allowing the cache to find existing entries. (#11527)
- Use the "venv" scheme if available to obtain prefixed lib paths.
(#11598)
- Deprecated a historical ambiguity in how egg fragments in
URL-style requirements are formatted and handled. egg fragments
... changelog too long, skipping 9 lines ...
cause exceptions in pip install (#11704)
==== python-pycryptodome ====
Version update (3.17.0 -> 3.18.0)
- update to 3.18.0:
* Added support for DER BOOLEAN encodings.
* The library now compiles on Windows ARM64. Thanks to Niyas
Sait.
* GH#722: ``nonce`` attribute was not correctly set for
XChaCha20_Poly1305 ciphers. Thanks to Liam Haber.
* GH#728: Workaround for a possible x86 emulator bug in Windows
for ARM64.
* GH#739: OID encoding for arc 2 didn't accept children larger
than 39. Thanks to James.
* Correctly check that the scalar matches the point when
importing an ECC private key.
==== python-pyzmq ====
Version update (24.0.1 -> 25.0.2)
- Update to version 25.0.2
* Bundled subset of tornado's IOLoop (deprecated since pyzmq 17) is removed,
so ZMQStream cannot be used without an actual install of tornado.
* Remove support for tornado 4.
* Added `socket_class` argument to zmq.Context.socket
* Support shadowing sockets with socket objects.
* In zmq.auth and zmq.eventloop.zmqstream callbacks may now be async.
* License files have been renamed to more standard LICENSE.BSD, LICENSE.LESSER
to appease some license auto-detect tools.
==== python-redis ====
Version update (4.5.4 -> 4.5.5)
- update to 4.5.5:
* Add support for CLIENT NO-TOUCH
* Add support for CLUSTER MYSHARDID
* Add "address_remap" feature to RedisCluster
* Add WITHSCORES argument to ZREVRANK command
* Improve error output for master discovery
* Fix XADD: allow non negative maxlen
* Fix create single connection client from url
* Optionally disable disconnects in read_response
* Fix SLOWLOG GET return value
* Fix potential race condition during disconnection
* Return response in case of KeyError
* Fix incorrect usage of once flag in async Sentinel
* Fix memory leak caused by hiredis in asyncio case
* Really do not use asyncio's timeout lib before 3.11.2
==== python-requests ====
Version update (2.28.2 -> 2.30.0)
- add sle15_python_module_pythons
- Update to 2.30.0:
* Added support for urllib3 2.0. 
* Defer chunked requests to the urllib3 implementation to improve
standardization.
* Relax header component requirements to support bytes/str subclasses.
==== python-responses ====
Version update (0.21.0 -> 0.23.1)
- Drop patch 636-urllib3-2-compat.patch:
* moto needs to stay with urllib3 < 2 due to boto.
- Update 636-urllib3-2-compat.patch (from
gh#getsentry/responses!636).
- Fix missing runtime requirements
- Remove runtime requirement of typing stubs
- Update to 0.23.1:
- Remove `tomli` import. See #630
- Add Python 3.11 support
- Fix type annotations of `CallList`. See #593
- `request` object is attached to any custom exception provided
as `Response` `body` argument. See #588
- Fixed mocked responses leaking between tests when
`assert_all_requests_are_fired` and a request was not fired.
- [BETA] Default recorder format was changed to YAML.
Added `responses.RequestsMock._parse_response_file` and
`responses._recorder.Recorder.dump_to_file` methods that
allow users to override default parser to eg toml, json
- Update `requests` dependency to the version of 2.22.0 or
higher. See #584.
- [BETA] Added possibility to record responses to TOML files
via `(a)_recorder.record(file_path="out.toml")` decorator.
- [BETA] Added possibility to replay responses
(populate registry) from TOML files via
`responses._add_from_file(file_path="out.toml")` method.
- Fix type for the `mock`'s patcher object. See #556
- Fix type annotation for `CallList`
- Add `passthrough` argument to `BaseResponse` object. See #557
- Fix `registries` leak. See #563
- `OriginalResponseShim` is removed. See #585
- Add support for the `loose` version of `json_params_matcher`
via named argument `strict_match`. See #551
- Add lists support as JSON objects in
`json_params_matcher`. See #559
- Added project links to pypi listing.
- `delete`, `get`, `head`, `options`, `patch`,
`post`, `put` shortcuts are now implemented using
`functools.partialmethod`.
- Fix `MaxRetryError` exception. Replace exception by
`RetryError` according to `requests` implementation. See
[#572].
- Adjust error message when `Retry` is exhausted. See #580.
- Remove py_old_re_Pattern.patch, because we donât care about
compatibility with pre-SLE15-SP4 any more.
- Add compat-urllib3-2.patch and unbundle-urllib3.patch to make
the package compatible with urllib3 >= 2.0 (still not enough
gh#getsentry/responses#635).
==== python-rich ====
Version update (13.3.5 -> 13.4.1)
- update to 13.4.1:
* Fixed typing extensions import in markdown #2979
- update to 13.4.0:
* Added support for tables in Markdown #2977
==== python-rpm ====
- add _multibuild for multiple .spec-files
==== python-setuptools ====
Version update (67.6.1 -> 67.7.2)
- Testing must be single-spec as well.
- Update to 67.7.2:
* #3902: Fixed wrong URLs used in warnings and logs.
* #3898: Fixes setuptools.dist:invalid_unless_false when value is false
donât raise error
* #3849: Overhaul warning system for better visibility.
* #3884: Add a stacklevel parameter to warnings.warn() to provide more
information to the user.
- Add patch use-tarfile-extraction_filter.patch:
* Set an extraction_filter to avoid a warning.
- add sle15_python_module_pythons (jsc#PED-68)
==== python-tornado6 ====
Version update (6.2 -> 6.3.2)
- New upstream release 6.3.2
- Security improvements
- Fixed an open redirect vulnerability in StaticFileHandler
under certain configurations.
- ``tornado.web``
- `.RequestHandler.set_cookie` once again accepts capitalized
keyword arguments for backwards compatibility. This is
deprecated and in Tornado 7.0 only lowercase arguments will
be accepted.
- What's new in Tornado 6.3.0
- The new `.Application` setting ``xsrf_cookie_name``
can now be used to take advantage of the ``__Host``
cookie prefix for improved security. To use it, add
``{"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs":
{"secure": True}}`` to your `.Application` settings. Note
that this feature currently only works when HTTPS is used.
- `.WSGIContainer` now supports running the application in
a ``ThreadPoolExecutor`` so the event loop is no longer
blocked.
- `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were
deprecated in Tornado 6.2, are no longer deprecated.
- WebSockets are now much faster at receiving large messages
split into many fragments.
- General changes
- Python 3.7 is no longer supported; the minimum supported .
Python version is 3.8 Python 3.12 is now supported .
- To avoid spurious deprecation warnings, users of Python
3.10 should upgrade to at least version 3.10.9, and users
of Python 3.11 should upgrade to at least version 3.11.1.
- Tornado submodules are now imported automatically on
demand. This means it is now possible to use a single
``import tornado`` statement and refer to objects in
submodules such as `tornado.web.RequestHandler`.
- Deprecation notices
- In Tornado 7.0, `tornado.testing.ExpectLog` will match
``WARNING`` and above regardless of the current logging
configuration, unless the ``level`` argument is used.
- `.RequestHandler.get_secure_cookie` is now a deprecated
alias for `.RequestHandler.get_signed_cookie`.
`.RequestHandler.set_secure_cookie` is now a deprecated
alias for `.RequestHandler.set_signed_cookie`.
- `.RequestHandler.clear_all_cookies` is
deprecated. No direct replacement is provided;
`.RequestHandler.clear_cookie` should be used on individual
cookies.
- Calling the `.IOLoop` constructor without a
``make_current`` argument, which was deprecated in Tornado
6.2, is no longer deprecated.
- `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were
deprecated in Tornado 6.2, are no longer deprecated.
- `.AsyncTestCase.get_new_ioloop` is deprecated.
- ``tornado.auth``
- New method `.GoogleOAuth2Mixin.get_google_oauth_settings`
can now be overridden to get credentials from a source
other than the `.Application` settings.
- ``tornado.gen``
- `contextvars` now work properly when a ``(a)gen.coroutine``
calls a native coroutine.
- ``tornado.options``
- `~.OptionParser.parse_config_file` now recognizes single
comma-separated strings (in addition to lists of strings)
for options with ``multiple=True``.
- ``tornado.web``
- New `.Application` setting ``xsrf_cookie_name`` can be used
to change the name of the XSRF cookie. This is most useful
to take advantage of the ``__Host-`` cookie prefix.
- `.RequestHandler.get_secure_cookie` and
`.RequestHandler.set_secure_cookie` (and related
methods and attributes) have been renamed
to `~.RequestHandler.get_signed_cookie` and
`~.RequestHandler.set_signed_cookie`. This makes it
more explicit what kind of security is provided, and
avoids confusion with the ``Secure`` cookie attribute
and ``__Secure-`` cookie prefix. The old names remain
supported as deprecated aliases.
- `.RequestHandler.clear_cookie` now accepts all keyword
arguments accepted by `~.RequestHandler.set_cookie`. In
some cases clearing a cookie requires certain arguments to
be passed the same way in which it was set.
- `.RequestHandler.clear_all_cookies` now accepts
additional keyword arguments for the same reason as
``clear_cookie``. However, since the requirements for
additional arguments mean that it cannot reliably clear all
cookies, this method is now deprecated.
- ``tornado.websocket``
- It is now much faster (no longer quadratic) to receive
large messages that have been split into many fragments.
- `.websocket_connect` now accepts a ``resolver`` parameter.
- ``tornado.wsgi``
- `.WSGIContainer` now accepts an ``executor`` parameter
which can be used to run the WSGI application on a thread
pool.
- What's new in Tornado 6.2.0
- Deprecation notice
- Python 3.10 has begun the process of significant changes
to the APIs for managing the event loop. Calls to
methods such as `asyncio.get_event_loop` may now raise
`DeprecationWarning` if no event loop is running. This
has significant impact on the patterns for initializing
... changelog too long, skipping 101 lines ...
- Remove upstreamed ignore-py310-deprecation-warnings.patch
==== python-urllib3 ====
Version update (1.26.15 -> 2.0.2)
- update to 2.0.2:
* Fixed ``HTTPResponse.stream()`` to continue yielding bytes if
buffered decompressed data was still available to be read
even if the underlying socket is closed. This prevents
a compressed response from being truncated.
- Update to 2.0.1:
* Fixed a socket leak when fingerprint or hostname verifications fail.
* Fixed an error when HTTPResponse.read(0) was the first read call or when
the internal response body buffer was otherwise empty.
* Removed support for Python 2.7, 3.5, and 3.6.
* Removed fallback on certificate commonName in match_hostname() function.
* Removed support for Python with an ssl module compiled with LibreSSL,
CiscoSSL, wolfSSL, and all other OpenSSL alternatives.
* Removed support for OpenSSL versions earlier than 1.1.1.
* Removed urllib3.contrib.appengine.AppEngineManager and support for Google
App Engine Standard Environment.
