Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaFirefox (122.0.1 -> 123.0)
apparmor
c-ares (1.26.0 -> 1.27.0)
cdparanoia
chrony (4.4 -> 4.5)
cloud-init
containerd
cpio
cronie
cups
dhcp
distribution-logos-openSUSE
dmidecode
docbook-xsl
docbook_4
docker
dracut (059+suse.554.g6144bf71 -> 059+suse.557.g8a62bf73)
dump
fcoe-utils
file
fltk
fwupd (1.9.13 -> 1.9.14)
gdb
giflib (5.2.1 -> 5.2.2)
git (2.43.2 -> 2.44.0)
gnutls
gpsd
icewm
libapparmor
libgpg-error (1.47 -> 1.48)
libimobiledevice-glue (1.0.0+git3.20230513 -> 1.1.0+git0.20240222)
libksba (1.6.5 -> 1.6.6)
libstorage-ng (4.5.191 -> 4.5.193)
libunistring (1.1 -> 1.2)
mokutil
mozilla-nss
multipath-tools (0.9.8~1+82+suse.dcd98a3 -> 0.9.8+83+suse.bcae610)
ncurses (6.4.20240210 -> 6.4.20240224)
npth (1.6 -> 1.7)
open-vm-tools
openssh (9.3p2 -> 9.6p1)
openssh-askpass-gnome (9.3p2 -> 9.6p1)
openvpn
podman
python-PyYAML
setserial
sha1collisiondetection
slang
sof-firmware
sord
soundtouch
speex
susepaste
switcheroo-control
syslogd
system-config-printer
sysvinit
thin-provisioning-tools (1.0.11 -> 1.0.12)
tigervnc
upower (1.90.2 -> 1.90.2+15)
usbutils
vlc
xauth
xdm
xf86-input-evdev
xf86-input-wacom
xf86-video-vesa
xinit
xkeyboard-config
xmlsec1
xorg-x11-server
xrandr
zlib (1.3 -> 1.3.1)
=== Details ===
==== MozillaFirefox ====
Version update (122.0.1 -> 123.0)
- Mozilla Firefox 123.0
https://www.mozilla.org/en-US/firefox/123.0/releasenotes/
MFSA 2024-05 (bsc#1220048)
* CVE-2024-1546 (bmo#1843752)
Out-of-bounds memory read in networking channels
* CVE-2024-1547 (bmo#1877879)
Alert dialog could have been spoofed on another site
* CVE-2024-1554 (bmo#1816390)
fetch could be used to effect cache poisoning
* CVE-2024-1548 (bmo#1832627)
Fullscreen Notification could have been hidden by select element
* CVE-2024-1549 (bmo#1833814)
Custom cursor could obscure the permission dialog
* CVE-2024-1550 (bmo#1860065)
Mouse cursor re-positioned unexpectedly could have led to
unintended permission grants
* CVE-2024-1551 (bmo#1864385)
Multipart HTTP Responses would accept the Set-Cookie header
in response parts
* CVE-2024-1555 (bmo#1873223)
SameSite cookies were not properly respected when opening a
website from an external browser
* CVE-2024-1556 (bmo#1870414)
Invalid memory access in the built-in profiler
* CVE-2024-1552 (bmo#1874502)
Incorrect code generation on 32-bit ARM devices
* CVE-2024-1553 (bmo#1855686, bmo#1867982, bmo#1871498, bmo#1872296,
bmo#1873521, bmo#1873577, bmo#1873597, bmo#1873866, bmo#1874080,
bmo#1874740, bmo#1875795, bmo#1875906, bmo#1876425, bmo#1878211,
bmo#1878286)
Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8,
and Thunderbird 115.8
* CVE-2024-1557 (bmo#1746471, bmo#1848829, bmo#1864011, bmo#1869175,
bmo#1869455, bmo#1869938, bmo#1871606)
Memory safety bugs fixed in Firefox 123
- requires NSS 3.97
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- Fix systemd userdb access in unix-chkpwd
==== c-ares ====
Version update (1.26.0 -> 1.27.0)
- c-ares 1.27.0
Security:
* Moderate. CVE-2024-25629. Reading malformatted /etc/resolv.conf,
/etc/nsswitch.conf or the HOSTALIASES file could result in a crash.
GHSA-mg26-v6qh-x48q (CVE-2024-25629, bsc#1220279)
Features:
* New function ares_queue_active_queries() to retrieve number of in-flight
queries. PR #712
* New function ares_queue_wait_empty() to wait for the number of in-flight
queries to reach zero. PR #710
* New ARES_FLAG_NO_DEFLT_SVR for ares_init_options() to return a failure if
no DNS servers can be found rather than attempting to use 127.0.0.1. This
also introduces a new ares status code of ARES_ENOSERVER. PR #713
Changes:
* EDNS Packet size should be 1232 as per DNS Flag Day. PR #705
Bugfixes:
* Fix warning due to ignoring return code of write(). PR #709
* CMake: don't override target output locations if not top-level. Issue #708
* Fix building c-ares without thread support. PR #700
==== cdparanoia ====
Subpackages: libcdda_interface0 libcdda_paranoia0
- Use %patch -P N instead of deprecated %patchN.
==== chrony ====
Version update (4.4 -> 4.5)
Subpackages: chrony-pool-openSUSE
- Use %patch -P N instead of deprecated %patchN.
- Update to version 4.5:
* Add support for AES-GCM-SIV in GnuTLS
* Add support for corrections from PTP transparent clocks
* Add support for systemd socket activation
* Fix presend in interleaved mode
* Fix reloading of modified sources from sourcedir
==== cloud-init ====
- Prepare for RPM 4.20 switch patch syntax
==== containerd ====
- Use %patch -P N instead of deprecated %patchN.
==== cpio ====
Subpackages: cpio-mt
- Use %autopatch instead of deprecated %patchN.
==== cronie ====
Subpackages: cron
- Use %patch -P N instead of deprecated %patchN.
==== cups ====
Subpackages: cups-client cups-config libcups2 libcupsimage2
- Use %patch -P N instead of deprecated %patchN.
==== dhcp ====
Subpackages: dhcp-client
- Use %patch -P N instead of deprecated %patchN.
==== distribution-logos-openSUSE ====
Subpackages: distribution-logos-openSUSE-MicroOS distribution-logos-openSUSE-icons
- Add handling for Leap Micro 6.X and Leap 16.X
==== dmidecode ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
==== docbook-xsl ====
- Use %patch -P N instead of deprecated %patchN.
==== docbook_4 ====
- Use %patch -P N instead of deprecated %patchN.
==== docker ====
Subpackages: docker-bash-completion docker-rootless-extras
- Allow to disable apparmor support (ALP supports only SELinux)
==== dracut ====
Version update (059+suse.554.g6144bf71 -> 059+suse.557.g8a62bf73)
Subpackages: dracut-ima
- Update to version 059+suse.557.g8a62bf73:
* fix(zfcp_rules): correct shellcheck regression when parsing ccw args (bsc#1220485)
==== dump ====
- Use %patch -P N instead of deprecated %patchN.
==== fcoe-utils ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
==== file ====
Subpackages: file-magic libmagic1
- Prepare for RPM 4.20
==== fltk ====
- Use %patch -P N instead of deprecated %patchN.
==== fwupd ====
Version update (1.9.13 -> 1.9.14)
Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0
- Update to version 1.9.14:
* Correctly detect ARM32 and RISC-V UEFI binaries.
* Correctly migrate the database schema from very old fwupd versions.
* Fix DS-20 descriptors by opening the GUsbDevice earlier.
* Fix updating the fingerprint reader on the Framework 13 and 16 laptop.
* Fix warning when probing devices using the metadata allowlist.
* Only recover the version format for specific devices.
==== gdb ====
- Use %patch -P N instead of deprecated %patchN.
- Maintenance script qa.sh:
* Add PR31214 kfail.
* Add kfail for fails in gdb.reverse/solib-precsave.exp /
gdb.reverse/solib-reverse.exp fixed by commit fe6356def67
("PowerPC and aarch64: Fix reverse stepping failure").
* Extend PR31004 kfail.
- Don't require %{python}-base for gdb-testresults package.
- Fix debuginfod handling:
* Enable for sle_version >= 150400 (bsc#1185605, jsc#PED-1149,
jsc#PED-1138), SLE15-SP4 and later.
* Enable for suse_version >= 1600, ALP and Tumbleweed.
* Add back "BuildRequires: libdebuginfod1" to prevent selecting
dummy variant.
* Add "BuildRequires: debuginfod-client" to prevent unresolved
due to conflict with dummy variant.
* Add --with-debuginfod=yes to prevent silently dropping support.
- Patches added (backport from master):
* gdb-testsuite-add-missing-no-prompt-anchor-in-gdb.ba.patch
* gdb-testsuite-remove-spurious-in-save_vars.patch
==== giflib ====
Version update (5.2.1 -> 5.2.2)
- Update to version 5.2.2
* Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506
(bsc#1198880)
* Address SF issue #138 Documentation for obsolete utilities still
installed
* Address SF issue #139: Typo in "LZW image data" page
("110_2 = 4_10")
* Address SF issue #140: Typo in "LZW image data" page ("LWZ")
* Address SF issue #141: Typo in "Bits and bytes" page ("filed")
* Note as already fixed SF issue #143: cannot compile under mingw
* Address SF issue #144: giflib-5.2.1 cannot be build on windows
and other platforms using c89
* Address SF issue #145: Remove manual pages installation for
binaries that are not installed too
* Address SF issue #146: [PATCH] Limit installed man pages to
binaries, move giflib to section 7
* Address SF issue #147 [PATCH] Fixes to doc/whatsinagif/ content
* Address SF issue #148: heap Out of Bound Read in gif2rgb.c:298
DumpScreen2RGB
* Declared no-info on SF issue #150: There is a denial of service
vulnerability in GIFLIB 5.2.1
* Declared Won't-fix on SF issue 149: Out of source builds no
longer possible
* Address SF issue #151: A heap-buffer-overflow in gif2rgb.c:294:45
* Address SF issue #152: Fix some typos on the html documentation
and man pages
* Address SF issue #153: Fix segmentation faults due to non
correct checking for args
* Address SF issue #154: Recover the giffilter manual page
* Address SF issue #155: Add gifsponge docs
* Address SF issue #157: An OutofMemory-Exception or Memory Leak
in gif2rgb
* Address SF issue #158: There is a null pointer problem in
gif2rgb
* Address SF issue #159 A heap-buffer-overflow in GIFLIB5.2.1
DumpScreen2RGB() in gif2rgb.c:298:45
* Address SF issue #163: detected memory leaks in
openbsd_reallocarray giflib/openbsd-reallocarray.c
* Address SF issue #164: detected memory leaks in GifMakeMapObject
giflib/gifalloc.c
* Address SF issue #166: a read zero page leads segment fault in
getarg.c and memory leaks in gif2rgb.c and gifmalloc.c
* Address SF issue #167: Heap-Buffer Overflow during Image Saving
in DumpScreen2RGB Function at Line 321 of gif2rgb.c
- Added patch:
* giflib-5.2.2-no-imagemagick.patch
+ do not use ImageMagick to resize one gif file. It creates a
build cycle.
* 0001-Clean-up-memory-better-at-end-of-run-CVE-2021-40633.patch
+ upstream fix for CVE-2021-40633 (bsc#1200551)
- Modified patches:
* PIE.patch
* reproducible.patch
+ rediff to changed context
==== git ====
Version update (2.43.2 -> 2.44.0)
- update to 2.44.0:
* "git checkout -B <branch>" now longer allows switching to a
branch that is in use on another worktree. The users need to
use "--ignore-other-worktrees" option.
* Faster server-side rebases with git replay
* Faster pack generation with multi-pack reuse
* rebase auto-squashing now works in non-interactive mode
* pathspec now understands attr, e.g. ':(attr:~binary) for
selecting non-binaries, or builtin_objectmode for selecting
items by file mode or other properties
* Many other cli UI and internal improvements and extensions
==== gnutls ====
- Remove some if..endif that do not affect any result
- Split documentation (some 1100 files) to separate subpackage
==== gpsd ====
- Use %patch -P N instead of deprecated %patchN.
==== icewm ====
Subpackages: icewm-config-upstream icewm-default icewm-lang
- Use %patch -P N instead of deprecated %patchN.
==== libapparmor ====
- Fix systemd userdb access in unix-chkpwd
==== libgpg-error ====
Version update (1.47 -> 1.48)
- Update to 1.48:
* New configure option --with-libtool-modification. [T6619]
* New option parser flag to detect commands given without a double
dash. There is also the new meta command "command-mode" to set
this flag via a config file. [T6978]
* Added an es_fopen mode flag "sequential" with support on Windows.
[rE7a42ff0ec9]
* Added an es_fopen mode flag "wipe" to cleanup internal buffers at
close time. [T6954]
* New function gpgrt_wipememory. [T6964]
* Improvements to setenv on Windows. [rE89e53ad90f]
* Fixed call to estream-printf string filters. [T6737]
* Many improvements to the yat2m tool.
* Updates to the build system.
* Interface changes relative to the 1.47 release:
- ARGPARSE_FLAG_COMMAND NEW.
- gpgrt_wipememory NEW.
* Release-info: https://dev.gnupg.org/T6441
* Update upstream libgpg-error.keyring
==== libimobiledevice-glue ====
Version update (1.0.0+git3.20230513 -> 1.1.0+git0.20240222)
- Update to version 1.1.0+git0.20240222:
- Changes:
* socket: Use poll() - when available - instead of select()
* socket: Allow NULL as address for socket_create() and socket_connect()
* win32: Remove windows.h from public headers
* Add version function to interface
- Bugfixes:
* opack: Fixed 32bit buffer overflow
* opack: Fix parsing of 32 and 64 bit packed values
- Internal:
* Move LIMD_GLUE_API definitions to public headers
* socket: Conditionally compile using poll or select based on availability
* socket: Fix select failing when the process has many file descriptors by using poll instead
* win32: Fix external compilation using libimobiledevice-glue/thread.h
==== libksba ====
Version update (1.6.5 -> 1.6.6)
- Update to 1.6.6:
* Fix a possible wrong error return from the DER builder. [T6992]
* Release-info: https://dev.gnupg.org/T7009
* Update upstream libksba.keyring
==== libstorage-ng ====
Version update (4.5.191 -> 4.5.193)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- merge gh#openSUSE/libstorage-ng#988
- allow more control of environment in SystemCmd class
- 4.5.193
- merge gh#openSUSE/libstorage-ng#987
- fixed check in testsuite
- 4.5.192
==== libunistring ====
Version update (1.1 -> 1.2)
- update to 1.2:
* Support Unicode 15.1.0
* Improve UTF-8 decoder Unicode Standard compliance
* The *printf functions no longer support the %n directive, for
security reasons.
* Fixed a bug in the *printf functions: In the %U, %lU, %llU
directives, a negative width given as an argument did not
trigger left-justification.
* The functions u16_strstr and u32_strstr now operate in worst-case linear time.
* Useful API function extensions
==== mokutil ====
- Use %patch -P N instead of deprecated %patchN.