* Changed ssl_version to instead set the corresponding
SSLContext.minimum_version and SSLContext.maximum_version values.
* Changed default SSLContext.minimum_version to be TLSVersion.TLSv1_2
in line with Python 3.10.
* Changed urllib3.util.create_urllib3_context to not override the system
cipher suites with a default value.
* Changed multipart/form-data header parameter formatting matches the
WHATWG HTML Standard as of 2021-06-10.
* Changed HTTPConnection.request() to always use lowercase chunk boundaries
when sending requests with Transfer-Encoding: chunked.
* Changed enforce_content_length default to True, preventing silent data
loss when reading streamed responses.
* Changed all parameters in the HTTPConnection and HTTPSConnection
constructors to be keyword-only except host and port.
* Changed HTTPConnection.getresponse() to set the socket timeout from
HTTPConnection.timeout value before reading data from the socket.
* Changed name of Retry.BACK0FF_MAX to be Retry.DEFAULT_BACKOFF_MAX.
* Changed TLS handshakes to use SSLContext.check_hostname when possible.
* Changed the default blocksize to 16KB to match OpenSSL's default read
amounts.
* Changed HTTPResponse.read() to raise an error when calling with
decode_content=False after using decode_content=True to prevent data loss.
* Fixed thread-safety issue where accessing a PoolManager with many
distinct origins would cause connection pools to be closed while
requests are in progress.
* Fixed the default value of HTTPSConnection.socket_options to match
HTTPConnection.
* Fixed a socket leak if HTTPConnection.connect() fails.
- Drop patch remove_mock.patch, included upstream.
- Fiddle with {Build,}Requires as appropiate, six finally dropped.
==== python-zope.event ====
- Switch documentation to be within the main package.
==== python310 ====
Version update (3.10.10 -> 3.10.11)
Subpackages: python310-curses python310-dbm
- Why in the world we download from HTTP?
- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
CVE-2007-4559 (bsc#1203750) by adding the filter for
tarfile.extractall (PEP 706).
- Update to 3.10.11:
- Core and Builtins
- gh-102416: Do not memoize incorrectly automatically
generated loop rules in the parser. Patch by Pablo Galindo.
- gh-102356: Fix a bug that caused a crash when deallocating
deeply nested filter objects. Patch by Marta Gómez MacÃas.
- gh-102397: Fix segfault from race condition in signal
handling during garbage collection. Patch by Kumar Aditya.
- gh-102126: Fix deadlock at shutdown when clearing thread
states if any finalizer tries to acquire the runtime head
lock. Patch by Kumar Aditya.
- gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal
module. Patch by Max Bachmann.
- gh-101967: Fix possible segfault in
positional_only_passed_as_keyword function, when new list
created.
- gh-101765: Fix SystemError / segmentation fault in iter
__reduce__ when internal access of builtins.__dict__ keys
mutates the iter object.
- Library
- gh-102947: Improve traceback when dataclasses.fields() is
called on a non-dataclass. Patch by Alex Waygood
- gh-101979: Fix a bug where parentheses in the metavar
argument to argparse.ArgumentParser.add_argument() were
dropped. Patch by Yeojin Kim.
- gh-102179: Fix os.dup2() error message for negative fds.
- gh-101961: For the binary mode, fileinput.hookcompressed()
doesnât set the encoding value even if the value is
None. Patch by Gihwan Kim.
- gh-101936: The default value of fp becomes io.BytesIO
if HTTPError is initialized without a designated fp
parameter. Patch by Long Vo.
- gh-101566: In zipfile, apply fix for extractall on the
underlying zipfile after being wrapped in Path.
- gh-101997: Upgrade pip wheel bundled with ensurepip (pip
23.0.1)
- gh-101892: Callable iterators no longer raise SystemError
when the callable object exhausts the iterator but forgets
to either return a sentinel value or raise StopIteration.
- gh-97786: Fix potential undefined behaviour in corner cases
of floating-point-to-time conversions.
- gh-101517: Fixed bug where bdb looks up the source line
with linecache with a lineno=None, which causes it to fail
with an unhandled exception.
- gh-101673: Fix a pdb bug where ll clears the changes to
local variables.
- gh-96931: Fix incorrect results from
ssl.SSLSocket.shared_ciphers()
- gh-88233: Correctly preserve âextraâ fields in zipfile
regardless of their ordering relative to a zip64 âextra.â
- gh-95495: When built against OpenSSL 3.0, the ssl module
had a bug where it reported unauthenticated EOFs (i.e.
without close_notify) as a clean TLS-level EOF. It now
raises SSLEOFError, matching the behavior in previous
versions of OpenSSL. The options attribute on SSLContext
also no longer includes OP_IGNORE_UNEXPECTED_EOF by
default. This option may be set to specify the previous
OpenSSL 3.0 behavior.
- gh-94440: Fix a concurrent.futures.process bug where
ProcessPoolExecutor shutdown could hang after a future has
been quickly submitted and canceled.
- Documentation
- gh-103112: Add docstring to http.client.HTTPResponse.read()
to fix pydoc output.
- gh-85417: Update cmath documentation to clarify behaviour
on branch cuts.
- gh-97725: Fix asyncio.Task.print_stack() description for
file=None. Patch by Oleg Iarygin.
- Tests
- gh-102980: Improve test coverage on pdb.
- gh-102537: Adjust the error handling strategy in
test_zoneinfo.TzPathTest.python_tzpath_context. Patch by
Paul Ganssle.
- gh-101377: Improved test_locale_calendar_formatweekday of
calendar.
- Build
- gh-102711: Fix -Wstrict-prototypes compiler warnings.
- Removed upstreamed:
- invalid-json.patch
==== python310-core ====
Version update (3.10.10 -> 3.10.11)
Subpackages: libpython3_10-1_0 python310-base
- Why in the world we download from HTTP?
- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
CVE-2007-4559 (bsc#1203750) by adding the filter for
tarfile.extractall (PEP 706).
- Update to 3.10.11:
- Core and Builtins
- gh-102416: Do not memoize incorrectly automatically
generated loop rules in the parser. Patch by Pablo Galindo.
- gh-102356: Fix a bug that caused a crash when deallocating
deeply nested filter objects. Patch by Marta Gómez MacÃas.
- gh-102397: Fix segfault from race condition in signal
handling during garbage collection. Patch by Kumar Aditya.
- gh-102126: Fix deadlock at shutdown when clearing thread
states if any finalizer tries to acquire the runtime head
lock. Patch by Kumar Aditya.
- gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal
module. Patch by Max Bachmann.
- gh-101967: Fix possible segfault in
positional_only_passed_as_keyword function, when new list
created.
- gh-101765: Fix SystemError / segmentation fault in iter
__reduce__ when internal access of builtins.__dict__ keys
mutates the iter object.
- Library
- gh-102947: Improve traceback when dataclasses.fields() is
called on a non-dataclass. Patch by Alex Waygood
- gh-101979: Fix a bug where parentheses in the metavar
argument to argparse.ArgumentParser.add_argument() were
dropped. Patch by Yeojin Kim.
- gh-102179: Fix os.dup2() error message for negative fds.
- gh-101961: For the binary mode, fileinput.hookcompressed()
doesnât set the encoding value even if the value is
None. Patch by Gihwan Kim.
- gh-101936: The default value of fp becomes io.BytesIO
if HTTPError is initialized without a designated fp
parameter. Patch by Long Vo.
- gh-101566: In zipfile, apply fix for extractall on the
underlying zipfile after being wrapped in Path.
- gh-101997: Upgrade pip wheel bundled with ensurepip (pip
23.0.1)
- gh-101892: Callable iterators no longer raise SystemError
when the callable object exhausts the iterator but forgets
to either return a sentinel value or raise StopIteration.
- gh-97786: Fix potential undefined behaviour in corner cases
of floating-point-to-time conversions.
- gh-101517: Fixed bug where bdb looks up the source line
with linecache with a lineno=None, which causes it to fail
with an unhandled exception.
- gh-101673: Fix a pdb bug where ll clears the changes to
local variables.
- gh-96931: Fix incorrect results from
ssl.SSLSocket.shared_ciphers()
- gh-88233: Correctly preserve âextraâ fields in zipfile
regardless of their ordering relative to a zip64 âextra.â
- gh-95495: When built against OpenSSL 3.0, the ssl module
had a bug where it reported unauthenticated EOFs (i.e.
without close_notify) as a clean TLS-level EOF. It now
raises SSLEOFError, matching the behavior in previous
versions of OpenSSL. The options attribute on SSLContext
also no longer includes OP_IGNORE_UNEXPECTED_EOF by
default. This option may be set to specify the previous
OpenSSL 3.0 behavior.
- gh-94440: Fix a concurrent.futures.process bug where
ProcessPoolExecutor shutdown could hang after a future has
been quickly submitted and canceled.
- Documentation
- gh-103112: Add docstring to http.client.HTTPResponse.read()
to fix pydoc output.
- gh-85417: Update cmath documentation to clarify behaviour
on branch cuts.
- gh-97725: Fix asyncio.Task.print_stack() description for
file=None. Patch by Oleg Iarygin.
- Tests
- gh-102980: Improve test coverage on pdb.
- gh-102537: Adjust the error handling strategy in
test_zoneinfo.TzPathTest.python_tzpath_context. Patch by
Paul Ganssle.
- gh-101377: Improved test_locale_calendar_formatweekday of
calendar.
- Build
- gh-102711: Fix -Wstrict-prototypes compiler warnings.
- Removed upstreamed:
- invalid-json.patch
==== qemu ====
Version update (7.1.0 -> 8.0.2)
- Update to version 8.0.2:
* Stability, security and bug fixes
- Patch added:
* [openSUSE][RPM] Update to version 8.0.2
- Patch added:
[openSUSE][RPM] Fix deps for virtiofsd and improve spec files
- Update the _constraints file:
* the qemu-testsuite package does not exist any longer, but some
of the tests are done in the qemu package (so "transfer" some of
the constraints to that one)
- some of the builds are failing with OOM, happening while the RPM
is actually put together, at the end of the process. Try to give
them more RAM
- Patch added:
[openSUSE][RPM] spec: require virtiofsd, now that it is a sep package (#27)
- Update to version 8.0.0 (https://wiki.qemu.org/ChangeLog/8.0)
* Removed features: https://qemu-project.gitlab.io/qemu/about/removed-features.html
* Deprecated features: https://qemu-project.gitlab.io/qemu/about/deprecated.html
* Some notable changes:
- ARM:
- New emulated CPU types:
- Cortex-A55 CPU
- Cortex-R52 CPU
- x86
- Add support for Xen guests under KVM with Linux v5.12+
- New CPU model "SapphireRapids"
- VFIO
- Experimental migration support has been updated to the v2 VFIO migration protocol
- virtio
- virtio-mem now fully supports combining preallocation with migration
- vDPA
- Support live migration of vhost-vdpa net devices without CVQ, with no need of x-svq
- virtiofs
- The old C virtiofsd has been removed, use the new Rust implementation instead.