==== mozilla-nss ====
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs
- Use %patch -P N instead of deprecated %patchN.
==== multipath-tools ====
Version update (0.9.8~1+82+suse.dcd98a3 -> 0.9.8+83+suse.bcae610)
Subpackages: kpartx libmpath0
- Remove libmpathpersist-example-old.c, which has been obsolete
since multipath-tools 0.8.6.
- Update to version 0.9.8+83+suse.bcae610 (bsc#1220374)
* multipath-tools: added NEWS.md
==== ncurses ====
Version update (6.4.20240210 -> 6.4.20240224)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen
- Add ncurses patch 20240217
+ add vt100+noapp, vt100+noapp+pc, xterm+app+pc, xterm+decedit from
xterm #389 -TD
+ fix inconsistent description of wmouse_trafo() (Debian #1059778).
+ modify wenclose() to handle pads (Debian #1059783).
+ improve manpage discussion of mouseinterval() (Debian #1058560).
- Add ncurses patch 20240224
+ improve man/curs_mouse.3x style (Brandon Robinson, Sven Joachim).
+ provide for CCHARW_MAX greater than 1
+ eliminate use of PATH_MAX in lib_trace.c
+ work around misconfiguration of MacPorts gcc13, which exposes invalid
definition of MB_LEN_MAX in gcc's fallback copy of limits.h (MacPorts
[#69374]).
==== npth ====
Version update (1.6 -> 1.7)
- Update to 1.7:
* The npth-config command is not installed by default, because it is
now replaced by use of pkg-config/gpgrt-config with npth.pc.
Supply --enable-install-npth-config configure option, if needed.
* Support for legacy systems w/o pthread_rwlock_t support. [T4306]
* New functions npth_poll and npth_ppoll for Unix. [T5748]
* Fixes to improve support for 64 bit Windows.
* Fix declaration conflict using newer mingw versions. [T5889]
* Fix build problems on Solaris 11. [T4491]
* Fix detecting of the pthread library. [rPTH6629a4b801]
* Clean up handling of unsafe semaphores on AIX. [T6947]
* Link without -flat_namespace to support macOS 11. [T5610]
* Release-info: https://dev.gnupg.org/T7010
* Update spec file
* Update upstream npth.keyring
==== open-vm-tools ====
Subpackages: libvmtools0 open-vm-tools-desktop
- Use %patch -P N instead of deprecated %patchN.
==== openssh ====
Version update (9.3p2 -> 9.6p1)
Subpackages: openssh-clients openssh-common openssh-server
- Update to openssh 9.6p1:
= Security
* ssh(1), sshd(8): implement protocol extensions to thwart the
so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts. A peer SSH client/server
would not be able to detect that messages were deleted.
* ssh-agent(1): when adding PKCS#11-hosted private keys while
specifying destination constraints, if the PKCS#11 token returned
multiple keys then only the first key had the constraints applied.
Use of regular private keys, FIDO tokens and unconstrained keys
are unaffected.
* ssh(1): if an invalid user or hostname that contained shell
metacharacters was passed to ssh(1), and a ProxyCommand,
LocalCommand directive or "match exec" predicate referenced the
user or hostname via %u, %h or similar expansion token, then
an attacker who could supply arbitrary user/hostnames to ssh(1)
could potentially perform command injection depending on what
quoting was present in the user-supplied ssh_config(5) directive.
= Potentially incompatible changes
* ssh(1), sshd(8): the RFC4254 connection/channels protocol provides
a TCP-like window mechanism that limits the amount of data that
can be sent without acceptance from the peer. In cases where this
limit was exceeded by a non-conforming peer SSH implementation,
ssh(1)/sshd(8) previously discarded the extra data. From OpenSSH
9.6, ssh(1)/sshd(8) will now terminate the connection if a peer
exceeds the window limit by more than a small grace factor. This
change should have no effect of SSH implementations that follow
the specification.
= New features
* ssh(1): add a %j token that expands to the configured ProxyJump
hostname (or the empty string if this option is not being used)
that can be used in a number of ssh_config(5) keywords. bz3610
* ssh(1): add ChannelTimeout support to the client, mirroring the
same option in the server and allowing ssh(1) to terminate
quiescent channels.
* ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): add support for
reading ED25519 private keys in PEM PKCS8 format. Previously
only the OpenSSH private key format was supported.
* ssh(1), sshd(8): introduce a protocol extension to allow
renegotiation of acceptable signature algorithms for public key
authentication after the server has learned the username being
used for authentication. This allows varying sshd_config(5)
PubkeyAcceptedAlgorithms in a "Match user" block.
* ssh-add(1), ssh-agent(1): add an agent protocol extension to allow
specifying certificates when loading PKCS#11 keys. This allows the
use of certificates backed by PKCS#11 private keys in all OpenSSH
tools that support ssh-agent(1). Previously only ssh(1) supported
this use-case.
= Bugfixes
* ssh(1): when deciding whether to enable the keystroke timing
obfuscation, enable it only if a channel with a TTY is active.
* ssh(1): switch mainloop from poll(3) to ppoll(3) and mask signals
before checking flags set in signal handler. Avoids potential
race condition between signaling ssh to exit and polling. bz3531
* ssh(1): when connecting to a destination with both the
AddressFamily and CanonicalizeHostname directives in use,
the AddressFamily directive could be ignored. bz5326
* sftp(1): correct handling of the limits(a)openssh.com option when
the server returned an unexpected message.
* A number of fixes to the PuTTY and Dropbear regress/integration
tests.
* ssh(1): release GSS OIDs only at end of authentication, avoiding
unnecessary init/cleanup cycles. bz2982
* ssh_config(5): mention "none" is a valid argument to IdentityFile
in the manual. bz3080
* scp(1): improved debugging for paths from the server rejected for
not matching the client's glob(3) pattern in old SCP/RCP protocol
mode.
* ssh-agent(1): refuse signing operations on destination-constrained
keys if a previous session-bind operation has failed. This may
prevent a fail-open situation in future if a user uses a mismatched
ssh(1) client and ssh-agent(1) where the client supports a key type
that the agent does not support.
- Update to openssh 9.5p1:
= Potentially incompatible changes
* ssh-keygen(1): generate Ed25519 keys by default. Ed25519 public keys
are very convenient due to their small size. Ed25519 keys are
specified in RFC 8709 and OpenSSH has supported them since version 6.5
(January 2014).
* sshd(8): the Subsystem directive now accurately preserves quoting of
subsystem commands and arguments. This may change behaviour for exotic
configurations, but the most common subsystem configuration
(sftp-server) is unlikely to be affected.
= New features
* ssh(1): add keystroke timing obfuscation to the client. This attempts
to hide inter-keystroke timings by sending interactive traffic at
fixed intervals (default: every 20ms) when there is only a small
amount of data being sent. It also sends fake "chaff" keystrokes for
a random interval after the last real keystroke. These are
controlled by a new ssh_config ObscureKeystrokeTiming keyword.
* ssh(1), sshd(8): Introduce a transport-level ping facility. This adds
a pair of SSH transport protocol messages SSH2_MSG_PING/PONG to
implement a ping capability. These messages use numbers in the "local
extensions" number space and are advertised using a "ping(a)openssh.com"
ext-info message with a string version number of "0".
... changelog too long, skipping 104 lines ...
* openssh-8.0p1-gssapi-keyex.patch
==== openssh-askpass-gnome ====
Version update (9.3p2 -> 9.6p1)
- Update to openssh 9.6p1:
* No changes for askpass, see main package changelog for
details.
==== openvpn ====
Subpackages: openvpn-auth-pam-plugin
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
==== podman ====
- Allow to disable apparmor support (ALP supports only SELinux)
==== python-PyYAML ====
- Switch to pyproject and autosetup macros.
- Drop patch setuptools.patch, we can now cope.
==== setserial ====
- Use %patch -P N instead of deprecated %patchN.
==== sha1collisiondetection ====
- Use %patch -P N instead of deprecated %patchN.
==== slang ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
==== sof-firmware ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
==== sord ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
==== soundtouch ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
==== speex ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
==== susepaste ====
Subpackages: susepaste-screenshot
- Use %patch -P N instead of deprecated %patchN.
==== switcheroo-control ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
==== syslogd ====
- Use %patch -P N instead of deprecated %patchN.
==== system-config-printer ====
Subpackages: python3-cupshelpers system-config-printer-common system-config-printer-dbus-service udev-configure-printer
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang_path macro, [bsc#1212476]
==== sysvinit ====
- Use %patch -P N instead of deprecated %patchN.
==== thin-provisioning-tools ====
Version update (1.0.11 -> 1.0.12)
- Update to version 1.0.12:
* [thin_dump] Do not print error messages on BrokenPipe (EPIPE)
* Bump version to 1.0.12
* [build] Update dependencies
* [commands] Fix version string compatibility issue with LVM
* [thin_dump] Do not print error messages on BrokenPipe (EPIPE)
* [build] Update license to SPDX identifier
==== tigervnc ====
Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
==== upower ====
Version update (1.90.2 -> 1.90.2+15)
Subpackages: libupower-glib3 typelib-1_0-UpowerGlib-1_0
- Update to version 1.90.2+15:
* Revert "ci: Update last ABI break"
* Revert "build: Bump the library soname after recent changes"
* Revert "all: Remove Lid handling"
* Revert "lib: Remove deprecated up_client_get_devices()"
* dbus: org.freedesktop.UPower: EnergyRate is a positive value
* linux: Adjust test_bluetooth_le_device for dbusmock 0.30.1
* linux: stop assuming power supply of unknown type as battery
* linux: drop f-literals without format string
* linux: prefer is not None over !=
* build: make 'udevrulesdir' and 'udevhwdbdir' as Linux-only
- Introduce _service obs_scm and obsinfo files for automated
update service via:
osc service mr
==== usbutils ====
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
==== vlc ====
Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX
- Add vlc-taglib-2.0.patch: Fix build against taglib 2.0 (based on
upstream commit ec29dfca, d2663d6c, ac59d0ba, c404fdb2).
- Use %patch -P N instead of deprecated %patchN.
==== xauth ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
==== xdm ====
- Use %patch -P N instead of deprecated %patchN.
==== xf86-input-evdev ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
==== xf86-input-wacom ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
==== xf86-video-vesa ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
==== xinit ====
- Use %patch -P N instead of deprecated %patchN.
- revert previous change; cpp is not needed for xinit, but only for
xdm package
- since xrdb no longer requires cpp, it needs to be reqired here now
==== xkeyboard-config ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
==== xmlsec1 ====
Subpackages: libxmlsec1-1 libxmlsec1-openssl1
- Use %patch -P N instead of deprecated %patchN.
==== xorg-x11-server ====
Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra
- Use %patch -P N instead of deprecated %patchN.
==== xrandr ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
==== zlib ====
Version update (1.3 -> 1.3.1)
Subpackages: libminizip1 libz1
- Use %autopatch instead of %patch
- Update to 1.3.1:
* Reject overflows of zip header fields in minizip
* Fix bug in inflateSync() for data held in bit buffer
* Add LIT_MEM define to use more memory for a small deflate speedup
* Fix decision on the emission of Zip64 end records in minizip
* Add bounds checking to ERR_MSG() macro, used by zError()
* Neutralize zip file traversal attacks in miniunz
* Fix a bug in ZLIB_DEBUG compiles in check_match()
- Update pacthes:
* CVE-2023-45853.patch
* zlib-1.3-IBM-Z-hw-accelerated-deflate-s390x.patch
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
bash-completion (2.11 -> 2.12.0)
kernel-source (6.7.5 -> 6.7.6)
libzypp-plugin-appdata (1.0.1+git.20230117 -> 1.0.1+git.20240209)
mailx
man-pages
mdadm (4.2 -> 4.3)
microos-tools (2.21+git11 -> 2.21+git12)
pam
pam-full-src
pcaudiolib
polkit-default-privs (1550+20240207.d833f4b -> 1550+20240223.b0857d7)
rtkit
rubygem-gem2rpm
speech-dispatcher (0.11.5 -> 0.12.0~rc2)
wsdd
yast2-bootloader (5.0.4 -> 5.0.5)
=== Details ===
==== bash-completion ====
Version update (2.11 -> 2.12.0)
- Remove also patch
bash-completion-fix-missing-directory-completion-with-filename-pattern.patch
as the problem is fixed upstream
- Update to version 2.12.0:
Features
* _comp_backup_glob: add ucf generated backup files (351be1c)
* _comp_backup_glob: require dash in dpkg backup files (59a57f9)
* comp_compgen{filedir,set}: define exit status (7920c9d)
* _comp_compgen_commands: align return value with other compgens (9d3362e)
* _comp_compgen_commands: auto set -o filenames when appropriate (4d4839e)
* _comp_compgen_commands: include dirs (b9c7b5d)
* _comp_compgen_known_hosts: return 2 on usage error (43bb8f0)
* _comp_compgen: support -i cmd and -x cmd (39cc200)
* _comp_compgen: support -U var to unlocal var (b603535)
* _comp_compgen: support option -C (6b3dfa5)
* _comp_expand_glob: fail when no paths are generated (6b0a466)
* _comp_get_fist_arg: support "-o GLOB" to skip optargs (0f14cc0)
* _ip_addresses: auto ltrim colon completions when appropriate (ccdf953)
* add _comp_compgen_split (542bf73)
* add _comp_locate_first_arg (0384bd5)
* airflow: add fallback 3rd party completion loader (bf5550b)
* ansible:* add fallback 3rd party completion loader (5f8384e)
* apt-get: prefer apt-cache in same dir as command (a731bfd)
* b2sum: new completion (cd985df)
* bash_completion: add function _comp_compgen_ltrim_colon (ce5889b)
* black,blackd: add fallback 3rd party completion loader (47a1f05)
* carton: support exec command completions (0eb3a21)
* chezmoi: add 3rd-party completion loader (cobra) (31baa69)
* conda: add 3rd-party completion loader (argcomplete) (c0f5ba2)
* crc: add 3rd-party completion loader (cobra) (f10866e)
* cz: add fallback 3rd party completion loader (b7ba70e)
* dot: support filename extension .gv (be0010e)
* dprint: add fallback 3rd party completion loader (e201e0e)
* eog: add missing extension .heif (9e4a48f)
* eog: associate with *.avif and *.webp (#1005) (f1c04b8)
* eog: associate with *.heic and *.jxl (20c9cea)
* eog: associate with *.pbm (#1006) (5472cc1)
* feh: associate with y4m and heic/heif/avif (e252c73)
* feh: deassociate with avci/avcs (af46f34)
* flask: add fallback 3rd party completion loader (3e0d00d)
* hash: new completion (#1013) (4d0bffb)
* httpx: add fallback 3rd party completion loader (3f4861c)
* ip: Add completion for monitor subcommand (fa696e6)
* jungle: add fallback 3rd-party completion loader (c69845a)
* keyring: add fallback 3rd party completion loader (8082602)
* kontena: add fallback 3rd-party completion loader (5eef0ce)
* lefthook: add fallback 3rd party completion loader (dc9650e)
* mailman: prefer list_lists in same dir as command (a46ccf1)
* mysql: prefer mysqlshow from same dir (643886c)
* no empty command completion if no_empty_cmd_completion is on (faab292)
* npm: add fallback 3rd-party completion loader (f1c085c)
* nvm: add fallback 3rd-party completion loader (dea7e1d)
* oc: add 3rd-party completion loader (cobra) (26b5f09)
* pip{,3}: add fallback 3rd-party completion loader (e3cbfba)
* pipenv: add fallback 3rd party completion loader (#1020) (6ecf5bd)
* pytest: complete new --import-mode value (#1021) (2d636a3)
* rtx: add fallback 3rd party completion loader (0628e22)
* scp,sftp: prefer ssh from same dir to resolve options etc (d55f5e6)
* ssh-copy-id,ssh-keygen: prefer ssh from same dir (5c1d270)
* ssh-inscribe: add fallback 3rd party completion loader (7f2c197)
* ssh: complete RequiredRSASize (#1064) (de15205)
* tkn-pac: add 3rd-party completion loader (cobra) (d0f2604)
* tkn: add 3rd-party completion loader (cobra) (161fc5d)
* xrandr: comma separated --setmonitor third argument (8a76f3d)
Bug Fixes
* __load_completion: quoted compspec for variants (#1008) (0a2443e)
* _cd_devices: /dev/cdc-* CDC device false positives (5250728)
* _comp__init_set_up_service_completions: work around failglob (2529d40)
* comp{first_arg,count_args}: count - as argument (e23a79e)
* comp{first_arg,count_args}: count any arguments after -- (9bfd760)
* _comp_command_offset: Support complete -C (80450ca)
* _comp_compgen_fstypes: avoid unexpected expansions (a856d81)
* _comp_compgen_help: allow dots to connect names in longopt (79dadfc)
* _comp_compgen_known_hosts: work around bash-4.2 nounset (d2860cb)
* _comp_compgen_split: work around nounset (f488f96)
* _comp_compgen_term: replace completions by default (d3696a3)
* _comp_compgen_usergroup: avoid directly overwriting COMPREPLY (d380498)
* _comp_compgen: do not inherit -a for explicitly specified var (3c20766)
* _comp_compgen: explicitly exclude cur from the target variable (5fe98f3)
* _comp_count_args: check optarg correctly (874c503)
* _comp_count_args: exclude <>& from wordbreaks as _comp_initialize (521d2bb)
* _comp_count_args: ignore empty $3 (76eea74)
* _comp_count_args: perform optarg check also on $3 (21d3122)
* _comp_count_args: skip reassembling cword and words (3127703)
* _comp_delimited: treat delimiter as a fixed string (571a0f7)
* _comp_deprecate_func: argument order in usage error message (597f62f)
* _comp_get_words: empty prev if unavailable (localvar_inherit) (d8b8eef)
* _comp_initialize: fix completions of redirections without space (da16bf6)
* _comp_initialize: protect against "localvar_inherit" (0cc8d83)
* _comp_split,_comp_compgen: strip periods from error message (b3b6a7c)
* _comp_split: update error message for the correct options (3c4a89c)
* _comp_sysvdirs: work around nounset (da26178)
* _filedir_xspec: clean up unused variable tmp (67f1189)
* _get_cword_at_cursor,cvs: quote array length (201239c)
* _get_first_arg: remove invalid doccomment (eb40f56)
* _known_hosts: use array for options (work around SC2178,SC2179) (743d0a9)
* _mock,rpm: avoid icase flag s/reg/rep/i of GNU sed (33c18ce)
* _service: quote word (c2d7fb7)
* _slackpkg: do not scan after cword (ecd1384)
... changelog too long, skipping 144 lines ...