* Patches added:
[openSUSE][RPM] Try to avoid recommending too many packages (bsc#1205680)
[openSUSE][RPM] Move documentation to a subpackage and fix qemu-headless (bsc#1209629)
roms: add back edk2-basetools target
async: Suppress GCC13 false positive in aio_bh_poll()
[openSUSE][OBS] Limit the workflow runs to the factory branch (#25)
[openSUSE][RPM] Spec file adjustments for 8.0.0
- (Radical!) Change of packaging workflow. Now pretty much everything
happens via git, and interacting with https://github.com/openSUSE/qemu.git.
See README.PACKAGING for details
* Patches added:
linux-user: Add pidfd_open(), pidfd_send_signal() and pidfd_getfd() syscalls
linux-user: fill out task state in /proc/self/stat
linux-user: Emulate CLONE_PIDFD flag in clone()
* Patches transformed in git commits:
Disable-some-tests-that-have-problems-in.patch
Make-char-muxer-more-robust-wrt-small-FI.patch
Make-installed-scripts-explicitly-python.patch
Makefile-fix-build-with-binutils-2.38.patch
PPC-KVM-Disable-mmu-notifier-check.patch
Raise-soft-address-space-limit-to-hard-l.patch
Revert-linux-user-fix-compat-with-glibc-.patch
Revert-roms-efirom-tests-uefi-test-tools.patch
Revert-tests-qtest-enable-more-vhost-use.patch
Update-linux-headers-to-v6.0-rc4.patch
accel-abort-if-we-fail-to-load-the-accel.patch
acpi-cpuhp-fix-guest-visible-maximum-acc.patch
ath5k-Add-missing-AR5K_EEPROM_READ-in-at.patch
bios-tables-test-add-test-for-number-of-.patch
bios-tables-test-teach-test-to-use-smbio.patch
block-Handle-curl-7.55.0-7.85.0-version-.patch
block-io_uring-revert-Use-io_uring_regis.patch
configure-Add-Wno-gnu-variable-sized-typ.patch
dmg-warn-when-opening-dmg-images-contain.patch
dump-Add-architecture-section-and-sectio.patch
dump-Refactor-dump_iterate-and-introduce.patch
dump-Reintroduce-memory_offset-and-secti.patch
dump-Rename-write_elf-_phdr_note-to-prep.patch
dump-Rename-write_elf_loads-to-write_elf.patch
dump-Reorder-struct-DumpState.patch
dump-Replace-opaque-DumpState-pointer-wi.patch
dump-Rework-dump_calculate_size-function.patch
dump-Rework-filter-area-variables.patch
dump-Rework-get_start_block.patch
dump-Split-elf-header-functions-into-pre.patch
dump-Use-a-buffer-for-ELF-section-data-a.patch
dump-Write-ELF-section-headers-right-aft.patch
hw-acpi-erst.c-Fix-memory-handling-issue.patch
hw-display-qxl-Avoid-buffer-overrun-in-q.patch
hw-display-qxl-Document-qxl_phys2virt.patch
hw-display-qxl-Have-qxl_log_command-Retu.patch
hw-display-qxl-Pass-requested-buffer-siz.patch
hw-pvrdma-Protect-against-buggy-or-malic.patch
hw-scsi-megasas-check-for-NULL-frame-in-.patch
hw-smbios-add-core_count2-to-smbios-tabl.patch
hw-smbios-handle-both-file-formats-regar.patch
hw-smbios-support-for-type-8-port-connec.patch
include-elf.h-add-s390x-note-types.patch
increase-x86_64-physical-bits-to-42.patch
linux-user-Fake-proc-cpuinfo.patch
linux-user-lseek-explicitly-cast-non-set.patch
linux-user-remove-conditionals-for-many-.patch
linux-user-use-max-as-default-CPU-model-.patch
linux-user-use-target_ulong.patch
meson-install-ivshmem-client-and-ivshmem.patch
... changelog too long, skipping 47 lines ...
xen_disk-Add-suse-specific-flush-disable.patch
==== qqc2-desktop-style ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Don't attempt to sync colors when application is shutting down
==== raspberrypi-firmware-dt ====
- Enable 3.5mm jack socket stereo audio (bsc#1209314):
* 0001-ARM-dts-bcm2711-rpi-Reuse-bcm2836-vchiq-driver.patch
==== redis ====
- refresh redis-hashes from upstream source
==== rpm ====
Subpackages: librpmbuild9
- add _multibuild for multiple .spec-files
==== ruby-common ====
Version update (3.2 -> 3.2.1)
- bump the version so we can require the new version to make it
easier to depend on the new functionality
- Support runtime dependencies for the generated subpackages:
syntax:
Requires: rubygem(gemname)
Recommends: rubygem(gemname:x) >= x.y
This will be transformed into
Requires: rubygem(ruby:<rubyabi>:gemname)
Recommends: rubygem(ruby:<rubyabi>:gemname:x) >= x.y
That way we ensure that every package only requires rubygems for
the current ruby version.
==== rubygem-gem2rpm ====
- add BuildRequires: ruby-common >= 3.2
This version is required to rebuild the package. The older
ruby-common is no longer sufficient.
==== rubygem-ruby-dbus ====
Version update (0.21.0 -> 0.22.1)
- 0.22.1
Bug fixes:
* Fix OBS building by disabling IPv6 tests, gh#mvidner/ruby-dbus#134.
- 0.22.0
Features:
* Enable using nokogiri without rexml (by Dominik Andreas Schorpp,
gh#mvidner/ruby-dbus#132)
Bug fixes:
* Respect DBUS_SYSTEM_BUS_ADDRESS environment variable.
Other:
* For NameRequestError, mention who is the other owner.
* Session bus autolaunch still does not work, but: don't try launchd except
on macOS, and improve the error message.
* examples/gdbus split off to its own repository
==== setxkbmap ====
Version update (1.3.3 -> 1.3.4)
- Update to version 1.3.4
* gitlab CI: stop requiring Signed-off-by in commits
* Be more careful about querying randr
* Fix "Xwayland" spelling
* Check for the XWAYLAND extension
* Route the Xwayland warning through stderr
==== shaderc ====
Version update (2023.2 -> 2023.4)
- Update to release 2023.4
* Add option to preserve bindings
* Add options to control mesh shading limits
==== shim ====
- Update shim-install to amend full disk encryption support
b540061e041b Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
f2e8143ce831 Use the long name to specify the grub2 key protector
72830120e5ea cryptodisk: support TPM authorized policies
49e7a0d307f3 Do not use tpm_record_pcrs unless the command is in command.lst
==== signon-kwallet-extension ====
Version update (23.04.0 -> 23.04.1)
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- No code change since 23.04.0
==== solid ====
Version update (5.105.0 -> 5.106.0)
Subpackages: libKF5Solid5 solid-imports solid-tools
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Implement solid-hardware monitor mode for property changes
* Connect UPowerDevice propertyChanged signal to frontend
* Avoid cache bypass of `UPowerDevice::allProperties`
* Use values from PropertiesChanged instead of invalidating whole cache
==== sonnet ====
Version update (5.105.0 -> 5.106.0)
Subpackages: libKF5SonnetCore5 libKF5SonnetUi5 sonnet-imports
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== spectacle ====
Version update (23.04.0 -> 23.04.1)
- Fix systemd_user_post/preun/postun calls: all systemd_user macros
take service names as parameter.
- Update to 23.04.1
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/23.04.1/
- Changes since 23.04.0:
* Increase default stroke size for rectanlge and ellipse annotations
* Undo making it possible to uncheck font
* Multiply annotation shadow opacity by stroke or fill opacity (kde#464170)
* Use transparent default fill color for rectangle and ellipse annotations
* Allow making annotation colors fully transparent via checkboxes (kde#468077)
* return early if action is null in Utils::shapeShadow()
* Hide redundant header on Wayland (kde#468818)
* Add pragma once to ScreenShotEffect.h
* Add pragma once to PlasmaVersion.h
* PlasmaVersion: clean up header file
* Warn when screenshot effect isn't available on wayland, exit if no GUI
* Fix segfaults from xcb function calls not getting replies fast enough
* Fix warning about plasmashell service without plasmashell
* Enable autoRepeat for Undo/Redo buttons
* Only add 200ms delay if Plasma version is less than 5.27.4
* Fix quitting Spectacle with Escape affecting windows below it (kde#428478)
==== sqlite3 ====
Version update (3.41.2 -> 3.42.0)
Subpackages: libsqlite3-0 sqlite3-tcl
- Update to 3.42.0:
* Add the FTS5 secure-delete command. This option causes all
forensic traces to be removed from the FTS5 inverted index when
content is deleted.
* Enhance the JSON SQL functions to support JSON5 extensions.
* The SQLITE_CONFIG_LOG and SQLITE_CONFIG_PCACHE_HDRSZ calls to
sqlite3_config() are now allowed to occur after
sqlite3_initialize().
* New sqlite3_db_config() options:
SQLITE_DBCONFIG_STMT_SCANSTATUS and
SQLITE_DBCONFIG_REVERSE_SCANORDER.
* Query planner improvements.
* Add the --unsafe-testing command-line option.
* Allow commands ".log on" and ".log off", even in --safe mode.
* "--" as a command-line argument means all subsequent arguments
that start with "-" are interpreted as normal non-option
argument.
* Magic parameters ":inf" and ":nan" bind to floating point
literals Infinity and NaN, respectively.
* Add the ability for application-defined SQL functions to have
the same name as join keywords: CROSS, FULL, INNER, LEFT,
NATURAL, OUTER, or RIGHT.
* Enhancements to PRAGMA integrity_check
* Allow the session extension to be configured to capture changes
from tables that lack an explicit ROWID.
* Added the subsecond modifier to the date and time functions.
* Negative values passed into sqlite3_sleep() are henceforth
interpreted as 0.
* The maximum recursion depth for JSON arrays and objects is
lowered from 2000 to 1000.
* Extended the built-in printf() function so the comma option now
works with floating-point conversions in addition to integer
conversions.
* Miscellaneous bug fixes and performance optimizations.
==== sssd ====
Version update (2.8.2 -> 2.9.0)
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap
- Update to release 2.9
* The sss_simpleifp library is deprecated (and for openSUSE,
already removed)
* The "Files provider" (i.e. id_provider = files) is deprecated
(and for openSUSE, already removed)
* SSSD will no longer warn about changed defaults when using
ldap_schema = rfc2307 and default autofs mapping.
* New passkey functionality, which will allow the use of FIDO2
compliant devices to authenticate a centrally managed user
locally.
* Add support for ldapi:// URLs to allow connections to local
LDAP servers.
* NSS IDMAP has two new methods: getsidbyusername and
getsidbygroupname.
==== syndication ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== syntax-highlighting ====
Version update (5.105.0 -> 5.106.0)
Subpackages: libKF5SyntaxHighlighting5 syntax-highlighting-imports
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- Changes since 5.105.0:
* Backport theme changes to kf5
* backport master hl file updates
* Add mimetype for markdown
==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-coredump systemd-doc udev
- Move more packaging fixups in the fixlet script.