as not known how to port and if this is required
==== kernel-source ====
Version update (6.7.5 -> 6.7.6)
- Linux 6.7.6 (bsc#1012628).
- work around gcc bugs with 'asm goto' with outputs (bsc#1012628).
- update workarounds for gcc "asm goto" issue (bsc#1012628).
- mm: mmap: map MAP_STACK to VM_NOHUGEPAGE (bsc#1012628).
- btrfs: forbid creating subvol qgroups (bsc#1012628).
- btrfs: do not ASSERT() if the newly created subvolume already
got read (bsc#1012628).
- btrfs: forbid deleting live subvol qgroup (bsc#1012628).
- btrfs: send: return EOPNOTSUPP on unknown flags (bsc#1012628).
- btrfs: don't reserve space for checksums when writing to nocow
files (bsc#1012628).
- btrfs: reject encoded write if inode has nodatasum flag set
(bsc#1012628).
- btrfs: don't drop extent_map for free space inode on write error
(bsc#1012628).
- driver core: Fix device_link_flag_is_sync_state_only()
(bsc#1012628).
- kselftest: dt: Stop relying on dirname to improve performance
(bsc#1012628).
- selftests/landlock: Fix net_test build with old libc
(bsc#1012628).
- selftests/landlock: Fix fs_test build with old libc
(bsc#1012628).
- of: unittest: Fix compile in the non-dynamic case (bsc#1012628).
- drm/msm/gem: Fix double resv lock aquire (bsc#1012628).
- selftests/landlock: Fix capability for net_test (bsc#1012628).
- ASoC: Intel: avs: Fix pci_probe() error path (bsc#1012628).
- spi: imx: fix the burst length at DMA mode and CPU mode
(bsc#1012628).
- ASoC: Intel: avs: Fix dynamic port assignment when TDM is set
(bsc#1012628).
- wifi: iwlwifi: clear link_id in time_event (bsc#1012628).
- wifi: iwlwifi: Fix some error codes (bsc#1012628).
- wifi: iwlwifi: uninitialized variable in
iwl_acpi_get_ppag_table() (bsc#1012628).
- ASoC: SOF: ipc3-topology: Fix pipeline tear down logic
(bsc#1012628).
- dpll: fix possible deadlock during netlink dump operation
(bsc#1012628).
- net/mlx5: DPLL, Fix possible use after free after delayed work
timer triggers (bsc#1012628).
- net/handshake: Fix handshake_req_destroy_test1 (bsc#1012628).
- bonding: do not report NETDEV_XDP_ACT_XSK_ZEROCOPY
(bsc#1012628).
- devlink: Fix command annotation documentation (bsc#1012628).
- of: property: Improve finding the consumer of a remote-endpoint
property (bsc#1012628).
- of: property: Improve finding the supplier of a remote-endpoint
property (bsc#1012628).
- ALSA: hda/cs35l56: select intended config FW_CS_DSP
(bsc#1012628).
- perf: CXL: fix mismatched cpmu event opcode (bsc#1012628).
- selftests/net: convert test_bridge_backup_port.sh to run it
in unique namespace (bsc#1012628).
- selftests: net: Fix bridge backup port test flakiness
(bsc#1012628).
- selftests: forwarding: Fix layer 2 miss test flakiness
(bsc#1012628).
- selftests: forwarding: Fix bridge MDB test flakiness
(bsc#1012628).
- selftests: forwarding: Suppress grep warnings (bsc#1012628).
- selftests: forwarding: Fix bridge locked port test flakiness
(bsc#1012628).
- net: openvswitch: limit the number of recursions from action
sets (bsc#1012628).
- lan966x: Fix crash when adding interface under a lag
(bsc#1012628).
- net: tls: factor out tls_*crypt_async_wait() (bsc#1012628).
- tls: fix race between async notify and socket close
(bsc#1012628).
- tls: fix race between tx work scheduling and socket close
(bsc#1012628).
- net: tls: handle backlogging of crypto requests (bsc#1012628).
- net: tls: fix use-after-free with partial reads and async
decrypt (bsc#1012628).
- net: tls: fix returned read length with async decrypt
(bsc#1012628).
- spi: ppc4xx: Drop write-only variable (bsc#1012628).
- ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
(bsc#1012628).
- drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS
reg address (bsc#1012628).
- net: sysfs: Fix /sys/class/net/<iface> path for statistics
(bsc#1012628).
- nouveau/svm: fix kvcalloc() argument order (bsc#1012628).
- MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler
(bsc#1012628).
- ptrace: Introduce exception_ip arch hook (bsc#1012628).
- mm/memory: Use exception ip to search exception tables
(bsc#1012628).
- i40e: Do not allow untrusted VF to remove administratively
set MAC (bsc#1012628).
- i40e: Fix waiting for queues of all VSIs to be disabled
(bsc#1012628).
- mm: thp_get_unmapped_area must honour topdown preference
(bsc#1012628).
- userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
(bsc#1012628).
- selftests/mm: ksm_tests should only MADV_HUGEPAGE valid memory
... changelog too long, skipping 457 lines ...
- commit 8ef8383
==== libzypp-plugin-appdata ====
Version update (1.0.1+git.20230117 -> 1.0.1+git.20240209)
- Update to version 1.0.1+git.20240209:
* Move to /var/cache/swcatalog
* Remove Google Plus web app
* make google-chrome.xml pass appstream validation
* Add a type=remote icon for google-chrome
* Use application-x-addon for codec icons
* Add screenshots for Chromium
* Wings3d apddata file merged upstream
* Tag the web-apps with the correct license IDs
* Add Telegram web app
* added screenshot for IQMol
* added screenshot for FBReader
* Updated Cmake screenshot to a HighDPI version
* Ensure all the webapps have valid icons
* Fix the list of webapps to be a single XML document
* Merge the webapps into one file
* Convert the codec AppData files to 0.6 format
* Upgrade the IBus AppData files to 0.6 format
* Add the licence changes for the GStreamer packages
* Add the GStreamer AppStream descriptions for gstreamer1-libav
- Require appstream-glib with the asglib(swcatalog) symbol: ensure
we support the new location.
==== mailx ====
- Use %patch -P N instead of deprecated %patchN.
==== man-pages ====
- use %autosetup macro
==== mdadm ====
Version update (4.2 -> 4.3)
- Update mdadm-4.3 to latest status (jsc#PED-7542)
- Remove hardcoded checkpoint interval checking
0001-Remove-hardcoded-checkpoint-interval-checking.patch
- monitor: refactor checkpoint update
0002-monitor-refactor-checkpoint-update.patch
- Super-intel: Fix first checkpoint restart
0003-Super-intel-Fix-first-checkpoint-restart.patch
- Grow: Move update_tail assign to Grow_reshape()
0004-Grow-Move-update_tail-assign-to-Grow_reshape.patch
- Add understanding output section in man
0005-Add-understanding-output-section-in-man.patch
- Upgrade to mdadm-4.3 (jsc#PED-7542). Beside previous already back
ported patches, mdadm-4.3 has the following extra changes since
last update upto commit 582945c2d3bb,
- Fix null pointer for incremental in mdadm.
- Super1: fix truncation check for journal device.
- Fix some cases eyesore formatting.
- Bump minimum kernel version to 2.6.32.
- Remove the config files in mdcheck_start|continue service.
- Define DEV_MD_DIR, DEV_NUM_PREF, is_devname_ignore(),
ident_set_devname().
- Enable RAID for SATA under VMD.
- Imsm: Fix possible segfault in check_no_platform()
- Imsm refactor on imsm_get_free_size(), merge_extents().
- Imsm: return free space after volume for expand.
- Imsm: fix free space calculations.
- Add secure gethostname() wrapper.
- mdadm: Stop mdcheck_continue timer when mdcheck_start service can
finish check.
- Fix memory leak in files Assemble.c, Kill.c, Manage.c, mdadm.c.
- Fix unsafe string functions.
- platform-intel: limit guid length.
- Imsm: Add reading vmd register for finding imsm capability.
- Add compiler defenses flags.
- Assemble: fix redundant memory free.
- More regression test cases added into tests.
- Mdadm: set ident.devname if applicable.
- Mdadm: refactor ident->name handling.
- Mdadm: Follow POSIX Portable Character Set.
- Incremental: remove obsoleted calls to udisks.
- Fix race of "mdadm --add" and "mdadm --incremental".
- mdadm/ddf: Abort when raid disk is smaller in getinfo_super_ddf.
- mdadm/super1: Add MD_FEATURE_RAID0_LAYOUT if kernel>=5.4.
- Fix assembling RAID volume by using incremental.
- Mdmonitor: Improve udev event handling.
- Udev: Move udev_block() and udev_unblock() into udev.c.
- Manage: adjust checking subarray state in update_subarray.
- Super1: remove support for name= in config.
- Mdadm: fix update=resync regression.
- Rebase to keep consistent behavior for current code base.
- 1004-call-mdadm_env.sh-from-usr-libexec-mdadm.patch
- The following patches are moved from package because they are all
included in mdadm-4.3,
- 0001-Unify-error-message.patch
- 0002-mdadm-Fix-double-free.patch
- 0003-Grow_reshape-Add-r0-grow-size-error-message-and-upda.patch
- 0004-udev-adapt-rules-to-systemd-v247.patch
- 0005-Replace-error-prone-signal-with-sigaction.patch
- 0006-mdadm-Respect-config-file-location-in-man.patch
- 0007-mdadm-Update-ReadMe.patch
- 0008-mdadm-Update-config-man-regarding-default-files-and-.patch
- 0009-mdadm-Update-config-manual.patch
- 0010-Create-Build-use-default_layout.patch
- 0011-mdadm-add-map_num_s.patch
- 0012-mdmon-Stop-parsing-duplicate-options.patch
- 0013-Grow-block-n-on-external-volumes.patch
- 0014-Incremental-Fix-possible-memory-and-resource-leaks.patch
- 0015-Mdmonitor-Fix-segfault.patch
- 0016-Mdmonitor-Improve-logging-method.patch
- 0017-Fix-possible-NULL-ptr-dereferences-and-memory-leaks.patch
- 0018-imsm-Remove-possibility-for-get_imsm_dev-to-return-N.patch
- 0019-Revert-mdadm-fix-coredump-of-mdadm-monitor-r.patch
- 0020-util-replace-ioctl-use-with-function.patch
- 0021-mdadm-super1-restore-commit-45a87c2f31335-to-fix-clu.patch
- 0022-imsm-introduce-get_disk_slot_in_dev.patch
- 0023-imsm-use-same-slot-across-container.patch
- 0024-imsm-block-changing-slots-during-creation.patch
- 0025-mdadm-block-update-ppl-for-non-raid456-levels.patch
- 0026-mdadm-Fix-array-size-mismatch-after-grow.patch
- 0027-mdadm-Remove-dead-code-in-imsm_fix_size_mismatch.patch
- 0028-Monitor-use-devname-as-char-array-instead-of-pointer.patch
- 0029-Monitor-use-snprintf-to-fill-device-name.patch
- 0030-Makefile-Don-t-build-static-build-with-everything-an.patch
- 0031-DDF-Cleanup-validate_geometry_ddf_container.patch
- 0032-DDF-Fix-NULL-pointer-dereference-in-validate_geometr.patch
- 0033-mdadm-Grow-Fix-use-after-close-bug-by-closing-after-.patch
- 0034-monitor-Avoid-segfault-when-calling-NULL-get_bad_blo.patch
- 0035-mdadm-Fix-mdadm-r-remove-option-regression.patch
- 0036-mdadm-Fix-optional-write-behind-parameter.patch
- 0037-mdadm-Replace-obsolete-usleep-with-nanosleep.patch
- 0038-mdadm-remove-symlink-option.patch
- 0039-mdadm-move-data_offset-to-struct-shape.patch
- 0040-mdadm-Don-t-open-md-device-for-CREATE-and-ASSEMBLE.patch
- 0041-Grow-Split-Grow_reshape-into-helper-function.patch
- 0042-Assemble-check-if-device-is-container-before-schedul.patch
- 0043-super1-report-truncated-device.patch
- 0044-mdadm-Correct-typos-punctuation-and-grammar-in-man.patch
- 0046-Monitor-Fix-statelist-memory-leaks.patch
- 0047-mdadm-added-support-for-Intel-Alderlake-RST-on-VMD-p.patch
... changelog too long, skipping 55 lines ...
- 0103-Create-Fix-checking-for-container-in-update_metadata.patch
==== microos-tools ====
Version update (2.21+git11 -> 2.21+git12)
- Update to version 2.21+git12:
* 98selinux-microos: Avoid "/sysroot-selinux: not mounted" on new util-linux
- Switch _service to use mode="manual" instead of "disabled"
==== pam ====
- Use autosetup to prepare for RPM 4.20.
==== pam-full-src ====
- Use autosetup to prepare for RPM 4.20.
==== pcaudiolib ====
- Use %autosetup in %prep section.
==== polkit-default-privs ====
Version update (1550+20240207.d833f4b -> 1550+20240223.b0857d7)
- Update to version 1550+20240223.b0857d7:
* profiles: add new tuned actions (bsc#1220081)
==== rtkit ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
==== rubygem-gem2rpm ====
- Added 0034-plugin-dir.patch
- also own the new gem plugin dir
- Added 0035-fix-patch-syntax.patch:
Fix patch syntax for the upcoming rpm 4.20
==== speech-dispatcher ====
Version update (0.11.5 -> 0.12.0~rc2)
Subpackages: libspeechd2 speech-dispatcher-module-espeak
- Update to version 0.12.0~rc2:
* Add openjtalk module.
* Fix splitting long UTF-8 sequences.
* Update CLDR to version 44 and symbols from NVDA.
* Add spd_fd function to C api.
- Use _multibuild to build also a python311 flavor in SLE15
(jsc#PED-68)
- Rename the python3-speechd package to %{primary_python}-speechd
in TW/ALP so that it follows the python package naming policy.
- Fix %_datadir which is now included in the main speech-dispatcher
package instead of in -configure.
- Only provide python3-speechd from python311-speechd in TW/ALP,
otherwise the python 3.11 flavor might be selected instead of
the real python3-speechd package in SLE15.
- Only require python-speechd for the -configure package. The base
package does not require it to be installed.
- Update to version 0.12.0~rc1:
* Add socket activation
* libspeechd: Simplify buffer management.
* Add language and variant parameters to "list voice" command.
- Add pkgconfig(libsystemd) to BuildRequires.
==== wsdd ====
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
==== yast2-bootloader ====
Version update (5.0.4 -> 5.0.5)
- Proposal: Trying to take the bootloader which has been defined in
the product description file (entry globals/prefered_bootloader)
(jsc#PED-1906)
- 5.0.5
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
Mesa (23.3.5 -> 23.3.6)
Mesa-drivers (23.3.5 -> 23.3.6)
MozillaFirefox (122.0 -> 122.0.1)
aaa_base (84.87+git20231023.f347d36 -> 84.87+git20240202.9526d46)
accountsservice
acl (2.3.1 -> 2.3.2)
alsa-utils
apparmor
appstream-glib
argon2
argyllcms
attr (2.5.1 -> 2.5.2)
autofs (5.1.8 -> 5.1.9)
autoyast2 (5.0.1 -> 5.0.2)
bc
bind (9.18.21 -> 9.18.24)
bolt (0.9.6 -> 0.9.7)
boost-base
branding-openSUSE
btrfsprogs (6.7 -> 6.7.1)
busybox-links
cockpit
curl
dav1d (1.3.0 -> 1.4.0)
distrobox
dnsmasq (2.89 -> 2.90)
docker (24.0.7_ce -> 25.0.3_ce)
dracut (059+suse.549.gc9f63878 -> 059+suse.554.g6144bf71)
e2fsprogs
ebook-tools
ed (1.20 -> 1.20.1)
efont-unicode-bitmap-fonts
ell (0.61 -> 0.62)
expat (2.5.0 -> 2.6.0)
fde-tools
gcc
gcc14 (13.2.1+git8285 -> 14.0.1+git8957)
gd
gdm
git (2.43.0 -> 2.43.2)
gnome-control-center (45.2 -> 45.3)
gnome-shell
gpgme
graphviz
grub2
hdparm
highway (1.0.7 -> 1.1.0)
hiredis
hplip
hwdata (0.378 -> 0.379)
hyper-v
ibus
installation-images-MicroOS (17.114 -> 17.115)
intlfonts
iso_ent
kernel-firmware (20240201 -> 20240220)
kernel-source (6.7.4 -> 6.7.5)
keyutils
kmozillahelper
lastlog2 (1.2.0 -> 1.3.1)
libadwaita (1.4.2 -> 1.4.3)
libapparmor
libblockdev (3.0.4 -> 3.1.0)
libdbusmenu-qt5
libdecor
libdnf (0.72.0 -> 0.73.0)
libei
libgusb
libjpeg-turbo
libjxl-gtk (0.9.2 -> 0.10.0)
libnvme (1.7.1+0.g13ba383 -> 1.8+0.gbff7dda)
libpaper (2.1.2 -> 2.1.3)
libphonenumber (8.13.23 -> 8.13.30)
libpng16 (1.6.40 -> 1.6.42)
libqt5-qtbase (5.15.12+kde147 -> 5.15.12+kde151)
libqt5-qtwebengine
libstorage-ng (4.5.176 -> 4.5.191)
libunwind (1.7.2 -> 1.8.0)
man
mozilla-nss (3.96.1 -> 3.97)
mpg123 (1.32.4 -> 1.32.5)
multipath-tools (0.9.7+93+suse.e2f2272 -> 0.9.8~1+82+suse.dcd98a3)
musepack
ncurses (6.4.20240120 -> 6.4.20240210)
neon
netavark (1.10.2 -> 1.10.3)
nvme-cli (2.7.1 -> 2.8)
openvpn (2.6.8 -> 2.6.9)
orc (0.4.34 -> 0.4.37)
osinfo-db
pam-config (2.10 -> 2.11)
parted
patterns-microos
pcr-oracle
pcre2 (10.42 -> 10.43)
perl-Bootloader (1.11 -> 1.12)
pipewire
pkcs11-helper (1.29.0 -> 1.30.0)
pkgconf (1.8.0 -> 2.1.1)
podman (4.9.2 -> 4.9.3)
poppler (23.12.0 -> 24.02.0)
poppler-qt5 (23.12.0 -> 24.02.0)
prctl
publicsuffix (20240123 -> 20240212)
pulseaudio
python-cryptography (41.0.7 -> 42.0.4)
python-linux-procfs
python311
python311-core
qalculate (4.8.1 -> 4.9.0)
qemu (8.2.0 -> 8.2.1)
rpm
rpm-config-SUSE (20240118 -> 20240214)
samba (4.19.4+git.339.acf1ccaa020 -> 4.19.5+git.342.57620c4f7e)
sdbootutil (1+git20240122.c0d8f76 -> 1+git20240215.cb7e392)
sg3_utils (1.48+7.63e63cb -> 1.48+8.37ca384)
shadow (4.14.3 -> 4.14.5)
shared-mime-info
shim
signon-plugin-oauth2
slirp4netns (1.2.2 -> 1.2.3)
systemd (254.8 -> 254.9)
tecla-keyboard-layout-viewer (45.rc -> 45.0)
thin-provisioning-tools (1.0.10 -> 1.0.11)
tigervnc
u-boot-rpiarm64
unzip
utempter
util-linux
util-linux-systemd
vid_stab
vim (9.1.0000 -> 9.1.0111)
vmaf
webkit2gtk3
webkit2gtk4
webrtc-audio-processing
wget
wmctrl
wpa_supplicant
wsdd
xdg-menu
xfsprogs (6.5.0 -> 6.6.0)
xorg-x11-server
xtermset
xwayland
yast2 (5.0.5 -> 5.0.6)
yast2-packager (5.0.2 -> 5.0.4)
yast2-perl-bindings (5.0.0 -> 5.0.1)
yast2-storage-ng (5.0.4 -> 5.0.6)
zchunk
zip
zlib
zvbi
=== Details ===
==== Mesa ====
Version update (23.3.5 -> 23.3.6)
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1
- Update to bugfix release 23.3.6
- -> https://docs.mesa3d.org/relnotes/23.3.6.html
==== Mesa-drivers ====
Version update (23.3.5 -> 23.3.6)
Subpackages: Mesa-dri Mesa-gallium Mesa-libva
- Update to bugfix release 23.3.6
- -> https://docs.mesa3d.org/relnotes/23.3.6.html
==== MozillaFirefox ====
Version update (122.0 -> 122.0.1)
- Mozilla Firefox 122.0.1
https://www.mozilla.org/en-US/firefox/122.0.1/releasenotes/
* Fixed the Library and Sidebar context menus only displaying
Multi-Account Containers icons in the "Open in New Container
Tab" menu. (bmo#1876518)
* Fixed an issue when clicking the Dismiss button in
notification pop-ups on Windows causing a webpage in a new tab.
(bmo#1848801)
* Fixed the yaru-remix system theme not applying correctly on
Linux. (bmo#1877002)
* Fixed adding an extra new line to a rule in the Developer
Tools' Inspector when copying it to the clipboard.
(bmo#1876220)
* Rolled back a keyboard behavior change made to the Developer
Tools' Rules view when validating a property name or input with
the Enter key.
This moves the focus to the next input, as was the behavior
in Firefox 121. (bmo#1877457)
==== aaa_base ====
Version update (84.87+git20231023.f347d36 -> 84.87+git20240202.9526d46)
Subpackages: aaa_base-extras
- Update to version 84.87+git20240202.9526d46:
* properly shorten the variable when setting JAVA_HOME and JRE_HOME
* silence output of alljava
* Restrict ptrace with Yama LSM by default
* patch alljava.sh and alljava.csh, use the links from update alternatives
==== accountsservice ====
Subpackages: libaccountsservice0 typelib-1_0-AccountsService-1_0
- First part to fix build with GCC 14:
+ Inject patched mocklibc-1.0.tar.gz: only some header
modifications to address implicit declaration of print_indent.
+ Add accountsservice-mocklib-gcc14.patch: patch meson'
subproject definition to validate the injected tarball.
==== acl ====
Version update (2.3.1 -> 2.3.2)
Subpackages: libacl1
- Update to version 2.3.2:
+ libobj: declare s_str directly in string_obj_tag.
+ Use thread-safe getpwnam_r and getgrnam_r.
+ setfacl: preserve the failed status when processing multiple
files.
+ man: Document pitfall with negative permissions and user
namespaces.
+ tools: mark long_options static & const.
==== alsa-utils ====
- Use %patch -P N instead of deprecated %patchN.
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- Use %patch -P N instead of deprecated %patchN.
- Add apparmor-abstractions-openssl-allow-version-specific-en.patch to
allow version specific engdef & engines openssl paths (boo#1219571)
==== appstream-glib ====
Subpackages: libappstream-glib8
- Add asglib(swcatalog) provides: allow other packages to declare
that they need swcatalog support.
- Add patch for interoperability with newer AppStream spec (boo#1218427):
* 0001-Move-from-app-info-to-swcatalog-locations.patch
==== argon2 ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
==== argyllcms ====
- Use %patch -P N instead of deprecated %patchN.
==== attr ====
Version update (2.5.1 -> 2.5.2)
Subpackages: libattr1
- update to 2.5.2:
* attr: eliminate a dead store in attr_copy_action()
* libattr: Set symbol versions for legacy syscalls via attribute
or asm
* exports: use LGPL for library code
* documentation updates
* translation updates (Polish, Dutch, Gregorian, French)
* build system updates
==== autofs ====
Version update (5.1.8 -> 5.1.9)
- Use %patch -P N instead of deprecated %patchN.
- update to 5.1.9 (bsc#1219508)
* fix kernel mount status notification.
* fix fedfs build flags.
* fix set open file limit.
* improve descriptor open error reporting.
* fix root offset error handling.
* fix fix root offset error handling.
* fix nonstrict fail handling of last offset mount.
* dont fail on duplicate offset entry tree add.
* fix loop under run in cache_get_offset_parent().
* bailout on rpc systemerror.
* fix nfsv4 only mounts should not use rpcbind.
* simplify cache_add() a little.
* fix use after free in tree_mapent_delete_offset_tree().
* fix memory leak in xdr_exports().
* avoid calling pthread_getspecific() with NULL key_thread_attempt_id.
* fix sysconf(3) return handling.
* remove nonstrict parameter from tree_mapent_umount_offsets().
* fix handling of incorrect return from umount_ent().
* dont use initgroups() at spawn.
* fix bashism in configure.
* musl: fix missing include in hash.h.
* musl: define fallback dummy NSS config path
* musl: avoid internal stat.h definitions.
* musl: add missing include to hash.h for _WORDSIZE.
* musl: add missing include to log.h for pid_t.
* musl: define _SWORD_TYPE.
* add autofs_strerror_r() helper for musl.
* update configure.
* handle innetgr() not present in musl.
* fix missing unlock in sasl_do_kinit_ext_cc().
* fix a couple of null cache locking problems.
* restore gcc flags after autoconf Kerberos 5 check.
* prepare for OpenLDAP SASL binding.
* let OpenLDAP handle SASL binding.
* configure: LDAP function checks ignore implicit declarations.
* improve debug logging of LDAP binds.
* improve debug logging of SASL binds.
* internal SASL logging only in debug log mode.
* more comprehensive verbose logging for LDAP maps.
* fix invalid tsv access.
* support SCRAM for SASL binding.
* ldap_sasl_interactive_bind() needs credentials for auto-detection.
* fix autofs regression due to positive_timeout.
* fix parse module instance mutex naming.
* serialise lookup module open and reinit.
* coverity fix for invalid access.
* fix hosts map deadlock on restart.
* fix deadlock with hosts map reload.
* fix memory leak in update_hosts_mounts().
* fix minus only option handling in concat_options().
* fix incorrect path for is_mounted() in try_remount().
* fix additional tsv invalid access.
* fix use_ignore_mount_option description.
* include addtional log info for mounts.
* fail on empty replicated host name.
* improve handling of ENOENT in sss setautomntent().
* don't immediately call function when waiting.
* define LDAP_DEPRECATED during LDAP configure check.
* fix return status of mount_autofs().
* don't close lookup at umount.
* fix deadlock in lookups.
* dont delay expire.
* make amd mapent search function name clear.
* rename statemachine() to signal_handler().
* make signal handling consistent.
* eliminate last remaining state_pipe usage.