- Provide (Lua-based) file triggers and adapt systemd.spec accordingly (boo#1133764)
More specifically, file triggers handle automatically installations or updates
of files for sysusers, tmpfiles, hwdb, journal catalog, udev rules, sysctl and
binfmt.
Therefore it makes a bunch of systemd rpm macros (such as %udev_hwdb_update,
%udev_rules_update, %journal_catalog_update, %tmpfiles_create,
%sysusers_create and so on) not needed anymore. However before considering
simplifying your spec files beware that these changes are not available in SLE
yet and will probably never reach the current releases (latest one being
SLE15-SP5 as of this writing).
Macros dealing with unit restart/enabling (such as %systemd_pre,
%service_add_pre, %service_del_postun, ...) are still needed though. However
reloading of systemd instances (and thus restarting of units) are delayed
until the very end of the package install/update transaction and is now done
only once.
Nevertheless to fully take advantage of file triggers, users have to activate
a specific zypper transaction backend which is still considered as
experimental, see bsc#1041742 for details.
- Provide a (slighlty) customized version of systemd-update-helper. Some of the
systemd rpm macros rely now on the helper and delegate their work to it. Hence
we don't need to rebuild all packages anymore when the content of the rpm
macros must be updated/fixed.
- Drop an old fix for the persistent net rules (only needed on SLE). Factory
(fortunately) dropped the persistent net rule generator long time ago.
==== systemd-rpm-macros ====
Version update (20 -> 22)
- Bump to version 22
- Make sure that (future) users of %sysctl_apply() and %binfmt_apply() will call
the macros with arguments.
- Test the presence of /run/systemd/system to check whether we're operating
during transactional updates. Hence the behavior is the same when operating in
a chroot or during transactional updates.
- Leave %sysctl_apply() and %binfmt_apply() empty (bsc#1211272)
Only the former has very few users currently and none of them has specific
code relying on the new sysctl values to be effective between the macros and
the file triggers.
- Bump to version 21
- Rely on 'systemd-update-helper' shell script to implement %service_* macros
The helper was introduced by upstream commit 6d825ab2d42d3219e49a1. The main
advantage is that we no more need to rebuild all packages to update the macro
definitions.
Internally the script relies on file triggers for 'daemon-reload' operations
and for restarting units (when needed).
- Update other macros to reflect the fact that systemd package provides file
triggers for sysusers, tmpfiles, hwdb, and journal catalog.
==== systemsettings5 ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- No code changes since 5.27.4
==== sysvinit ====
Version update (3.00 -> 3.07)
- Update to sysvinit 3.07
* Fixed killall5 so that processes in the omit list are
not sent any signals, including SIGSTOP.
* Fixed usage message for killall5 to be more accurate.
* pidof was not returning PIDs of programs which were launched
using a symbolic link. (ie /tmp/sleep when /tmp/sleep links to /usr/bin/sleep).
This is now fixed as we check both the realpath and symbolic path for processes.
In other words, "pidof /tmp/sleep" and "pidof /usr/bin/sleep" will return
the same PIDs when /tmp/sleep is a symbolic link to /usr/bin/sleep.
* Fixed memory initialization error in pidof. Fix provided by Markus Fischer.
* Accepted patch from Mark Hindley which avoids clearing realpath information
in pidof when trying to find matching executables.
* Mark Hindley fixed typo in es.po
* Mark Hindley cleaned up translation code in src/Makefile.
* Drop sulogin from Debian build. Removed libcrypt-dev dependency.
* Fixed pt translation pages which were failing due to mis-matched
open/close tags.
* Makefile now respects ROOT prefix when setting up pidof-to-killall5
symbolic link.
* Removed redundant translation files from man directory.
* Makefile now respects DESTDIR. User can specify either ROOT= or DESTDIR=
to set install prefix.
* Helge Kreutzmann provided updated Makefile for
translation of manual pages. This has been added
to the man directory.
* Added sys/sysmacros.h include in mountpoint.c to fix
compiler errors on systems where major/minor macros were not defined.
* Applied patches from Mark Hindley to clean up man page
Makefile, translations and installs of new man pages.
* Remove reliance on linux/fs.h as it conflicts with glibc 2.36.
Patch provided by lucascars.
* Mark Hindley supplied patch to make bootlogd compile
on GNU Hurd systems. Was missing major/minor macro.
* Fixed formatting in init.8 man page.
Patch provided by Mark Hindley.
* Added q and Q flags to synopsis in shutdown manual page.
* Applied fixes for markup and spacing in manual pages.
Patch provided by Mario Blattermann.
* Added translation framework (po4a) from Mario Blttermann.
* Added Makefile for man/ directory. Will handle translations
and substitutions.
* Applied new translations for multiple languages from Mario Blattermann.
* Added ability to use "@" symbol in command named in the inittab file. This
treats commands as literal and does not launch a shell to interpret them.
* Updated inittab manual page to include overview of symbols which trigger
a shell interpretor and how to disable them using the @ symbol.
* Introduced change which adds error checking in bootlogd when performing
chdir(). - Provided by Alexander Vickberg
* Add check for console using TIOCGDEV on Linux systems in bootlogd to
make finding console more robust. - Provided by Alexander Vickberg
* Default to showing processes in the uninterruptable state (D).
The -z flag no longer affects whether processes in D state are shown.
The -z flag does still toggle whether zombie (Z) processes are shown.
* Removed unnecessary check which is always true from init tab parsing.
- Port patches
* sysvinit-2.88dsf-suse.patch
* sysvinit-2.90-no-kill.patch
* sysvinit-2.90.dif
- Add keyring as well as signature for source tar ball of sysvinit
==== texlive ====
- Move the provides of pdfjam to its usecase (boo#1211877)
- Add patch source-luatex.dif
* Update to luatex 1.17.0 with the fixes for CVE-2023-32668 and
CVE-2023-32700 (bsc#1211389) VUL-0: TeXLive: Arbitrary code
execution in LuaTeX
==== threadweaver ====
Version update (5.105.0 -> 5.106.0)
- Update to 5.106.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.106.0
- No code change since 5.105.0
==== tnftp ====
Version update (20210827 -> 20230507)
- Update to version 20230507
* Add timeout for SSL connection setup, defaulting to 60
seconds.
* Consistently use poll(2) instead of select(2).
* Check EAGAIN as well as EINTR.
* Simplify includes.
- Update to version 20230409
* Add option sslnoverify to control validation of SSL
certificates.
* Add netrc processing to fetch-mode (URL on command line)
to enable options and autologin via netrc.
* Fix SSL cleanup in some error paths.
* Support SSL certificate validation by default.
FTPSSLNOVERIFY=1 in the environment to disable validation.
* Handle relative URLs.
* Improve ftp(1) markup.
* Fix -? in a more portable manner.
==== tpm2.0-abrmd ====
Subpackages: libtss2-tcti-tabrmd0 tpm2.0-abrmd-selinux
- Cover ALP via the %{suse_version} macro
==== tpm2.0-tools ====
- Disable tests. Some tests randomly fails, maybe dependening on the
OBS worker assigned during the build (not confirmed)
==== tracker ====
Version update (3.5.1 -> 3.5.3)
Subpackages: libtracker-sparql-3_0-0 tracker-data-files
- Update to version 3.5.3:
+ Build fixes around strftime() bug workarounds on some
architectures/platforms.
+ Improved compatibility of JSON cursor readers.
+ Leaks plugged.
- Drop 63ea8f1a.patch: Fixed upstream.
- Drop %systemd_user_postun_with_restart macro from the %postun
directive. It's been deprecated and emptied (expands to nil) on
both Tumbleweed and Leap already.
- Comment unneded "/usr/bin/env python3" shebang line on utils/
trackertestutils/__main__.py Python script.
- Change tracker-data-files package's architecture to noarch, as it
doesn't contain any binaries.
- Update to version 3.5.2:
+ Fix several possible crashers.
+ Fix bashisms in doc generation scripts.
+ Fix ISO8601 date strings in cursors on Darwin.
+ Plug leak.
- Add 63ea8f1a.patch: Revert build: Detect appropriate strftime()
year modifier at build time. Revert upstream commit for now as it
breaks build for i586.
==== tracker-miners ====
Version update (3.5.1 -> 3.5.2)
Subpackages: tracker-miner-files
- Update to version 3.5.2:
+ Fix a number of potential crashers.
+ Fix possibly stuck extractor process.
+ Restore performance lost in 3.5.1 of extractor query to get
unextracted items.
+ Plug memory leak.
==== transactional-update ====
Version update (4.1.5 -> 4.2.1)
Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit
- Version 4.2.1
- Implement "apply" command to switch into new snapshot directly
[jsc#PED-3912]
- Use new snapper functionality to set default snapshot - this
makes it possible to execute hooks as requested in
[poo#127160], [gh#openSUSE/transactional-update#85] and
[gh#openSUSE/transactional-update#105].
- Don't hardcode GRUB2 [gh#openSUSE/transactional-update#100] /
[poo#127154]
- Fix cleanup handler
- Fix unmounting temporary mounts
- Prevent loosing track of snapshots in certain rollback
scenarios - these would not be marked for deletion otherwise
- Document "notify" reboot method
- Minimal required snapper version is 0.8.10 now, for the new
snapper functionality there is a backwards compatibility layer.
- Conflict with health-checker < 1.8 - the "good" snapshot
detection of GRUB cannot rely on transactional-update any more
due to the new apply command
- Depend on usrmerge for apply command
==== update-alternatives ====
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
==== util-linux ====
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1
- Suppress error messages for grep command where the input file
might not exist (boo#1169835)
- Call fdupes without -s to avoid broken symlinks, pointing to
different subpackage. boo#1209990
- Add upstream patch fix-lib-internal-cache-size.patch
bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9
==== util-linux-systemd ====
- Suppress error messages for grep command where the input file
might not exist (boo#1169835)
- Call fdupes without -s to avoid broken symlinks, pointing to
different subpackage. boo#1209990
- Add upstream patch fix-lib-internal-cache-size.patch
bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9
==== vim ====
Version update (9.0.1504 -> 9.0.1572)
Subpackages: vim-data vim-data-common vim-small xxd
- Updated to version 9.0.1572, fixes the following problems
* Typst filetype is not recognized.
* reverse() on string doesn't work in compiled function.
* CI: sound dummy is disabled.
* Line not fully displayed if it doesn't fit in the screen.
* Display errors when making topline shorter and 'smoothscroll'
is set.
* Recent glibc marks sigset() as a deprecated.
* Text not scrolled when cursor moved with "g0" and "h".
* Some commands for opening a file don't use 'switchbuf'.
* Coveralls workflow on CI is commented out.
* CI: check in sound-dummy module may throw an error.
* USD filetype is not recognized.
* In cmdline window S-Tab does not select previous completion.
* Position of marker for 'smoothscroll' not computed correctly.
* CI: sound-dummy module is not installed.
* CI: using slightly outdated gcc version.
* Code for handling 'switchbuf' is repeated.
* setcharsearch() does not clear last searched char properly.
* Vim9: error for missing "return" after "throw".
* Test failures for unreachable code.
* Wrong error for unreachable code after :throw.
* Function argument types not always checked and using v:none may
cause an error.
* Win32: When 'encoding' is set $PATH has duplicate entries.
* Mixing package managers is not a good idea.
* GTK3: window manager resize hints are incomplete.
* Display moves up and down with 'incsearch' and 'smoothscroll'.
* Json lines files are not recognized.
* Motif: GUI scrollbar test fails in 24 lines terminal.
* Profiler calculation may be wrong on 32 bit builds.
* With 'smoothscroll' cursor may move below botline.
* Cannot use "this.member" in lambda in class method.
* Some tests are slow.
* RedrawingDisabled not used consistently.
* Error messages are not translated.
- Updated to version 9.0.1538, fixes the following problems
- fixes boo#1211256 CVE-2023-2609
* No error when calling remote_startserver() with an empty string.
* Error when heredoc content looks like heredoc.
* Line number not displayed when using 'smoothscroll'.
* Assert message is confusing with boolean result. assert_inrange()
replaces message instead of adding it.
* Catch does not work when lines are joined with a newline.
* Error message lacks mentioning the erroneous argument.
* Misleading variable name for error message.
* Crash when using wrong arg types to assert_match().
* Inserting lines when scrolling with 'smoothscroll' set.
* Text scrolls unnecessarily when splitting and 'splitkeep' is not "cursor".
* Test waits unnecessarily long before checking screendump.
* reverse() does not work for a String.
* Cannot use special keys in <Cmd> mapping.
* Search stats not always visible when searching backwards.
* Global 'filetype' is set when it is detected from the file content.
* Completion for option name includes all bool options.
* Failing redo of command with control characters.
* Some functions give two error messages.
* Some error messages are not marked for translation.
* Passing -1 for bool is not always rejected.
* 'smoothscroll' does not always work properly.
* Condition is always true.
* Crash when using negative value for term_cols.
* Libsodium encryption is only used with "huge" features, even when manually
enabled through configure. (Tony Mechelynck)
* Code style test doesn't check for space after "if".
* Cursor moves to wrong line when 'foldmethod' is "diff". (Rick Howe)
* Crash when register contents ends up being invalid.
* Crash when expanding "~" in substitute causes very long text.
* Test for 'smoothscroll' is ineffective.
* Test for expanding "~" in substitute takes too long.
* Test commented out in a wrong way.
* CI: sound dummy stopped working.
* Message for opening the cmdline window is not translated.
* :wqall does not trigger ExitPre. (Bart Libert)
==== vte ====
- Add 24547fb3.patch: widget: Don't consume right clicks on gtk4.
==== vulkan-loader ====
Version update (1.3.247 -> 1.3.250.0)
- Update to release SDK-1.3.250.0
* No changes over 1.3.247 [SDK-250 is a branch of regular-243
with some cherry-picks bringing it to roughly regular-247;
there is little relation to regular-250]
==== vulkan-tools ====
Version update (1.3.247 -> 1.3.250.0)
- Update to release SDK-1.3.250.0
* vulkaninfo: Issue flush before exiting
==== webkit2gtk3 ====
Version update (2.40.1 -> 2.40.2)
Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles
- Update to version 2.40.2 (boo#1211846):
+ Fix scrollbar jumping to top when drag released outside window
in GTK4.
+ Fix video rendering when GL is disabled.
+ Fix flickering on looped videos when starting again.
+ Fix CPU usage on autoplaying videos.
+ Choose amount of painting threads depending on available CPU
cores on GTK4.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2023-28204 CVE-2023-32373 (boo#1211658
boo#1211659).
- Drop gcc13-fix.patch: fixed upstream.
==== webkit2gtk4 ====
Version update (2.40.1 -> 2.40.2)
Subpackages: libjavascriptcoregtk6_0-1 libwebkitgtk6_0-4 webkitgtk-6_0-injected-bundles
- Update to version 2.40.2 (boo#1211846):
+ Fix scrollbar jumping to top when drag released outside window
in GTK4.
+ Fix video rendering when GL is disabled.
+ Fix flickering on looped videos when starting again.
+ Fix CPU usage on autoplaying videos.
+ Choose amount of painting threads depending on available CPU
cores on GTK4.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2023-28204 CVE-2023-32373 (boo#1211658
boo#1211659).
- Drop gcc13-fix.patch: fixed upstream.
==== wget ====
Version update (1.21.3 -> 1.21.4)
- GNU wget 1.21.4:
* Document --retry-on-host-error in help text
* Increase read buffer size to 64k.
This should speed up downloads on gigabit and faster connections
* Update deprecated option '--html-extension' to
'--adjust-extension' in documentation
==== wireless-regdb ====
Version update (20230213 -> 20230503)
- Update to version 20230503:
* wireless-regdb: update regulatory database based on preceding changes
* wireless-regdb: Update regulatory rules for Hong Kong (HK)
* wireless-regdb: update regulatory rules for India (IN)
* wireless-regdb: Update regulatory rules for Russia (RU). Remove DFS requirement.
* Update regulatory info for Russia (RU) on 6GHz
==== wireplumber ====
Subpackages: libwireplumber-0_4-0 wireplumber-audio
- Require wireplumber-audio if pipewire-jack is installed.
- Recommend pipewire-jack in wireplumber-audio.
==== wpa_supplicant ====
- Change ctrl_interface from /var/run to %_rundir (/run)
==== xdg-desktop-portal-kde ====
Version update (5.27.4 -> 5.27.5)
- Update to 5.27.5
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.27.5
- Changes since 5.27.4:
* [notifications] Set proper value for x-kde-xdgTokenAppId
* screenshot: fix flameshot #3164 by using native resolution
* screencast: Don't try to screencast nullptr
==== xdm ====
- since xrdb no longer requires cpp, it needs to be reqired here now
==== xfsprogs ====
Version update (6.2.0 -> 6.3.0)
- update to 6.3.0:
- xfs_repair: Don't leak buffer when discarding directories
- xfs_repair: estimate per-AG btree slack better
- xfs_db: fix broken logic in error path
- xfsprogs: nrext64 option is now in [inode] section of mkfs conf files
==== xrdb ====
- Downgrade cpp requires to recommends (bsc#1211267)
==== xterm ====
Version update (379 -> 380)
Subpackages: xterm-bin xterm-resize
- update to 380:
* reduce compiler warnings in configure script.
* simplify the change for sixelScrolling
* add xterm+focus and report+da2, update report+version building
blocks in terminfo, from post-ncurses 6.4
* drop the -title option from uxterm and koi8rxterm, because that
interferes with deriving the default title from the -e option
(Debian #1031837). Compensate for this by using the -class option
to derive a default title.
* improve description of readline 2003 mode in ctlseqs.ms
* other improvements to status-line feature (report by Thomas Wolff):
+ clear status line on DECCOLM
+ ignore DECSASD if no previous DECSSDT
+ allow DECSSDT 1 immediately after DECSSDT 2, i.e., without
switching back to host mode.
* adjust RequestResize to avoid shrinking screen when using DECCOLM
while the status-line is active (report/patch by Thomas Wolff).
* disallow wrapping before the beginning of the screen, to the end of
the screen, for cursor-back sequences (Redhat #2182357).
* modify makefile to install the 16x16 xpm files (report by Harald
Dunkel).
* update test-package to reflect resolution of Debian #906901.
* change default of showMissingGlyphs to True.
* improve handling of double-sized characters when those happen to be
missing from the bitmap font and/or are fullwidth.
* pointer/overflow fixes (reported by David Leadbeater):
+ improve limit-checks for control-sequence numeric parameters
in SIXEL graphics.
+ add null-pointer checks in WriteNow macro to handle a case
where SS2 or SS3 might be in effect while processing a
combining character.
+ disallow ReGIS reporting for character-set names containing
characters other than alphanumerics or underscore.
+ implement TrueType fallback font for double-sized characters,
including Unicode fullwidth. Also add limitFontHeight to
provide for configuring the distinction between
slightly-oversized glyphs and double-sized glyphs.
* configure script improvements:
+ check for nfsd_t
* fix a typo in the underline cursor thickness derivation
==== yaml-cpp ====
- Drop patches fix-cmake-export.patch untabify-cmakelists.patch
replacing them with pull-request 1077.patch which was
merged (bsc#1191137).
==== yast2-control-center ====
Version update (4.6.0 -> 4.6.1)
Subpackages: yast2-control-center-qt
- Require xdg-utils since it's no longer required by desktop-data-openSUSE
and yast-control-center-qt needs it to start modules with 'xdg-su'.
(bsc#1211869)
- 4.6.1
==== yast2-installation ====
Version update (4.6.2 -> 4.6.3)
- Use a larger font for xterm during installation via X resources
(bsc#1211267)
Details: https://github.com/yast/yast-installation/pull/1085
4.6.3
==== yast2-network ====
Version update (4.6.2 -> 4.6.3)
- Do not write the EAP auth attribute when writing a wireless
wicked configuration using the EAP mode as TLS (bsc#1211026)
- 4.6.3
==== yast2-pkg-bindings ====
Version update (4.6.1 -> 4.6.2)
- Dropped the *-devel-doc subpackage (related to bsc#1211319)
- 4.6.2
==== yast2-services-manager ====
Version update (4.6.0 -> 4.6.1)
- Improved help text for services table (bsc#1211320)
- 4.6.1
==== yast2-storage-ng ====
Version update (4.6.5 -> 4.6.10)
- Add bus_id for DASD (gh#yast/yast-storage-ng#1339,
gh#openSUSE/agama#578).
- 4.6.10
- GuidedProposal: allow Agama to configure exactly what to do with
every existing partition (gh#yast/yast-storage-ng#1337).
- 4.6.9
- Allow to pass commit callbacks to inst_prepdisk client.
- Needed for Agama (gh#openSUSE/agama#558).
- 4.6.8
- GuidedProposal adapted to support assigning volumes to specific
devices when volumes_allocate_mode is :auto (useful for Agama).
- Guided Setup: display a hint for disks with sensible data
transports like FCoE or NVMe/oF (bsc#1209588).
- 4.6.7
- AutoYaST: correctly import legacy values for parity_algorithm.
- Partitioner: when creating an MD RAID, do not ask for the chunk
side when it makes no sense. Eg. RAID1 (bsc#1205172).
- 4.6.6
==== yast2-vm ====
Version update (4.6.0 -> 4.6.1)
- The libvirtd daemon is deprecated and is going away.
The replacements are virtqemud for KVM/qemu and virtxend for Xen.
(bsc#1210572)
- 4.6.1
==== zisofs-tools ====
- Fix url and download to up to date location.
- Add autoconf as BuildRequires.