* add function master_find_mapent_by_devid().
* use device id to locate autofs_point when setting log priotity.
* add command pipe handling functions.
* switch to application wide command pipe.
* get rid of unused field submnt_count.
* fix mount tree startup reconnect.
* fix unterminated read in handle_cmd_pipe_fifo_message().
* fix memory leak in sasl_do_kinit()
* fix fix mount tree startup reconnect.
* fix amd selector function matching.
* get rid entry thid field.
* continue expire immediately after submount check.
* eliminate realpath from mount of submount.
* eliminate root param from autofs mount and umount.
* remove redundant fstat from do_mount_direct().
* get rid of strlen call in handle_packet_missing_direct().
* remove redundant stat call in lookup_ghost().
* set mapent dev and ino before adding to index.
* change to use printf functions in amd parser.
* dont call umount_subtree_mounts() on parent at umount.
* dont take parent source lock at mount shutdown.
* fix possible use after free in handle_mounts_exit().
* make submount cleanup the same as top level mounts.
* add soucre parameter to module functions.
* add ioctlfd open helper.
* make open files limit configurable.
* use correct reference for IN6 macro call.
* dont probe interface that cant send packet.
* fix some sss error return cases.
* fix incorrect matching of cached wildcard key.
* fix expire retry looping.
... changelog too long, skipping 18 lines ...
("autofs-5.1.8 - add soucre parameter to module functions")
==== autoyast2 ====
Version update (5.0.1 -> 5.0.2)
- Install standard SLES when the AY XML profile selects SLE_HPC,
it has been dropped in SP6 (jsc#PED-7841)
- 5.0.2
- jsc#PED-6407
- enabled lvm_vg_reuse to be used in general/storage/proposal
section
==== bc ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
==== bind ====
Version update (9.18.21 -> 9.18.24)
- Update to release 9.18.24
Security Fixes:
* Validating DNS messages containing a lot of DNSSEC signatures
could cause excessive CPU load, leading to a denial-of-service
condition. This has been fixed. (CVE-2023-50387)
[bsc#1219823]
* Preparing an NSEC3 closest encloser proof could cause excessiv
CPU load, leading to a denial-of-service condition. This has
been fixed. (CVE-2023-50868)
[bsc#1219826]
* Parsing DNS messages with many different names could cause
excessive CPU load. This has been fixed. (CVE-2023-4408)
[bsc#1219851]
* Specific queries could cause named to crash with an assertion
failure when nxdomain-redirect was enabled. This has been
fixed. (CVE-2023-5517)
[bsc#1219852]
* A bad interaction between DNS64 and serve-stale could cause
named to crash with an assertion failure, when both of these
features were enabled. This has been fixed. (CVE-2023-5679)
[bsc#1219853]
* Query patterns that continuously triggered cache database
maintenance could cause an excessive amount of memory to be
allocated, exceeding max-cache-size and potentially leading to
all available memory on the host running named being exhausted
This has been fixed. (CVE-2023-6516)
[bsc#1219854]
* Under certain circumstances, the DNS-over-TLS client code
incorrectly attempted to process more than one DNS message at a
time, which could cause named to crash with an assertion
failure. This has been fixed.
Bug Fixes:
* The counters exported via the statistics channel were changed
back to 64-bit signed values; they were being inadvertently
truncated to unsigned 32-bit values since BIND 9.15.0.
==== bolt ====
Version update (0.9.6 -> 0.9.7)
- update to 0.9.7:
* Add a 'nopcie' security level since some devices report nopcie when Thunderbolt
is disabled through BIOS setting.
* Markdown lint styling is used for documents.
==== boost-base ====
Subpackages: boost-license1_84_0 libboost_thread1_84_0
- avoid obsolete rpm syntax
==== branding-openSUSE ====
Subpackages: grub2-branding-openSUSE plymouth-branding-openSUSE wallpaper-branding-openSUSE yast2-qt-branding-openSUSE
- Remove update-alternatives usage, we don't have dynamic
wallpapers anymore which were using that (bsc#1219919).
==== btrfsprogs ====
Version update (6.7 -> 6.7.1)
Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1
- update to 6.7.1
* convert: raid-stripe-tree can be now enabled for the target filesystem
* mkfs:
* handle lifetime of open file descriptors so it does not trigger udev
that could miss to create the UUID symlinks in /dev
* update warning when CPU page size does not match sector size
* merge features in summary, no more distinction of incompat and runtime
to match the semantics of option -O
* fi show: fix recognizing raw device mapper paths
* other:
* documentation updates, fix links to labels in included directories
==== busybox-links ====
Subpackages: busybox-coreutils busybox-diffutils busybox-grep busybox-gzip busybox-hostname busybox-sed busybox-which busybox-xz
- busybox-udhcpc conflicts with udhcp.
==== cockpit ====
Subpackages: cockpit-bridge cockpit-packagekit cockpit-system
- suse-microos-branding.patch: fix branding for SLE Micro
(bsc#1219929)
- don't clobber existing links with empty files
==== curl ====
Subpackages: libcurl4
- Add patch to fix various TLS related issues including FTP over SSL
transmission timeouts:
* 0001-vtls-revert-receive-max-buffer-add-test-case.patch
- Switch to %autosetup
==== dav1d ====
Version update (1.3.0 -> 1.4.0)
- Update to version 1.4.0
* AVX-512 optimizations for z1, z2, z3 in 8bit and
high-bitdepth
* New architecture supported: loongarch
* Loongarch optimizations for 8bit
* New architecture supported: RISC-V
* RISC-V optimizations for itx
* Misc improvements in threading and in reducing binary size
* Fix potential integer overflow with extremely large frame
sizes (bsc#1220105, CVE-2024-1580)
==== distrobox ====
Subpackages: distrobox-bash-completion
- Add flatpak as a dependency, as we need it for distrobox-host-exec
to work properly (bsc#1220037)
- Add 0001-Fix-systemd-init-container-startup-1069.patch:
* run podman exec command as root since some distros would ask
for user password when using su to login even though the user
has no password in /etc/shadow
* fix pam_systemd not being checked for su
==== dnsmasq ====
Version update (2.89 -> 2.90)
- update to 2.90:
* CVE-2023-50387, CVE-2023-50868, bsc#1219823, bsc#1219826:
Denial Of Service while trying to validate specially crafted
DNSSEC responses
* Fix reversion in --rev-server introduced in 2.88 which caused
breakage if the prefix length is not exactly divisible by 8
(IPv4) or 4 (IPv6).
* Fix possible SEGV when there server(s) for a particular domain
are configured, but no server which is not qualified for a
particular domain.
* Set the default maximum DNS UDP packet sice to 1232.
Obsoletes: dnsmasq-CVE-2023-28450.patch
* Add --no-dhcpv4-interface and --no-dhcpv6-interface for better
control over which inetrfaces are providing DHCP service.
* Fix issue with stale caching
* Add configurable caching for arbitrary RR-types.
* Add --filter-rr option, to filter arbitrary RR-types.
==== docker ====
Version update (24.0.7_ce -> 25.0.3_ce)
Subpackages: docker-bash-completion docker-rootless-extras
- Update to Docker 25.0.3-ce. See upstream changelong online at
<https://docs.docker.com/engine/release-notes/25.0/#2503>
- Fixes:
* bsc#1219267 - CVE-2024-23651
* bsc#1219268 - CVE-2024-23652
* bsc#1219438 - CVE-2024-23653
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Remove upstreamed patches:
- 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch
- Vendor latest buildkit v0.11:
Add patch 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch that
vendors in the latest v0.11 buildkit branch including bugfixes for the following:
* bsc#1219438: CVE-2024-23653
* bsc#1219268: CVE-2024-23652
* bsc#1219267: CVE-2024-23651
- rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- switch from %patchN to %patch -PN syntax
- remove unused rpmlint filters and add filters to silence pointless bash & zsh
completion warnings
==== dracut ====
Version update (059+suse.549.gc9f63878 -> 059+suse.554.g6144bf71)
Subpackages: dracut-ima
- Update to version 059+suse.554.g6144bf71:
* fix(dracut.spec): update dracut-fips requirements (bsc#1219869)
- Update to version 059+suse.552.g4610ef1b:
* fix(dracut-util): do not call `strcmp` if the `value` argument is NULL (bsc#1219841)
==== e2fsprogs ====
Subpackages: libcom_err2 libext2fs2
- Use %patch -P N instead of deprecated %patchN.
==== ebook-tools ====
- Use %patch -P N instead of deprecated %patchN.
==== ed ====
Version update (1.20 -> 1.20.1)
- GNU ed 1.20.1:
* New command-line options '+line', '+/RE', and '+?RE' have been
implemented to set the current line to the line number
specified or to the first or last line matching the regular
expression 'RE'.
* File names containing control characters 1 to 31 are now
rejected unless they are allowed with the command-line option
'--unsafe-names'.
* File names containing control characters 1 to 31 are now
printed using octal escape sequences.
* Ed now rejects file names ending with a slash.
* Intervening commands that don't set the modified flag no longer
make a second 'e' or 'q' command fail with a 'buffer modified'
warning.
* Tilde expansion is now performed on file names supplied to
commands; if a file name starts with '~/', the tilde (~) is
expanded to the contents of the variable HOME.
* Ed now warns the first time that a command modifies a buffer
loaded from a read-only file.
* It has been documented that 'e' creates an empty buffer if
file does not exist.
* It has been documented that 'f' sets the default filename,
whether or not its argument names an existing file.
* The description of the exit status has been improved in
'--help' and in the manual.
==== efont-unicode-bitmap-fonts ====
- Use %patch -P N instead of deprecated %patchN.
==== ell ====
Version update (0.61 -> 0.62)
- Update to version 0.62
* Add support for cleanup functions and macros.
* Add support for setting DHCP max attempts.
==== expat ====
Version update (2.5.0 -> 2.6.0)
Subpackages: libexpat1
- Fix handling of xmlwf.1 to avoid workarounds in specfile:
* Added libxml2-fix-xmlwf.1-handling.patch
- Call buildconf.sh to avoid (future) issues with expat_config.h.in
- Update keyring automatically from keyserver during OBS service run.
- Explicitly use --without-docbook (before it was implicit).
- Include missing files for documentation and examples.
- Add manpage for xmlwf, which is now available in the released tarball.
- Clean the spec file a bit.
- Update to 2.6.0:
* Security fixes:
- CVE-2023-52425 (boo#1219559)
- - Fix quadratic runtime issues with big tokens
that can cause denial of service, in partial where
dealing with compressed XML input. Applications
that parsed a document in one go -- a single call to
functions XML_Parse or XML_ParseBuffer -- were not affected.
The smaller the chunks/buffers you use for parsing
previously, the bigger the problem prior to the fix.
Backporters should be careful to no omit parts of
pull request #789 and to include earlier pull request #771,
in order to not break the fix.
- CVE-2023-52426 (boo#1219561)
- - Fix billion laughs attacks for users
compiling *without* XML_DTD defined (which is not common).
Users with XML_DTD defined have been protected since
Expat >=2.4.0 (and that was CVE-2013-0340 back then).
* Bug fixes:
- Fix parse-size-dependent "invalid token" error for
external entities that start with a byte order mark
- Fix NULL pointer dereference in setContext via
XML_ExternalEntityParserCreate for compilation with
XML_DTD undefined
- Protect against closing entities out of order
* Other changes:
- Improve support for arc4random/arc4random_buf
- Improve buffer growth in XML_GetBuffer and XML_Parse
- xmlwf: Support --help and --version
- xmlwf: Support custom buffer size for XML_GetBuffer and read
- xmlwf: Improve language and URL clickability in help output
- examples: Add new example "element_declarations.c"
- Be stricter about macro XML_CONTEXT_BYTES at build time
- Make inclusion to expat_config.h consistent
- Autotools: configure.ac: Support --disable-maintainer-mode
- Autotools: Sync CMake templates with CMake 3.26
- Autotools: Make installation of shipped man page doc/xmlwf.1
independent of docbook2man availability
- Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
section "Cflags.private" in order to fix compilation
against static libexpat using pkg-config on Windows
- Autotools|CMake: Require a C99 compiler
(a de-facto requirement already since Expat 2.2.2 of 2017)
- Autotools|CMake: Fix PACKAGE_BUGREPORT variable
- Autotools|CMake: Make test suite require a C++11 compiler
- CMake: Require CMake >=3.5.0
- CMake: Lowercase off_t and size_t to help a bug in Meson
- CMake: Sort xmlwf sources alphabetically
- CMake|Windows: Fix generation of DLL file version info
- CMake: Build tests/benchmark/benchmark.c as well for
a build with -DEXPAT_BUILD_TESTS=ON
- docs: Document the importance of isFinal + adjust tests
accordingly
- docs: Improve use of "NULL" and "null"
- docs: Be specific about version of XML (XML 1.0r4)
and version of C (C99); (XML 1.0r5 will need a sponsor.)
- docs: reference.html: Promote function XML_ParseBuffer more
- docs: reference.html: Add HTML anchors to XML_* macros
- docs: reference.html: Upgrade to OK.css 1.2.0
- docs: Fix typos
- docs|CI: Use HTTPS URLs instead of HTTP at various places
- Address compiler warnings
- Address clang-tidy warnings
- Version info bumped from 9:10:8 (libexpat*.so.1.8.10)
to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/
for what these numbers do
==== fde-tools ====
- Add fde-tools-bsc1213945-set-rsa-key-size.patch to set
the highest supported RSA key size (bsc#1213945)
==== gcc ====
- Add gcc-build flavor for building ALP packages, but disabled for
openSUSE.
- Support building suffixed packages, but only allow installing one
variant at the same time.
- Remove obsolete obsoletes.
==== gcc14 ====
Version update (13.2.1+git8285 -> 14.0.1+git8957)
Subpackages: libgcc_s1 libgfortran5 libgomp1 libobjc4 libstdc++6 libstdc++6-pp libubsan1
- Update to trunk head, 4a1cd5560b9b545eb848eb1d1e06d345fb, git8957
* bumps libgphobos and libgdrundime SONAME
- Use %patch -P N instead of %patchN
- Refresh gcc44-rename-info-files.patch
==== gd ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
==== gdm ====
Subpackages: gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0
- Drop gdm-disable-wayland-on-mgag200-chipsets.patch: fixed
upstream since version 43.0.
==== git ====
Version update (2.43.0 -> 2.43.2)
- Do not replace apparmor configuration, fixes bsc#1216545
- update to 2.43.2:
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.4…
* Update to a new feature recently added, "git show-ref --exists".
* Rename detection logic ignored the final line of a file if it
is an incomplete line.
* "git diff --no-rename A B" did not disable rename detection but
did not trigger an error from the command line parser.
* "git diff --no-index file1 file2" segfaulted while invoking the
external diff driver, which has been corrected.
* A failed "git tag -s" did not necessarily result in an error
depending on the crypto backend, which has been corrected.
* "git stash" sometimes was silent even when it failed due to
unwritable index file, which has been corrected.
* Recent conversion to allow more than 0/1 in GIT_FLUSH broke the
mechanism by flipping what yes/no means by mistake, which has
been corrected.