==== zstd ====
Subpackages: libzstd1
- Revert the addition of build specific cmake files: breaks
gdal, apache-arrow and possibly others -- boo#1211566
* note that shipping cmake files is not intentional or supported
upstream at the moment: gh#facebook/zstd#3642
- Add cmake files manually because we do not want to add
cmake to the bootstrap ring0
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
ImageMagick (7.1.1.10 -> 7.1.1.11)
MozillaFirefox-branding-openSUSE
apparmor (3.1.3 -> 3.1.4)
checkmedia (6.1 -> 6.2)
cups
curl (8.1.1 -> 8.1.2)
dav1d (1.2.0 -> 1.2.1)
glslang (12.1.0 -> 12.2.0)
gnutls
imlib2 (1.11.0 -> 1.11.1)
installation-images-MicroOS (17.86 -> 17.87)
javapackages-tools
kio-extras5
kyotocabinet
libX11 (1.8.4 -> 1.8.5)
libapparmor (3.1.3 -> 3.1.4)
libdnf (0.70.0 -> 0.70.1)
libmfx (22.6.5 -> 23.2.2)
libproxy
libproxy-plugins
libreoffice (7.5.3.2 -> 7.5.4.1)
librsvg (2.56.0 -> 2.56.1)
libstorage-ng (4.5.112 -> 4.5.115)
libxcrypt (4.4.33 -> 4.4.34)
libyui (4.5.2 -> 4.6.0)
libyui-ncurses (4.5.2 -> 4.6.0)
libyui-ncurses-pkg (4.5.2 -> 4.6.0)
libyui-qt (4.5.2 -> 4.6.0)
libyui-qt-graph (4.5.2 -> 4.6.0)
libyui-qt-pkg (4.5.2 -> 4.6.0)
lua54 (5.4.4 -> 5.4.6)
man-pages (6.02 -> 6.04)
manpages-l10n (4.18.1 -> 4.19.0)
mariadb-connector-c (3.3.4 -> 3.3.5)
mozilla-nss
ncurses (6.4.20230506 -> 6.4.20230520)
openssl-3 (3.0.8 -> 3.1.1)
openssl (3.0.8 -> 3.1.1)
perl-Bootloader (1.1 -> 1.2)
perl-IO-Socket-SSL (2.081 -> 2.083)
perl-libwww-perl (6.68 -> 6.70)
podman (4.5.0 -> 4.5.1)
python-gevent
python-pycryptodome (3.17.0 -> 3.18.0)
python-rich (13.3.5 -> 13.4.1)
python-rpm
python-tornado6 (6.2 -> 6.3.2)
python-zope.event
qemu (8.0.0 -> 8.0.2)
rpm
shaderc (2023.2 -> 2023.4)
texlive
tracker (3.5.2 -> 3.5.3)
vulkan-loader (1.3.247 -> 1.3.250.0)
vulkan-tools (1.3.247 -> 1.3.250.0)
webkit2gtk3 (2.40.1 -> 2.40.2)
webkit2gtk4 (2.40.1 -> 2.40.2)
yast2-control-center (4.6.0 -> 4.6.1)
=== Details ===
==== ImageMagick ====
Version update (7.1.1.10 -> 7.1.1.11)
Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10
- version update to 7.1.1.11
* upstream changelog:
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-11---2023…
==== MozillaFirefox-branding-openSUSE ====
- add sle_version 150500 check
- add some useful links about openSUSE in the about:newtab page
- add sle_version 150300 and 150400 check
==== apparmor ====
Version update (3.1.3 -> 3.1.4)
Subpackages: apparmor-abstractions apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor
- update to AppArmor 3.1.4
- parser: fix mount rules encoding (CVE-2016-1585)
- aa-logprof: fix error when choosing named exec with plain profile names
- aa-status: fix json output
- several fixes for profiles and abstractions
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4
for the full upstream changelog
==== checkmedia ====
Version update (6.1 -> 6.2)
Subpackages: libmediacheck6
- merge gh#openSUSE/checkmedia#17
- do not select EFI System Partition for digest calculation
(bsc#1211953)
- use default for SKIPSECTORS only for RH media
- add man pages for checkmedia and tagmedia
- add spec file for OBS
- 6.2
==== cups ====
Subpackages: cups-client cups-config libcups2 libcupsimage2
- cups-2.4.2-CVE-2023-32324.patch fixes CVE-2023-32324
"Heap buffer overflow in cupsd"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
bsc#1211643
==== curl ====
Version update (8.1.1 -> 8.1.2)
Subpackages: libcurl4
- Update to 8.1.2:
* Bugfixes:
- configure: quote the assignments for run-compiler
- configure: without pkg-config and no custom path, use -lnghttp2
- curl: cache the --trace-time value for a second
- http2: fix EOF handling on uploads with auth negotiation
- http3: send EOF indicator early as possible
- lib1560: verify more scheme guessing
- lib: remove unused functions, make single-use static
- libcurl.m4: remove trailing 'dnl' that causes this to break autoconf
- libssh: when keyboard-interactive auth fails, try password
- misc: fix spelling mistakes
- page-header: mention curl version and how to figure out current release
- page-header: minor wording polish in the URL segment
- scripts/singleuse.pl: add more API calls
- urlapi: remove superfluous host name check
==== dav1d ====
Version update (1.2.0 -> 1.2.1)
- Update to version 1.2.1
* Fix a threading race on task_thread.init_done
* NEON z2 8bpc and high bit-depth optimizations
* SSSE3 z2 high bit-depth optimziations
* Fix a desynced luma/chroma planes issue with Film Grain
* Reduce memory consumption
* Improve dav1d_parse_sequence_header() speed
* OBU: Improve header parsing and fix potential overflows
* OBU: Improve ITU-T T.35 parsing speed
* Misc buildsystems, CI and headers fixes
- Add to description some performance mentions that set it apart
from other packages e.g. gav1.
==== glslang ====
Version update (12.1.0 -> 12.2.0)
- Update to release 12.2.0
* Support GLSL_EXT_shader_tile_image,
GL_EXT_ray_tracing_position_fetch, and custom include callbacks
via the C API
* Add preamble-text command-line option
* Accept variables as parameters of spirv_decorate_id
==== gnutls ====
- FIPS: Fix baselibs.conf to mention libgnutls30-hmac [bsc#1211476]
Extend also the checks in gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
==== imlib2 ====
Version update (1.11.0 -> 1.11.1)
Subpackages: imlib2-loaders libImlib2-1
- update to 1.11.1:
* imlib2: added loader for y4m files (uses liby4m and
libyuv)
* imlib2: add y4m test examples
* Y4M loader: Various minor changes
* autofoo: Tweak PACKAGE_DATA_DIR definition
* XPM loader: Add rgb.txt
* loaders: Fix loaders potentially being loaded more than
once
* loaders: Change method used to not unload loaders
* Add JXL saver
* loaders: Cosmetics
==== installation-images-MicroOS ====
Version update (17.86 -> 17.87)
- merge gh#openSUSE/installation-images#646
- etc: update module.config to match 6.4
- 17.87
==== javapackages-tools ====
Subpackages: javapackages-filesystem
- Enable the tests also for older distributions
- Require python3-xml (python-xml for distributions that use
versioned modules), since module xml needed by some scripts.
==== kio-extras5 ====
Subpackages: kio-extras5-lang libkioarchive5
- Add some missing BuildRequires (boo#1211933)
==== kyotocabinet ====
- Update url to new website.
==== libX11 ====
Version update (1.8.4 -> 1.8.5)
Subpackages: libX11-6 libX11-data libX11-xcb1
- Update to version 1.8.5
* gitlab CI: Add libtool to required packages
* configure: raise minimum autoconf requirement to 2.70
* configure: replace deprecated AC_HELP_STRING with AS_HELP_STRING
* configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
* gitlab CI: add workflow rules
* nls: delete compose sequences that pointlessly mix upper and lower case
* nls: remove four hundred and sixty untypable Greek compose sequences
* nls: remove twenty two untypable Greek compose sequences
* XSetScreenSaver.man: restore the part that was accidentally snipped
* nls: make the Amharic compose sequences use the dead-vowel symbols
* nls: sort three sequences alphabetically in their group, like all others
* nls: delete six compose sequences that cannot be typed
* nls: use a slash instead of a combining solidus in compose sequences
* NLS: move long S compositions to respective blocks
* NLS: implement the expansion of the six Breton N-graph keysyms
* NLS: move dead-caron subscript compositions to the relevant Unicode block
* NLS: Remove strange dead_cedilla cedi sign sequences
* nls: add compose sequence for capital schwa, and delete a deviant one
- Users of the Amharic (am_ET.UTF-8) compose key sequences provided by libX11
will also want to upgrade to xkeyboard-config 2.39 (releasing soon), in order
to keep those sequeunces working with this release.
==== libapparmor ====
Version update (3.1.3 -> 3.1.4)
- update to AppArmor 3.1.4
- parser: fix mount rules encoding (CVE-2016-1585)
- aa-logprof: fix error when choosing named exec with plain profile names
- aa-status: fix json output
- several fixes for profiles and abstractions
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4
for the full upstream changelog
==== libdnf ====
Version update (0.70.0 -> 0.70.1)
Subpackages: libdnf-repo-config-zypp libdnf2
- update to 0.70.1:
* Add repoid to solver errors for RPMs (RhBug:2179413)
* Avoid using obsolete RPM API and drop redundant calls
* Remove DNF from list of protected packages
- avoid bashism
==== libmfx ====
Version update (22.6.5 -> 23.2.2)
- update to 23.2.2:
* [Encode] Fix JPEG payload insertion on Linux
* Update checking of bitsream left size (#3033)
* [Decode] Fix memory out-of-bounds issue for VP9
* [Decode] Fix memory out-of-bounds issue for VP8
* [Decode]Remove AVC level 6.0 check
* [Decode]Fix hevc decode issue
* hevce: use Low Power mode for RGB encoding by default
==== libproxy ====
- Only build mono support on openSUSE, not SLE nor SUSE ALP.
==== libproxy-plugins ====
Subpackages: libproxy1-config-gnome3 libproxy1-config-kde libproxy1-networkmanager libproxy1-pacrunner-duktape
- Only build mono support on openSUSE, not SLE nor SUSE ALP.
==== libreoffice ====
Version update (7.5.3.2 -> 7.5.4.1)
Subpackages: libreoffice-base libreoffice-branding-upstream libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit
- Update to 7.5.4.1:
https://wiki.documentfoundation.org/Releases/7.5.4/RC1
- Update bundled dependencies:
* gpgme-1.16.0.tar.bz2 -> gpgme-1.18.0.tar.bz2
* curl-7.86.0.tar.xz -> curl-8.0.1.tar.xz
* icu4c-71_1-src.tgz -> icu4c-72_1-src.tgz
* icu4c-71_1-data.zip -> icu4c-72_1-data.zip
==== librsvg ====
Version update (2.56.0 -> 2.56.1)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0
- Update to version 2.56.1:
+ The minimum supported Rust version (MSRV) is 1.65.
Unfortunately the assert_cmd crate, used in the test suite,
bumped its MSRV and is forcing us to do the same.
+ Shrink the shared library by telling the linker to omit unused
code.
+ Updates to dependencies.
==== libstorage-ng ====
Version update (4.5.112 -> 4.5.115)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.115
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.114
- Translated using Weblate (Indonesian) (bsc#1149754)
- 4.5.113
==== libxcrypt ====
Version update (4.4.33 -> 4.4.34)
- Update to 4.4.34
* Optimize some cast operation for performance in
lib/alg-yescrypt-platform.c.
* Add SHA-2 Maj() optimization proposed by Wei Dai in lib/alg-sha512.c.
* Explicitly clean the stack and context state after computation in
lib/alg-gost3411-2012-hmac.c, lib/alg-hmac-sha1.c, and lib/alg-sha256.c
(issue #168).
==== libyui ====
Version update (4.5.2 -> 4.6.0)
- NCurses UI: Prevent buffer overflow when drawing very wide labels
(bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
CMake: use pkg-config to find and use ncurses libs
by Wang Zichong <wangzichong(a)deepin.org>
==== libyui-ncurses ====
Version update (4.5.2 -> 4.6.0)
- NCurses UI: Prevent buffer overflow when drawing very wide labels
(bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
CMake: use pkg-config to find and use ncurses libs
by Wang Zichong <wangzichong(a)deepin.org>
==== libyui-ncurses-pkg ====
Version update (4.5.2 -> 4.6.0)
- NCurses UI: Prevent buffer overflow when drawing very wide labels
(bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
CMake: use pkg-config to find and use ncurses libs
by Wang Zichong <wangzichong(a)deepin.org>
==== libyui-qt ====
Version update (4.5.2 -> 4.6.0)
- NCurses UI: Prevent buffer overflow when drawing very wide labels
(bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
CMake: use pkg-config to find and use ncurses libs
by Wang Zichong <wangzichong(a)deepin.org>
==== libyui-qt-graph ====
Version update (4.5.2 -> 4.6.0)
- NCurses UI: Prevent buffer overflow when drawing very wide labels
(bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
CMake: use pkg-config to find and use ncurses libs
by Wang Zichong <wangzichong(a)deepin.org>
==== libyui-qt-pkg ====
Version update (4.5.2 -> 4.6.0)
- NCurses UI: Prevent buffer overflow when drawing very wide labels
(bsc#1211354)
- 4.6.0
- Cherry-picked BLumia's patch from community PR #97:
CMake: use pkg-config to find and use ncurses libs
by Wang Zichong <wangzichong(a)deepin.org>
==== lua54 ====
Version update (5.4.4 -> 5.4.6)
- Library is always liblua5_4-5: due to SOVERSION leading digit
being 5
- Final release of 5.4.6. No change in the changelog.
- Experimenting with lua 5.4.6-rc1 (release 5.4.5 has been
effectively withdrawn).
- Update to 5.4.5:
- this is a bug-fix release.
- Lua 5.4.5 also contains several internal improvements and
includes a revised reference manual
- Remove upstreamed patches:
- luabugs1.patch
- luabugs10.patch
- luabugs11.patch
- luabugs2.patch
- luabugs3.patch
- luabugs4.patch
- luabugs5.patch
- luabugs6.patch
- luabugs7.patch
- luabugs8.patch
- luabugs9.patch
==== man-pages ====
Version update (6.02 -> 6.04)
- update to 6.04:
* Newly documented interfaces in existing pages
* proc.5
KPF_PGTABLE (Linux 4.18)
* landlock.7
LANDLOCK_ACCESS_FS_REFER (Linux 5.19)
* udp.7
UDP_GRO (Linux 5.0)
UDP_SEGMENT (Linux 4.18)
* Changes to individual pages
==== manpages-l10n ====
Version update (4.18.1 -> 4.19.0)
Subpackages: man-pages-cs man-pages-da man-pages-de man-pages-el man-pages-es man-pages-fr man-pages-hu man-pages-it man-pages-pl man-pages-pt_BR man-pages-ru
- Update to version 4.19.0: Updated and added many translations.
==== mariadb-connector-c ====
Version update (3.3.4 -> 3.3.5)
- update to 3.3.5:
* https://mariadb.com/kb/en/mariadb-connector-c-3-3-5-release-notes/
==== mozilla-nss ====
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs
- Move testsuite to %check-section and move env-variables to
files for easier chroot-debugging
==== ncurses ====
Version update (6.4.20230506 -> 6.4.20230520)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen
- Add ncurses patch 20230520
+ fixes for compiler warnings in MinGW environments.
- Add ncurses patch 20230514
+ modify test-package "ncurses6-doc" to use manpage-aliases, which in
turn required a change to the configure script to factor in the
extra-suffix option when deriving alias names.
+ add mode 1004 to xterm+sm+1006 from xterm #380 -TD
- Port and correct offsets of patch ncurses-6.4.dif
==== openssl-3 ====
Version update (3.0.8 -> 3.1.1)
Subpackages: libopenssl3
- Update to 3.1.1:
* Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate
(CVE-2023-2650, bsc#1211430)
* Multiple algorithm implementation fixes for ARM BE platforms.
* Added a -pedantic option to fipsinstall that adjusts the various settings
to ensure strict FIPS compliance rather than backwards compatibility.
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can
trigger a crash of an application using AES-XTS decryption if the memory
just after the buffer being decrypted is not mapped. Thanks to Anton
Romanov (Amazon) for discovering the issue. (CVE-2023-1255, bsc#1210714)
* Add FIPS provider configuration option to disallow the use of truncated
digests with Hash and HMAC DRBGs (q.v. FIPS 140-3 IG D.R.). The
option '-no_drbg_truncated_digests' can optionally be supplied
to 'openssl fipsinstall'.
* Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that
it does not enable policy checking. Thanks to David Benjamin for
discovering this issue. (CVE-2023-0466, bsc#1209873)
* Fixed an issue where invalid certificate policies in leaf certificates are
silently ignored by OpenSSL and other certificate policy checks are
skipped for that certificate. A malicious CA could use this to
deliberately assert invalid certificate policies in order to circumvent
policy checking on the certificate altogether. (CVE-2023-0465, bsc#1209878)
* Limited the number of nodes created in a policy tree to mitigate against
CVE-2023-0464. The default limit is set to 1000 nodes, which should be
sufficient for most installations. If required, the limit can be adjusted
by setting the OPENSSL_POLICY_TREE_NODES_MAX build time define to a
desired maximum number of nodes or zero to allow unlimited growth.
(CVE-2023-0464, bsc#1209624)
* Update openssl.keyring with key
A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C (Tomas Mraz)
* Rebased patches:
- openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
- openssl-Add_support_for_Windows_CA_certificate_store.patch
* Removed patches:
- openssl-CVE-2023-0464.patch
- openssl-Fix-OBJ_nid2obj-regression.patch
- openssl-CVE-2023-0465.patch
- openssl-CVE-2023-0466.patch
- FIPS: Merge libopenssl3-hmac package into the library [bsc#1185116]
- Add support for Windows CA certificate store [bsc#1209430]
https://github.com/openssl/openssl/pull/18070
* Add openssl-Add_support_for_Windows_CA_certificate_store.patch
- Security Fix: [CVE-2023-0465, bsc#1209878]
* Invalid certificate policies in leaf certificates are silently ignored
* Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
* Certificate policy check not enabled
* Add openssl-CVE-2023-0466.patch
- Fix regression in the OBJ_nid2obj() function: [bsc#1209430]
* Upstream https://github.com/openssl/openssl/issues/20555
* Add openssl-Fix-OBJ_nid2obj-regression.patch
- Fix compiler error "initializer element is not constant" on s390
* Add openssl-z16-s390x.patch
- Security Fix: [CVE-2023-0464, bsc#1209624]
* Excessive Resource Usage Verifying X.509 Policy Constraints
* Add openssl-CVE-2023-0464.patch
- Pass over with spec-cleaner
- Update to 3.1.0:
* Add FIPS provider configuration option to enforce the Extended Master
Secret (EMS) check during the TLS1_PRF KDF. The option '-ems-check' can
optionally be supplied to 'openssl fipsinstall'.
* The FIPS provider includes a few non-approved algorithms for backward
compatibility purposes and the "fips=yes" property query must be used for
all algorithm fetches to ensure FIPS compliance. The algorithms that are
included but not approved are Triple DES ECB, Triple DES CBC and EdDSA.
* Added support for KMAC in KBKDF.
* RNDR and RNDRRS support in provider functions to provide random number
generation for Arm CPUs (aarch64).
* s_client and s_server apps now explicitly say when the TLS version does not
include the renegotiation mechanism. This avoids confusion between that
scenario versus when the TLS version includes secure renegotiation but the
peer lacks support for it.
* AES-GCM enabled with AVX512 vAES and vPCLMULQDQ.
* The various OBJ_* functions have been made thread safe.
* Parallel dual-prime 1536/2048-bit modular exponentiation for AVX512_IFMA
capable processors.
* The functions OPENSSL_LH_stats, OPENSSL_LH_node_stats,
OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio,
OPENSSL_LH_node_stats_bio and OPENSSL_LH_node_usage_stats_bio are now
marked deprecated from OpenSSL 3.1 onwards and can be disabled by defining
OPENSSL_NO_DEPRECATED_3_1. The macro DEFINE_LHASH_OF is now deprecated in
favour of the macro DEFINE_LHASH_OF_EX, which omits the corresponding
type-specific function definitions for these functions regardless of
whether OPENSSL_NO_DEPRECATED_3_1 is defined. Users of DEFINE_LHASH_OF may
start receiving deprecation warnings for these functions regardless of
whether they are using them. It is recommended that users transition to the
new macro, DEFINE_LHASH_OF_EX.
* When generating safe-prime DH parameters set the recommended private key
length equivalent to minimum key lengths as in RFC 7919.
* Change the default salt length for PKCS#1 RSASSA-PSS signatures to the
maximum size that is smaller or equal to the digest length to comply with
FIPS 186-4 section 5. This is implemented by a new option
OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX ("auto-digestmax") for the
rsa_pss_saltlen parameter, which is now the default. Signature verification
is not affected by this change and continues to work as before.