- update to 2.43.1:
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.4…
==== gnome-control-center ====
Version update (45.2 -> 45.3)
Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces
- Update to version 45.3:
+ Datetime: Fix build with -Wincompatible-pointer-types.
+ Region: Prevent preview crash from accessing invalid pointer.
+ Wifi: Fix build with -Wincompatible-pointer-types.
- Drop gnome-control-center-fix-region-preview-crash.patch: fixed
upstream.
==== gnome-shell ====
Subpackages: gnome-extensions gnome-shell-calendar
- Add gjs Requires, because ScreenSaver DBus daemon is a gjs
script. (bsc#1219359)
==== gpgme ====
Subpackages: libgpgme11 libgpgmepp6 python311-gpg
- Update gpgme-D545-obsolete-distutils.patch with upstream's
changes (but use pip instead of python-build for wheel building)
- Change from in-place build to out-of-place build in order to
reflect upstream's build setup (See D545)
- Don't replace distutils in 15.X
==== graphviz ====
Subpackages: libcdt5 libcgraph6 libgvc6 libpathplan4
- Use %patch -P N instead of deprecated %patchN.
- Update graphviz-rpmlintrc
==== grub2 ====
Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin
- Fix grub.xen memdisk script doesn't look for /boot/grub/grub.cfg
(bsc#1219248) (bsc#1181762)
* grub2-xen-pv-firmware.cfg
* 0001-disk-Optimize-disk-iteration-by-moving-memdisk-to-th.patch
- Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to
SLE-15-SP2 (bsc#1217102)
* add 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch
* add 0002-ofdisk-add-early_log-support.patch
- Sort tar file order for reproducible builds
==== hdparm ====
- Use %patch -P N instead of deprecated %patchN.
==== highway ====
Version update (1.0.7 -> 1.1.0)
- Update to release 1.1.0
* Add BitCastScalar, DispatchedTarget, Foreach
* Add Div/Mod and MaskedDiv/ModOr, SaturatedAbs, SaturatedNeg
* Add InterleaveWholeLower/Upper, Dup128VecFromValues
* Add IsInteger, IsIntegerLaneType, RemoveVolatile, RemoveCvRef
* Add MaskedAdd/Sub/Mul/Div/Gather/Min/Max/SatAdd/SatSubOr
* Add MaskFalse, IfNegativeThenNegOrUndefIfZero, PromoteEven/OddTo
* Add ReduceMin/Max, 8-bit reductions, f16 <-> f64 conversions
* Add Span, AlignedArray, matrix-vector mul
* Add SumsOf2/4, I8 SumsOf8, SumsOfAdjQuadAbsDiff,
SumsOfShuffledQuadAbsDiff
* Extend Dot to f32*bf16, FMA to integer
* Fix: RVV 8-bit overflow, UB in vqsort, big-endian bugs, PPC HTM
* New targets: HWY_Z14, HWY_Z15
==== hiredis ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
==== hplip ====
Subpackages: hplip-hpijs hplip-udev-rules
- Use %patch -P N instead of deprecated %patchN.
==== hwdata ====
Version update (0.378 -> 0.379)
- update to 0.379:
* Update pci, usb and vendor ids
==== hyper-v ====
- Use %patch -P N instead of deprecated %patchN.
==== ibus ====
Subpackages: libibus-1_0-5 typelib-1_0-IBus-1_0
- Use %patch -P N instead of deprecated %patchN.
==== installation-images-MicroOS ====
Version update (17.114 -> 17.115)
- merge gh#openSUSE/installation-images#696
- no libcryptsetup12-hmac, libgcrypt20-hmac anymore (bsc#1219762)
- 17.115
==== intlfonts ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
==== iso_ent ====
- Use %patch -P N instead of deprecated %patchN.
==== kernel-firmware ====
Version update (20240201 -> 20240220)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network
- Update to version 20240220 (git commit 73b4429fae36):
* linux-firmware: update firmware for en8811h 2.5G ethernet phy
* linux-firmware: add firmware for MT7996
* xe: First GuC release for LNL and Xe
* i915: Add GuC v70.20.0 for ADL-P, DG1, DG2, MTL and TGL
* linux-firmware: Add CS35L41 firmware for Lenovo Legion 7i gen7 laptop (16IAX7)
* brcm: Add nvram for the Asus Memo Pad 7 ME176C tablet
* ice: update ice DDP package to 1.3.36.0
* Intel IPU3 ImgU: Move firmware file under intel/ipu
* Intel IPU6: Move firmware binaries under ipu/
* check_whence: Add a check for duplicate link entries
* WHENCE: Clean up section separators
* linux-firmware: Add CS35L41 firmware for additional ASUS Zenbook 2023 models
* panthor: Add initial firmware for Gen10 Arm Mali GPUs
* amdgpu: DMCUB Updates for DCN321: 7.0.38.0
* amdgpu: DMCUB updates for Yellow Carp: 4.0.68.0
* qcom: update venus firmware file for v5.4
* Montage: add firmware for Mont-TSSE
* amdgpu: update DMCUB to v0.0.203.0 for DCN314 and DCN32
* linux-firmware: Remove 2 HP laptops using CS35L41 Audio Firmware
* linux-firmware: Fix filenames for some CS35L41 firmwares for HP
- Use patch macro -P option for RPM 4.20
==== kernel-source ====
Version update (6.7.4 -> 6.7.5)
- Linux 6.7.5 (bsc#1012628).
- ext4: regenerate buddy after block freeing failed if under fc
replay (bsc#1012628).
- dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools
(bsc#1012628).
- dmaengine: ti: k3-udma: Report short packet errors
(bsc#1012628).
- dmaengine: fsl-qdma: Fix a memory leak related to the status
queue DMA (bsc#1012628).
- dmaengine: fsl-qdma: Fix a memory leak related to the queue
command DMA (bsc#1012628).
- phy: qcom-qmp-usb: fix register offsets for ipq8074/ipq6018
(bsc#1012628).
- phy: qcom-qmp-usb: fix serdes init sequence for IPQ6018
(bsc#1012628).
- phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
(bsc#1012628).
- perf tests: Add perf script test (bsc#1012628).
- perf test: Fix 'perf script' tests on s390 (bsc#1012628).
- perf evlist: Fix evlist__new_default() for > 1 core PMU
(bsc#1012628).
- dmaengine: fix is_slave_direction() return false when
DMA_DEV_TO_DEV (bsc#1012628).
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
(bsc#1012628).
- cifs: avoid redundant calls to disable multichannel
(bsc#1012628).
- cifs: failure to add channel on iface should bump up weight
(bsc#1012628).
- drm/msms/dp: fixed link clock divider bits be over written in
BPC unknown case (bsc#1012628).
- drm/msm/dp: return correct Colorimetry for
DP_TEST_DYNAMIC_RANGE_CEA case (bsc#1012628).
- drm/msm/dpu: check for valid hw_pp in
dpu_encoder_helper_phys_cleanup (bsc#1012628).
- wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig
(bsc#1012628).
- x86/efistub: Give up if memory attribute protocol returns an
error (bsc#1012628).
- x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR
(bsc#1012628).
- net: stmmac: xgmac: fix handling of DPP safety error for DMA
channels (bsc#1012628).
- wifi: cfg80211: consume both probe response and beacon IEs
(bsc#1012628).
- wifi: mac80211: fix RCU use in TDLS fast-xmit (bsc#1012628).
- wifi: mac80211: fix unsolicited broadcast probe config
(bsc#1012628).
- wifi: mac80211: fix waiting for beacons logic (bsc#1012628).
- wifi: iwlwifi: exit eSR only after the FW does (bsc#1012628).
- wifi: brcmfmac: Adjust n_channels usage for __counted_by
(bsc#1012628).
- netdevsim: avoid potential loop in nsim_dev_trap_report_work()
(bsc#1012628).
- net: atlantic: Fix DMA mapping for PTP hwts ring (bsc#1012628).
- selftests: net: cut more slack for gro fwd tests (bsc#1012628).
- selftests/net: convert unicast_extensions.sh to run it in
unique namespace (bsc#1012628).
- selftests/net: convert pmtu.sh to run it in unique namespace
(bsc#1012628).
- selftests/net: change shebang to bash to support "source"
(bsc#1012628).
- selftests: net: fix tcp listener handling in pmtu.sh
(bsc#1012628).
- selftests: net: avoid just another constant wait (bsc#1012628).
- tsnep: Fix mapping for zero copy XDP_TX action (bsc#1012628).
- tunnels: fix out of bounds access when building IPv6 PMTU error
(bsc#1012628).
- atm: idt77252: fix a memleak in open_card_ubr0 (bsc#1012628).
- octeontx2-pf: Fix a memleak otx2_sq_init (bsc#1012628).
- hwmon: (aspeed-pwm-tacho) mutex for tach reading (bsc#1012628).
- hwmon: (coretemp) Fix out-of-bounds memory access (bsc#1012628).
- hwmon: (coretemp) Fix bogus core_id to attr name mapping
(bsc#1012628).
- inet: read sk->sk_family once in inet_recv_error()
(bsc#1012628).
- drm/i915/gvt: Fix uninitialized variable in handle_mmio()
(bsc#1012628).
- x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat
section (bsc#1012628).
- rxrpc: Fix generation of serial numbers to skip zero
(bsc#1012628).
- rxrpc: Fix delayed ACKs to not set the reference serial number
(bsc#1012628).
- rxrpc: Fix response to PING RESPONSE ACKs to a dead call
(bsc#1012628).
- rxrpc: Fix counting of new acks and nacks (bsc#1012628).
- selftests: net: let big_tcp test cope with slow env
(bsc#1012628).
- tipc: Check the bearer type before calling
tipc_udp_nl_bearer_add() (bsc#1012628).
- af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC
(bsc#1012628).
- devlink: avoid potential loop in
devlink_rel_nested_in_notify_work() (bsc#1012628).
- ppp_async: limit MRU to 64K (bsc#1012628).
- selftests: cmsg_ipv6: repeat the exact packet (bsc#1012628).
- netfilter: nft_compat: narrow down revision to unsigned 8-bits
(bsc#1012628).
... changelog too long, skipping 163 lines ...
- commit 1dccf2a
==== keyutils ====
Subpackages: libkeyutils1
- Use %patch -P N instead of deprecated %patchN.
==== kmozillahelper ====
- Remove rpm_macro(cmake_kf5) BR, not supported on Leap and
extra-cmke-modules already takes care of that.
==== lastlog2 ====
Version update (1.2.0 -> 1.3.1)
Subpackages: liblastlog2-1
- Verson 1.3.1
- pam_lastlog2: improve ll2_read_entry error handling [bsc#1220000]
- Version 1.3.0
- fix sqlite3_step error handling
==== libadwaita ====
Version update (1.4.2 -> 1.4.3)
Subpackages: libadwaita-1-0 typelib-1_0-Adw-1
- Update to version 1.4.3:
+ AdwAboutWindow: Don't pre-select the first section on the Legal
page.
+ AdwHeaderBar: Fix visibility after changing :show-back-button.
+ AdwPreferencesWindow: Fix :visible-page and :visible-page-name
docs.
+ AdwViewSwitcherBar: Fix a warning when empty.
+ Updated translations.
==== libapparmor ====
- Use %patch -P N instead of deprecated %patchN.
- Add apparmor-abstractions-openssl-allow-version-specific-en.patch to
allow version specific engdef & engines openssl paths (boo#1219571)
==== libblockdev ====
Version update (3.0.4 -> 3.1.0)
Subpackages: libbd_btrfs3 libbd_crypto3 libbd_fs3 libbd_loop3 libbd_lvm3 libbd_mdraid3 libbd_nvme3 libbd_part3 libbd_swap3 libbd_utils3 libblockdev3
- Update to 3.1.0:
* Add BDPluginSpec constructor and use it in plugin_specs_from_names
* overrides: Remove unused 'sys' import
* swap: Add support for checking label and UUID format
* fs: Add a function to check label format for F2FS
* fs: Add a generic function to check for fs info availability
* fs: Fix allowed UUID for generic mkfs with VFAT
* fs: Add support for getting filesystem min size for NTFS and Ext
* Mark NVDIMM plugin as deprecated since 3.1
* part: Fix potential double free when getting parttype
* Fix missing progress initialization in bd_crypto_luks_add_key
* lvm-dbus: Fix leaking error
* lvm-dbus: Avoid using already-freed memory
* utils: Add expected printf string annotation
* fs: Report reason for open() and ioctl() failures
==== libdbusmenu-qt5 ====
- Switch to %autosetup
- Drop obsolete patch:
* full_include_dir.patch
==== libdecor ====
Subpackages: libdecor-0-0
- Remove the -devel package from baselibs.conf
==== libdnf ====
Version update (0.72.0 -> 0.73.0)
Subpackages: libdnf-repo-config-zypp libdnf2
- version update to 0.73.0
* Major changes:
* filelists metadata not loaded by default
* deltarpm disabled by default
* New features:
* conf: Introduce new optional_metadata_types option to load
filelists on demand
* goal: Method for detecting file dependency problems
==== libei ====
- Add baselibs.conf: GNOME 46's at-spi2-core newly linkes libei,
and the at-spi stack is made available bi-arch.
==== libgusb ====
- Explicitly require python311-packaging if python 3.11 is being
used. On SLE, python 3.6 is still the default, but 3.11 is used
by meson. Drop python3-base from BuildRequires: it is not
needed, since python will be pulled in by meson.
==== libjpeg-turbo ====
- Update to version 3.0.2
* Fixed a signed integer overflow in the tj3CompressFromYUV8(),
tj3DecodeYUV8(), tj3DecompressToYUV8(), and tj3EncodeYUV8()
functions, detected by the Clang and GCC undefined behavior
sanitizers, that could be triggered by setting the align
parameter to an unreasonably large value. This issue did not
pose a security threat, but removing the warning made it
easier to detect actual security issues, should they arise in
the future.
* Introduced a new parameter (TJPARAM_MAXMEMORY in the
TurboJPEG C API and TJ.PARAM_MAXMEMORY in the TurboJPEG Java
API) and a corresponding TJBench option (-maxmemory) for
specifying the maximum amount of memory (in megabytes) that
will be allocated for intermediate buffers, which are used
with progressive JPEG compression and decompression, optimized
baseline entropy coding, lossless JPEG compression, and
lossless transformation. The new parameter and option serve
the same purpose as the max_memory_to_use field in the
jpeg_memory_mgr struct in the libjpeg API, the JPEGMEM
environment variable, and the cjpeg/djpeg/jpegtran -maxmemory
option.
* Introduced a new parameter (TJPARAM_MAXPIXELS in the TurboJPEG
C API and TJ.PARAM_MAXPIXELS in the TurboJPEG Java API) and a
corresponding TJBench option (-maxpixels) for specifying the
maximum number of pixels that the decompression, lossless
transformation, and packed-pixel image loading
functions/methods will process.