* Update openssl.keyring with key
8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 (Matt Caswell)
==== openssl ====
Version update (3.0.8 -> 3.1.1)
- Update to 3.1.1
- Update to 3.1.0
==== perl-Bootloader ====
Version update (1.1 -> 1.2)
- merge gh#openSUSE/perl-bootloader#148
- UEFI: update also default location, if it is controlled by SUSE
(bsc#1210799, bsc#1201399)
- 1.2
==== perl-IO-Socket-SSL ====
Version update (2.081 -> 2.083)
- updated to 2.083
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.083 2023/05/18
- fix t/protocol_version.t for OpenSSL versions which don't support SECLEVEL
(regression from #122)
2.082 2023/05/17
- SSL_version default now TLS 1.2+ since TLS 1.1 and lower deprecated #122
- fix output of alert string when debugging #132
- improve regex for hostname validation #130, #126
- add can_ciphersuites subroutine for feature checking #127
- Utils::CERT_create - die if unexpected arguments are given instead of ignoring
these
==== perl-libwww-perl ====
Version update (6.68 -> 6.70)
- updated to 6.70
see /usr/share/doc/packages/perl-libwww-perl/Changes
6.70 2023-04-30 13:22:56Z
- Add cookie_jar_class attribute to allow different cookie jar modules
to be used more easily (GH#91) (Tom Hukins, Julien Fiegehenn)
- POD now contains all default attributes (GH#428) (Julien Fiegehenn)
6.69 2023-04-29 13:14:31Z
- Timeouts for cached connections now update (GH#73) (Eric Johnson)
- The conn_cache() can now be unset (GH#424) (Julien Fiegehenn)
- LWP::Protocol now only attempts to load modules once (GH#62) (Burak Gursoy)
- Fix a bug in no_proxy that allowed partial matches to a proxy address
to disable a proxy (GH#421) (Julien Fiegehenn)
==== podman ====
Version update (4.5.0 -> 4.5.1)
Subpackages: podman-cni-config
- Update to version 4.5.1:
* Release v4.5.1
* [CI:DOCS] Final release notes for v4.5.1
* [CI:BUILD] Packit: set propose-downstream action type to pre-sync
* Revert "Resolve symlink path for qemu directory if possible"
* no need for podman-next rpm test on maint branch
* [CI:BUILD] Packit: add jobs for downstream Fedora package builds
* libpod: configureNetNS() tear down on errors
* libpod: rootlessNetNs.Cleanup() fix error message
* network create/update: allow dns servers comma separated
* machine: fix default connection URL to use 127.0.0.1
* compat: accept tag in /images/create?fromSrc
* compat container create: match duplicate mounts correctly
* machine: qemu only remove connection after confirmation
* windows: podman save allow the use of stdout
* remote: exec inspect update exec session status
* podman-remote logs: handle server error correctly
* libpod: stop containers with --restart=always
* Do not include image annotations when building spec
* [v4.5] system tests: fix race in kube-play read-only
* api: fix parsing filters
* Support systemd optional prefix '-' for devices.
* *: migrate image registry to registry.k8s.io
* Makefile: include `release-artifacts` target
* [CI:BUILD] Packit: Initial Enablement
* Bump to v4.5.1-dev
==== python-gevent ====
- handle-python-ssl-changes.patch: refresh to handle ssl.shared_ciphers()
behavior change in python 3.11 as well
==== python-pycryptodome ====
Version update (3.17.0 -> 3.18.0)
- update to 3.18.0:
* Added support for DER BOOLEAN encodings.
* The library now compiles on Windows ARM64. Thanks to Niyas
Sait.
* GH#722: ``nonce`` attribute was not correctly set for
XChaCha20_Poly1305 ciphers. Thanks to Liam Haber.
* GH#728: Workaround for a possible x86 emulator bug in Windows
for ARM64.
* GH#739: OID encoding for arc 2 didn't accept children larger
than 39. Thanks to James.
* Correctly check that the scalar matches the point when
importing an ECC private key.
==== python-rich ====
Version update (13.3.5 -> 13.4.1)
- update to 13.4.1:
* Fixed typing extensions import in markdown #2979
- update to 13.4.0:
* Added support for tables in Markdown #2977
==== python-rpm ====
- add _multibuild for multiple .spec-files
==== python-tornado6 ====
Version update (6.2 -> 6.3.2)
- New upstream release 6.3.2
- Security improvements
- Fixed an open redirect vulnerability in StaticFileHandler
under certain configurations.
- ``tornado.web``
- `.RequestHandler.set_cookie` once again accepts capitalized
keyword arguments for backwards compatibility. This is
deprecated and in Tornado 7.0 only lowercase arguments will
be accepted.
- What's new in Tornado 6.3.0
- The new `.Application` setting ``xsrf_cookie_name``
can now be used to take advantage of the ``__Host``
cookie prefix for improved security. To use it, add
``{"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs":
{"secure": True}}`` to your `.Application` settings. Note
that this feature currently only works when HTTPS is used.
- `.WSGIContainer` now supports running the application in
a ``ThreadPoolExecutor`` so the event loop is no longer
blocked.
- `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were
deprecated in Tornado 6.2, are no longer deprecated.
- WebSockets are now much faster at receiving large messages
split into many fragments.
- General changes
- Python 3.7 is no longer supported; the minimum supported .
Python version is 3.8 Python 3.12 is now supported .
- To avoid spurious deprecation warnings, users of Python
3.10 should upgrade to at least version 3.10.9, and users
of Python 3.11 should upgrade to at least version 3.11.1.
- Tornado submodules are now imported automatically on
demand. This means it is now possible to use a single
``import tornado`` statement and refer to objects in
submodules such as `tornado.web.RequestHandler`.
- Deprecation notices
- In Tornado 7.0, `tornado.testing.ExpectLog` will match
``WARNING`` and above regardless of the current logging
configuration, unless the ``level`` argument is used.
- `.RequestHandler.get_secure_cookie` is now a deprecated
alias for `.RequestHandler.get_signed_cookie`.
`.RequestHandler.set_secure_cookie` is now a deprecated
alias for `.RequestHandler.set_signed_cookie`.
- `.RequestHandler.clear_all_cookies` is
deprecated. No direct replacement is provided;
`.RequestHandler.clear_cookie` should be used on individual
cookies.
- Calling the `.IOLoop` constructor without a
``make_current`` argument, which was deprecated in Tornado
6.2, is no longer deprecated.
- `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were
deprecated in Tornado 6.2, are no longer deprecated.
- `.AsyncTestCase.get_new_ioloop` is deprecated.
- ``tornado.auth``
- New method `.GoogleOAuth2Mixin.get_google_oauth_settings`
can now be overridden to get credentials from a source
other than the `.Application` settings.
- ``tornado.gen``
- `contextvars` now work properly when a ``(a)gen.coroutine``
calls a native coroutine.
- ``tornado.options``
- `~.OptionParser.parse_config_file` now recognizes single
comma-separated strings (in addition to lists of strings)
for options with ``multiple=True``.
- ``tornado.web``
- New `.Application` setting ``xsrf_cookie_name`` can be used
to change the name of the XSRF cookie. This is most useful
to take advantage of the ``__Host-`` cookie prefix.
- `.RequestHandler.get_secure_cookie` and
`.RequestHandler.set_secure_cookie` (and related
methods and attributes) have been renamed
to `~.RequestHandler.get_signed_cookie` and
`~.RequestHandler.set_signed_cookie`. This makes it
more explicit what kind of security is provided, and
avoids confusion with the ``Secure`` cookie attribute
and ``__Secure-`` cookie prefix. The old names remain
supported as deprecated aliases.
- `.RequestHandler.clear_cookie` now accepts all keyword
arguments accepted by `~.RequestHandler.set_cookie`. In
some cases clearing a cookie requires certain arguments to
be passed the same way in which it was set.
- `.RequestHandler.clear_all_cookies` now accepts
additional keyword arguments for the same reason as
``clear_cookie``. However, since the requirements for
additional arguments mean that it cannot reliably clear all
cookies, this method is now deprecated.
- ``tornado.websocket``
- It is now much faster (no longer quadratic) to receive
large messages that have been split into many fragments.
- `.websocket_connect` now accepts a ``resolver`` parameter.
- ``tornado.wsgi``
- `.WSGIContainer` now accepts an ``executor`` parameter
which can be used to run the WSGI application on a thread
pool.
- What's new in Tornado 6.2.0
- Deprecation notice
- Python 3.10 has begun the process of significant changes
to the APIs for managing the event loop. Calls to
methods such as `asyncio.get_event_loop` may now raise
`DeprecationWarning` if no event loop is running. This
has significant impact on the patterns for initializing
... changelog too long, skipping 101 lines ...
- Remove upstreamed ignore-py310-deprecation-warnings.patch
==== python-zope.event ====
- Switch documentation to be within the main package.
==== qemu ====
Version update (8.0.0 -> 8.0.2)
- Update to version 8.0.2:
* Stability, security and bug fixes
- Patch added:
* [openSUSE][RPM] Update to version 8.0.2
==== rpm ====
Subpackages: librpmbuild9
- add _multibuild for multiple .spec-files
==== shaderc ====
Version update (2023.2 -> 2023.4)
- Update to release 2023.4
* Add option to preserve bindings
* Add options to control mesh shading limits
==== texlive ====
- Move the provides of pdfjam to its usecase (boo#1211877)
==== tracker ====
Version update (3.5.2 -> 3.5.3)
Subpackages: libtracker-sparql-3_0-0 tracker-data-files tracker-lang
- Update to version 3.5.3:
+ Build fixes around strftime() bug workarounds on some
architectures/platforms.
+ Improved compatibility of JSON cursor readers.
+ Leaks plugged.
- Drop 63ea8f1a.patch: Fixed upstream.
- Drop %systemd_user_postun_with_restart macro from the %postun
directive. It's been deprecated and emptied (expands to nil) on
both Tumbleweed and Leap already.
- Comment unneded "/usr/bin/env python3" shebang line on utils/
trackertestutils/__main__.py Python script.
- Change tracker-data-files package's architecture to noarch, as it
doesn't contain any binaries.
==== vulkan-loader ====
Version update (1.3.247 -> 1.3.250.0)
- Update to release SDK-1.3.250.0
* No changes over 1.3.247 [SDK-250 is a branch of regular-243
with some cherry-picks bringing it to roughly regular-247;
there is little relation to regular-250]
==== vulkan-tools ====
Version update (1.3.247 -> 1.3.250.0)
- Update to release SDK-1.3.250.0
* vulkaninfo: Issue flush before exiting
==== webkit2gtk3 ====
Version update (2.40.1 -> 2.40.2)
Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles
- Update to version 2.40.2 (boo#1211846):
+ Fix scrollbar jumping to top when drag released outside window
in GTK4.
+ Fix video rendering when GL is disabled.
+ Fix flickering on looped videos when starting again.
+ Fix CPU usage on autoplaying videos.
+ Choose amount of painting threads depending on available CPU
cores on GTK4.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2023-28204 CVE-2023-32373 (boo#1211658
boo#1211659).
- Drop gcc13-fix.patch: fixed upstream.
==== webkit2gtk4 ====
Version update (2.40.1 -> 2.40.2)
Subpackages: WebKitGTK-6.0-lang libjavascriptcoregtk6_0-1 libwebkitgtk6_0-4 webkitgtk-6_0-injected-bundles
- Update to version 2.40.2 (boo#1211846):
+ Fix scrollbar jumping to top when drag released outside window
in GTK4.
+ Fix video rendering when GL is disabled.
+ Fix flickering on looped videos when starting again.
+ Fix CPU usage on autoplaying videos.
+ Choose amount of painting threads depending on available CPU
cores on GTK4.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2023-28204 CVE-2023-32373 (boo#1211658
boo#1211659).
- Drop gcc13-fix.patch: fixed upstream.
==== yast2-control-center ====
Version update (4.6.0 -> 4.6.1)
Subpackages: yast2-control-center-qt
- Require xdg-utils since it's no longer required by desktop-data-openSUSE
and yast-control-center-qt needs it to start modules with 'xdg-su'.
(bsc#1211869)
- 4.6.1
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
glibc
=== Details ===
==== glibc ====
Subpackages: glibc-extra glibc-lang glibc-locale glibc-locale-base nscd
- ulp-prologue-into-asm-functions.patch: Add support for livepatches in
ASM written functions (bsc#1210777)
1
0