* Fixed an error ("Unsupported color conversion request") that
occurred when attempting to decompress a 3-component lossless
JPEG image without an Adobe APP14 marker. The decompressor
now assumes that a 3-component lossless JPEG image without an
Adobe APP14 marker uses the RGB colorspace if its component
IDs are 1, 2, and 3.
==== libjxl-gtk ====
Version update (0.9.2 -> 0.10.0)
- Update to release 0.10
* decoder: added ``JxlDecoderGetBoxSizeContents`` for getting the
size of the content of a box without the headers.
* encoder: implemented new API functions for streaming encoding.
==== libnvme ====
Version update (1.7.1+0.g13ba383 -> 1.8+0.gbff7dda)
Subpackages: libnvme-mi1 libnvme1
- Update to version 1.8+0.gbff7dda:
* linux: Explicitly initialize auto-cleanup variables
* example: fix mi identify failed with error cntid
* tree: do not issue an error when subsys lookup fails during scanning
* types: Add controller properties CMBEBS, CMBSWTP and NSSD
* tests: Add sample NBFT table from Dell PowerEdge R660
* tests: Add sample NBFT table from Dell PowerEdge R760
* tests: Fix diffs output for duplicate HFI entries
* nbft: avoid duplicate entries in ssns->hfis
* nbft: Fix (struct nbft_info_subsystem_ns).num_hfis off-by-one
* test: read and dump sysfs tar file
* nvme: allow to overwrite hostnqn and hostid
* nvme: allow to overwrite base sysfs path
* json: dump the output to the user selected filedescriptor
* libnvme: export nvme_dump_tree
* fabrics: add 'concat' option
* mi: set correct rc and errno when crc mismatch
* tree: use logical block size for lba
* json-schema: add keyring and tls_key details (bsc#1219086)
* build: checkout full repo for checkpatch
* linux: avoid segfault in check-tls-key due to null hostnqn/subsysnqn (bsc#1219086)
* meson.build: fixup 'join' syntax
* util: Explicitly initialize auto-cleanup variables
* tree: Explicitly initialize auto-cleanup variables
* linux: Explicitly initialize auto-cleanup variables
* fabrics: Explicitly initialize auto-cleanup variables
* util: Added function to find specific UUID in UUID list.
* build: fix release python tag match
- Disable new unit test which is not running stable in OSB
* add 0001-build-disable-sysfs-test.patch
==== libpaper ====
Version update (2.1.2 -> 2.1.3)
Subpackages: libpaper-tools libpaper2
- Update 2.1.3:
* This release fixes a small problem with the paperspecs(5) man page,
and ensures that the name of the âpaperâ program is always set,
even in a non-relocatable build.
==== libphonenumber ====
Version update (8.13.23 -> 8.13.30)
- Update to version 8.13.30:
* Update alternate formatting data, phone metadata, geocoding
data, carrier data
* Updated / refreshed time zone meta data.
* New geocoding data
- Add patch submitted to upstream at gh#google/libphonenumber#3394
to fix building with protobuf 3.25.1:
* 0001-Add-support-to-protobuf-3.25.1.patch
- Add patch submitted in gh#sergiomb2/libphonenumber#1 by
Fabian Vogt:
* 0002-Avoid-intermediate-proto-object-library.patch
==== libpng16 ====
Version update (1.6.40 -> 1.6.42)
- Update to version 1.6.42:
* Fixed the implementation of the macro function "png_check_sig".
This was an API regression, introduced in libpng-1.6.41.
(Reported by Matthieu Darbois)
==== libqt5-qtbase ====
Version update (5.15.12+kde147 -> 5.15.12+kde151)
Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3
- Update to version 5.15.12+kde151:
* Improve KTX file reading memory safety (CVE-2024-25580, boo#1219996)
* Revert "xcb: only set base size when it's valid"
* Fix potential leak of QPropertyAnimation in QLineEditIconButton
* QBitArray: correct inline keyword
==== libqt5-qtwebengine ====
- Switch to '%patch -P'
- Build with python 3.11 on Leap
==== libstorage-ng ====
Version update (4.5.176 -> 4.5.191)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- Translated using Weblate (Finnish) (bsc#1149754)
- 4.5.191
- Translated using Weblate (Indonesian) (bsc#1149754)
- 4.5.190
- merge gh#openSUSE/libstorage-ng#986
- log textdomain codeset
- 4.5.189
- merge gh#openSUSE/libstorage-ng#985
- log locale
- 4.5.188
- merge gh#openSUSE/libstorage-ng#984
- log some languange environmant variables
- log some language environment variables
- 4.5.187
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.186
- Translated using Weblate (Swedish) (bsc#1149754)
- 4.5.185
- Translated using Weblate (Czech) (bsc#1149754)
- 4.5.184
- Translated using Weblate (Slovak) (bsc#1149754)
- 4.5.183
- merge gh#openSUSE/libstorage-ng#983
- fixed typo
- 4.5.182
- Translated using Weblate (Dutch) (bsc#1149754)
- 4.5.181
- Translated using Weblate (Japanese) (bsc#1149754)
- Translated using Weblate (Catalan) (bsc#1149754)
- merge gh#openSUSE/libstorage-ng#982
- updated pot and po files
- 4.5.180
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.179
- merge gh#openSUSE/libstorage-ng#981
- fix reusing volume group name (bsc#1219266)
- 4.5.178
- merge gh#openSUSE/libstorage-ng#980
- added experimental support for bcachefs
- 4.5.177
==== libunwind ====
Version update (1.7.2 -> 1.8.0)
- Disable LTO on aarch64 until upstream fix the issue:
https://github.com/libunwind/libunwind/issues/693
- Update to 1.8.0:
* Improve unwinding through a bad function pointer on x86_64
* Fix UMRs indicated by valgrind (x86_64)
* fix byte_order_is_valid function logic
* Use size_t to match R.H.S
* Move get_proc_info_in_range under dwarf/
* Bump actions/checkout@v2 to @V3
* dwarf_find_unwind_table: Find load_base correctly when current
segment does not start at segbase
* Add introspection for march=armv8-a+sve
* Linux: Make get_elf_image guaranteed AS-safe
* Provide syscall wrappers for mmap and munmap
* Allow to use a custom dl_iterate_phdr implementation
* aarch64: unw_step() validates address before calling dwarf_get
* Provide AS-safe allocator to LZMA
* Rework register load in aarch64_local_resume()
* Fix arm postdecrement
* Added support for unwinding through PPC64 PLT entries
* Fix array indexing bug in dwarf_search_unwind_table
* Fix unaligned memory accesses in */Ginit.c
* Get filename and offset from ip
* Fix maps leak if caller's pathlen is too small
* Adjust DYNAMIC addrs in loaded image
* Fix crash in elf_w(valid_object)
* Fix segfault on QNX
==== man ====
- We don't need anymore systemd-tmpfiles (boo#1219370#c13)
- Move creation of /var/cache/man into %pre scriplet (boo#1219370)
==== mozilla-nss ====
Version update (3.96.1 -> 3.97)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs
- update to NSS 3.97
* bmo#1875506 - make Xyber768d00 opt-in by policy
* bmo#1871631 - add libssl support for xyber768d00
* bmo#1871630 - add PK11_ConcatSymKeys
* bmo#1775046 - add Kyber and a PKCS#11 KEM interface to softoken
* bmo#1871152 - add a FreeBL API for Kyber
* bmo#1826451 - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
* bmo#1826451 - part 1: add a script for vendoring kyber from pq-crystals repo
* bmo#1835828 - Removing the calls to RSA Blind from loader.*
* bmo#1874111 - fix worker type for level3 mac tasks
* bmo#1835828 - RSA Blind implementation
* bmo#1869642 - Remove DSA selftests
* bmo#1873296 - read KWP testvectors from JSON
* bmo#1822450 - Backed out changeset dcb174139e4f
* bmo#1822450 - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
* bmo#1871219 - Wrap CC shell commands in gyp expansions
==== mpg123 ====
Version update (1.32.4 -> 1.32.5)
Subpackages: libmpg123-0 mpg123-openal
- Update to version 1.32.5
build:
* CMake port uses CFLAGS for pulse/jack/tinyalsa properly now (bug 366).
* CMake port links libsyn123 with libm now (bug 370).
libmpg123:
* Fix --enable-portable (no usage of LFS_WRAP_NONE, bug 368).
* Fix dct36 wrapper usage for x86-64 and NEON. Stupid (bug 367) and
also avoid returning void.
* Make ARM builds work with nagging (missing feature macros for std=c99).
==== multipath-tools ====
Version update (0.9.7+93+suse.e2f2272 -> 0.9.8~1+82+suse.dcd98a3)
Subpackages: kpartx libmpath0
- Update to version 0.9.8~1+82+suse.dcd98a3:
* Adapt package version such that it shows as a 0.9.8 prerelease
* Add missing udev rules file
- Update to version 0.9.7+148+suse.9780ae0:
* 11-dm-mpath.rules: Fix quoting mistake (bsc#1219142)
- Update to version 0.9.7+148+suse.7d9953e.obscpio
* This is a multipath-tools 0.9.8 pre-release
* fix fast_io_fail for Infinibox (bsc#1219348)
* Fix activation of LVM volume groups during coldplug (bsc#1219142)
- Update to version 0.9.7+140+suse.2d78457:
* This is a multipath-tools 0.9.8 pre-release
* Socket activation via multipathd.socket has been disabled by default
because it has undesirable side effects on systems without multipath.
Users with multipath hardware should enable multipathd.service
* The restorequeueing CLI command now only enables queueing if
disablequeueing had been sent before
* Avoid multipathd hang during map flush
* multipathd now tracks the queueing mode of maps in its internal features string
* Improve error messages in 'multipathd -k'
* Fix segfault in autoresize code (bsc#1219289)
* Fix missing map reloads (bsc#1219796)
* Documentation fixes, spelling fixes, minor code fixes
==== musepack ====
- Use %patch -P N instead of deprecated %patchN.
==== ncurses ====
Version update (6.4.20240120 -> 6.4.20240210)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen
- Add ncurses patch 20240210
+ compiler-warning fixes, while investigating an optimizer bug in
"gcc (MacPorts gcc13 13.2.0_4+stdlib_flag) 13.2.0"
which results in only the first byte of a multibyte character being
printed to the screen.
- Change order of use=vt100+4bsd and use=rxvt+pcfkeys in rxvt-basic
to get correct arrow keys back (boo#1219626)
- Add ncurses patch 20240203
+ minor changes to tracing and locale-checks.
- Add ncurses patch 20240127
+ amend change to z39-a (report by Sven Joachim).
+ use xterm+nopcfkeys, vt52-basic, dec+pp, dec+sl, vt52+arrows,
hp+pfk+cr, klone+acs, klone+color, klone+sgr, ncr160wy50+pp
to trim -TD
+ NetBSD-related fixes for x68k and wsvt52 (patch by Thomas Klausner)
==== neon ====
- Use %patch -P N instead of deprecated %patchN.
==== netavark ====
Version update (1.10.2 -> 1.10.3)
- Update to version 1.10.3:
* v1.10.3
* fix netavark update to not start a new aardvark-dns
==== nvme-cli ====
Version update (2.7.1 -> 2.8)
Subpackages: nvme-cli-bash-completion
- Update to version 2.8:
* nvme-print-json: append array object in json_support_log
* sed: Add plugin for basic SED Opal operations (jsc#PED-5061)
* don't include newlines in already wrapped text
* nvme: do not include meta data for PRACT=1 and MD=8 (version 2)
* create-ns: align the namespaces to 1Mib boundaries when using SI suffixes
* doc: Fix config-schema.json's URL
* plugins/solidigm: Compressing vs-internal-log log files into zip file.
* nbft: do not issue an error if ACPI tables are missing
* nbft: fixup include for libnvme
* doc: Fix short option name for cfg-file
* completions: added Solidigm plugin to autocomplete scripts
* nvme: Remove unused cfg argument from NVME_ARGS() macro
* nvme: fix directive receive identify offsets
* nvme-fabrics: enable option 'concat'
* build: Update libnvme wrap
* plugins/wdc: Add Debug Log Collection Support
* nbft: fix tcp/dhcp address fallback retry (bsc#1218873)
* nvme: use correct telemetry log size
* nvme-print: fix typo in list verbose output (bsc#1219086)
* nvme: print inserted tls key for check-tls-key (bsc#1219086)
* plugins/wdc: Plugin fixes and updates
* fabrics: move hostid/hostnqn warnings to verbose level (bsc#1219086)
==== openvpn ====
Version update (2.6.8 -> 2.6.9)
Subpackages: openvpn-auth-pam-plugin
- update to 2.6.9:
* Remove unused function prototype crypto_adjust_frame_parameters
* Log SSL alerts more prominently
* Document tls-exit option mainly as test option
* Remove TEST_GET_DEFAULT_GATEWAY as it duplicates --show-gateway
* Fix check_session_buf_not_used using wrong index
* Add missing check for nl_socket_alloc failure
* Add check for nice in cmake config
* Remove compat versionhelpers.h and remove cmake/configure check for it
* Extend the error message when TLS 1.0 PRF fails
* Fix unaligned access in macOS, FreeBSD, Solaris hwaddr
* Check PRF availability on initialisation and add --force-tls-key-material-export
* Make it more explicit and visible when pkg-config is not found
* Clarify that the tls-crypt-v2-verify has a very limited env set
* Implement the --tls-export-cert feature
* Remove conditional text for Apache2 linking exception
* Remove --tls-export-cert
* Remove superfluous x509_write_pem()
* sample-keys: renew for the next 10 years
* GHA: clean up libressl builds with newer libressl
* configure.ac: Remove unused AC_TYPE_SIGNAL macro
* documentation: remove reference to removed option --show-proxy-settings
* unit_tests: remove includes for mock_msg.h
* documentation: improve documentation of --x509-track
* NTLM: add length check to add_security_buffer
* NTLM: increase size of phase 2 response we can handle
* proxy-options.rst: Add proper documentation for --http-proxy-user-pass
* buf_string_match_head_str: Fix Coverity issue 'Unsigned compared against 0'
* --http-proxy-user-pass: allow to specify in either order with --http-proxy
* README.cmake.md: Document minimum required CMake version for --preset
* documentation: Update and fix documentation for --push-peer-info
* documentation: Fixes for previous fixes to --push-peer-info
* OpenBSD: repair --show-gateway
* get_default_gateway() HWADDR overhaul
* fix uncrustify complaints about previous patch
* preparing release 2.6.9
* dco-freebsd: dynamically re-allocate buffer if it's too small
* tun.c: don't attempt to delete DNS and WINS servers if they're not set
* vcpkg-ports/pkcs11-helper: bump to version 1.30
* Add support for mbedtls 3.X.Y
* Update README.mbedtls
* Disable TLS 1.3 support with mbed TLS
* Enable key export with mbed TLS 3.x.y
* protocol_dump: tls-crypt support
* Fix IPv6 route add/delete message log level
* fix(ssl): init peer_id when init tls_multi
==== orc ====
Version update (0.4.34 -> 0.4.37)
- version update to 0.4.37
0.4.37
======
- enable neon instructions on Apple ARM64 (Aleix Conchillo Flaqué)
- orcc: Fix regression, was hard-coded to use "sse" as default target (Sebastian Dröge)
- MMX backend fixes (L. E. Segovia, Jorge Zapata)
- testsuite: Build fixes for Clang (L. E. Segovia)
- testsuite, tools: Fix warning caused by inserting unneeded source operands (L. E. Segovia)
- orccompiler: call sys_icache_invalidate() to invalidate macos inst cache (Aleix Conchillo Flaqué)
- macOS/iOS version/target check build fixes (Aleix Conchillo Flaqué)
0.4.36
======
- Only use AVX / AVX2 instructions on CPUs that support both AVX and AVX2
(fixes crash on machines that only support AVX) (L. E. Segovia)
0.4.35
======
- Add support for AVX / AVX2 (L. E. Segovia)
- SSE backend improvements (L. E. Segovia)
- New `orf` and `andf` opcodes for bitwise AND and OR for single precision floats (Jorge Zapata)
- Add support for `convwf`, int16 to float conversion (Jorge Zapata)
- Allow backend selection through ORC_TARGET environment variable (L. E. Segovia)
- Documentation improvements (Jorge Zapata, L. E. Segovia, Tim-Philipp Müller)
- orconce: Use Win32 once implementation with MSVC (Seungha Yang, L. E. Segovia)
- orcc: add --binary option to output raw machine code for functions (L. E. Segovia)
- orcprofile: Implement Windows high-resolution timestamp for MSVC
to allow benchmarking on MSVC builds (L. E. Segovia)
==== osinfo-db ====
- Add support for SLE Micro 6.0 (jsc#PED-6305)
add-slem6.0-support.patch
- Add support for openSUSE Leap 15.6 (jsc#PED-6305)
add-opensuse-leap-15.6-support.patch
==== pam-config ====
Version update (2.10 -> 2.11)
- Update to version 2.11
- pam_gnome_keyring: use options in AUTH [bsc#1219767]
==== parted ====
Subpackages: libparted-fs-resize0 libparted2
- avoid deprecated rpm syntax
==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap
- Add "Requires: gvfs and gvfs-backends" for KDE (boo#1216667)
==== pcr-oracle ====
- Add fix_loader_conf.patch to measure the systemd-boot loader.conf file
==== pcre2 ====
Version update (10.42 -> 10.43)
Subpackages: libpcre2-16-0 libpcre2-32-0 libpcre2-8-0
- pcre2 10.43:
* The JIT code no longer supports ARMv5 architecture.
* A new function pcre2_get_match_data_heapframes_size() for finer
heap control.
* New option flags to restrict the interaction between ASCII and
non-ASCII characters for caseless matching and \d and friends.
There are also new pattern constructs to control these flags
from within a pattern.
* Upgrade to Unicode 15.0.0.
* Treat a NULL pattern with zero length as an empty string.
* Added support for limited-length variable-length lookbehind
assertions, with a default maximum length of 255 characters
(same as Perl) but with a function to adjust the limit.
* Perl changed the meaning of (for example) {,3} which did not
used to be recognized as a quantifier. Now it means {0,3} and
PCRE2 has also changed. Note that {,} is still not a
quantifier.
* Following Perl, allow spaces and tabs after { and before } in
all Perl- compatible items that use braces, and also around
commas in quantifiers. The one exception in PCRE2 is \u{...},
which is from ECMAScript, not Perl, and PCRE2 follows
ECMAScript usage.
* Changed the meaning of \w and its synonyms and derivatives (\b
and \B) in UCP mode to follow Perl. It now matches characters
whose general categories are L or N or whose particular
categories are Mn (non-spacing mark) or Pc (combining
punctuation).
* Changed the default meaning of [:xdigit:] in UCP mode to
follow Perl. It now matches the "fullwidth" versions of hex
digits. PCRE2_EXTRA_ASCII_DIGIT can be used to keep it ASCII
only.
* Make PCRE2_UCP the default in UTF mode in pcre2grep and add
- no_ucp, --case-restrict and --posix-digit.
* Add --group-separator and --no-group-separator to pcre2grep.
==== perl-Bootloader ====
Version update (1.11 -> 1.12)
- merge gh#openSUSE/perl-bootloader#163
- validate test output for each shell individually
- update and extend tests
- reworked default-settings command
- add test case for default-settings
- rework get-option command
- add test case for get-option
- rework del-option command
- add test case for del-option
- rework add-option command
- add test case for add-option
- rework grub2-efi install
- adjust some tests
- systemd-boot test adjusted
- rework remove-kernel option and add tests
- rework add-kernel option and add tests
- adjust kexec-bootloader and add tests
- remove support for dash
- remove ancient perl library code from master branch
- updated git2log script
- adjust spec file
- rewrite grub2 install to be more compatible (bsc#1214361)
- 1.12
==== pipewire ====
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Force using doxygen-1_10 in SLE where the default doxygen is too
old and generates broken docs (boo#1217886)
- Add a conflict in -pulseaudio with
pipewire-modules-%{apiver} < 1.0.0 since the
libpipewire-module-protocol-pulse.so module was included in
- modules before 1.0.0 so we should avoid a file conflict.
==== pkcs11-helper ====
Version update (1.29.0 -> 1.30.0)
- update to 1.30.0:
* core: add dynamic loader provider attribute
* openssl: support DSA in libressl-3.5.0
* openssl: fix openssl_ex_data_dup prototype
- get rid of almost empty pkcs11-helper package
==== pkgconf ====
Version update (1.8.0 -> 2.1.1)
Subpackages: pkgconf-m4 pkgconf-pkg-config
- update to 2.1.1:
* Fix --modversion with constraints
* Reintroduce an optimization to the dependency graph walker
which avoids revisiting already visited nodes
* Add a regression test to check that the dependency flattener is
working as expected
- update to 2.1.0:
* new solver for higher performance with complicated graphs
* Add --license selector to the pkgconf CLI
* Add flag --verbose and --solution to CLI
* Changes and fixes to --modversion
* bug fixes and developer visible changes
- drop pkgconf-CVE-2023-24056.patch, now included
==== podman ====
Version update (4.9.2 -> 4.9.3)
- Update to version 4.9.3:
* Bump to v4.9.3
* Release notes for v4.9.3
* [v4.9] [skip-ci] packit: update fedora downstream branches
* @@option volume.image: be specific that -v only affects RUN
* Accept a config blob alongside the "changes" slice when committing
* container create: use ParseUserNamespace to parse a user namespace setting
* Bump to v4.9.3-dev
==== poppler ====
Version update (23.12.0 -> 24.02.0)
Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools
- version update to 24.02.0
Release 24.02.0:
core:
* Fix reading some JBIG2 streams. Issue #1319
* Fix saving some annotation interior color when it's empty
* Make searching for fonts when adding annotations a bit faster
* Make sure images are compressed when adding them
* Small internal code cleanup
utils:
* pdfimages: return exit code 2 when error opening output files
Release 24.01.0:
core:
* Don't crash on certain documents on the NSS signature backend
* Fix infinite loop in some annotation code if there's not space for even one character
* Fix build on Android with generic font configuration
* Small internal code cleanup
==== poppler-qt5 ====
Version update (23.12.0 -> 24.02.0)
- version update to 24.02.0
Release 24.02.0:
core:
* Fix reading some JBIG2 streams. Issue #1319
* Fix saving some annotation interior color when it's empty
* Make searching for fonts when adding annotations a bit faster
* Make sure images are compressed when adding them
* Small internal code cleanup
utils:
* pdfimages: return exit code 2 when error opening output files
Release 24.01.0:
core:
* Don't crash on certain documents on the NSS signature backend
* Fix infinite loop in some annotation code if there's not space for even one character
* Fix build on Android with generic font configuration
* Small internal code cleanup
==== prctl ====
- Use %patch -P N instead of deprecated %patchN.
- Move license to %license section
==== publicsuffix ====
Version update (20240123 -> 20240212)
- Update to version 20240212:
* Add cprapid.com suffix to private section (#1892)
* util: gTLD data autopull updates for 2024-02-08T15:13:14 UTC (#1932)
* Added Cyclic Software (#1737)
* Update public_suffix_list.dat for scw.cloud subdomains (#1740)
* Update public_suffix_list.dat (#1926)
* Add ZAP-Hosting cloud domain (#1907)
* Add `flutterflow.app` (#1666)
* Update public_suffix_list.dat (#1614)
* Brave Submissions to the Public Suffix List - Q4 2023 (#1872)
* Add pley.games (#1881)
* Add panel.dev (#1916)
* add 12CHARS to private domains (#1915)
* Azure updates for Microsoft Corporate Domains (#1891)
* Remove blog.kg from private section (#1840)
* AWS Submissions to the Public Suffix List - Q4 2023 (#1876)
* Homebase requested the addition of id.pub kin.one kin.pub (#1768)
* Replace run.app and a.run.app with *.run.app (#1928)
* Add pages.gay (#1920)
* Update Platform.sh domains (#1792)
* fix(adobe): add aem.live and aem.page domains (#1874)
* Update code builder domains with the canary (#1802)
* Add atmeta.com to PSL and consolidate Meta entries (#1736)
* util: gTLD data autopull updates for 2024-01-24T15:14:29 UTC (#1923)
==== pulseaudio ====
Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-setup pulseaudio-utils system-user-pulse
- Add cherry-picks to fix UCM crashes
* pulseaudio-replace-port-device-UCM-context-assertion-with-an-error.patch
* pulseaudio-check-UCM-verb-before-working-with-device-status.patch
==== python-cryptography ====
Version update (41.0.7 -> 42.0.4)
- update to 42.0.4 (bsc#1220210, CVE-2024-26130):
* Fixed a null-pointer-dereference and segfault that could occur
when creating a PKCS#12 bundle. Credit to Alexander-Programming
for reporting the issue. CVE-2024-26130
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields
SMIMECapabilities and SignatureAlgorithmIdentifier should now be
correctly encoded according to the definitions in :rfc:2633
:rfc:3370.
- update to 42.0.3:
* Fixed an initialization issue that caused key loading failures for some
users.
- Drop patch skip_openssl_memleak_test.patch not needed anymore.
- update to 42.0.2:
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer
protocol objects in sign and verify methods on asymmetric
keys.
* Fixed an issue with incorrect keyword-argument naming with
EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive
s.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
X25519PrivateKey :meth:`~cryptography.hazmat.primitives.asymm
etric.x25519.X25519PrivateKey.exchange`, X448PrivateKey :meth
:`~cryptography.hazmat.primitives.asymmetric.x448.X448Private
Key.exchange`, and DHPrivateKey :meth:`~cryptography.hazmat.p
rimitives.asymmetric.dh.DHPrivateKey.exchange`.
- update to 42.0.1:
* Fixed an issue with incorrect keyword-argument naming with
EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive
s.asymmetric.ec.EllipticCurvePrivateKey.sign`.
* Resolved compatibility issue with loading certain RSA public
keys in :func:`~cryptography.hazmat.primitives.serialization.
load_pem_public_key`.
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.7.
* BACKWARDS INCOMPATIBLE: Loading a PKCS7 with no content field
using :func:`~cryptography.hazmat.primitives.serialization.pk
cs7.load_pem_pkcs7_certificates` or :func:`~cryptography.hazm
at.primitives.serialization.pkcs7.load_der_pkcs7_certificates
` will now raise a ValueError rather than return an empty
list.
* Parsing SSH certificates no longer permits malformed critical
options with values, as documented in the 41.0.2 release
notes.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.2.0.
* Updated the minimum supported Rust version (MSRV) to 1.63.0,
from 1.56.0.
* We now publish both py37 and py39 abi3 wheels. This should
resolve some errors relating to initializing a module
multiple times per process.
* Support :class:`~cryptography.hazmat.primitives.asymmetric.pa
dding.PSS` for X.509 certificate signing requests and
certificate revocation lists with the keyword-only argument
rsa_padding on the sign methods for
:class:`~cryptography.x509.CertificateSigningRequestBuilder`
and
:class:`~cryptography.x509.CertificateRevocationListBuilder`.
* Added support for obtaining X.509 certificate signing request
signature algorithm parameters (including PSS) via :meth:`~cr
yptography.x509.CertificateSigningRequest.signature_algorithm
_parameters`.
* Added support for obtaining X.509 certificate revocation list
signature algorithm parameters (including PSS) via :meth:`~cr
yptography.x509.CertificateRevocationList.signature_algorithm
_parameters`.
* Added mgf property to :class:`~cryptography.hazmat.primitives
.asymmetric.padding.PSS`.
* Added algorithm and mgf properties to :class:`~cryptography.h
azmat.primitives.asymmetric.padding.OAEP`.
* Added the following properties that return timezone-aware
datetime objects:
:meth:`~cryptography.x509.Certificate.not_valid_before_utc`,
:meth:`~cryptography.x509.Certificate.not_valid_after_utc`, :
meth:`~cryptography.x509.RevokedCertificate.revocation_date_u
tc`, :meth:`~cryptography.x509.CertificateRevocationList.next
_update_utc`, :meth:`~cryptography.x509.CertificateRevocation
List.last_update_utc`. These are timezone-aware variants of
existing properties that return naïve datetime objects.
* Deprecated the following properties that return naïve
datetime objects:
:meth:`~cryptography.x509.Certificate.not_valid_before`,
:meth:`~cryptography.x509.Certificate.not_valid_after`, :meth
:`~cryptography.x509.RevokedCertificate.revocation_date`, :me
th:`~cryptography.x509.CertificateRevocationList.next_update`
, :meth:`~cryptography.x509.CertificateRevocationList.last_up
date` in favor of the new timezone-aware variants mentioned
above.
* Added support for :class:`~cryptography.hazmat.primitives.cip
hers.algorithms.ChaCha20` on LibreSSL.
* Added support for RSA PSS signatures in PKCS7 with :meth:`~cr
yptography.hazmat.primitives.serialization.pkcs7.PKCS7Signatu
reBuilder.add_signer`.
* In the next release (43.0.0) of cryptography, loading an
X.509 certificate with a negative serial number will raise an
exception. This has been deprecated since 36.0.0.
* Added support for :class:`~cryptography.hazmat.primitives.cip
hers.aead.AESGCMSIV` when using OpenSSL 3.2.0+.
* Added the :mod:`X.509 path validation
<cryptography.x509.verification>` APIs for
... changelog too long, skipping 9 lines ...
- switch to new cargo-vendor
==== python-linux-procfs ====
- align license tag with COPYING
==== python311 ====
Subpackages: python311-curses python311-dbm
- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
with Expat 2.6.0, gh#python/cpython#115289
==== python311-core ====
Subpackages: libpython3_11-1_0 python311-base
- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
with Expat 2.6.0, gh#python/cpython#115289
==== qalculate ====
Version update (4.8.1 -> 4.9.0)
Subpackages: libqalculate22 qalculate-data
- update to v4.9.0:
* Support for specifying a fixed denominator for display of
fractions (e.g. "0.3 ft â 1/8 â (3 + 5/8) in")
* Return gcd of numerators divided by lcm of denominators in
gcd() with non-integer rational numbers, and vice versa for
lcm()
* Add units for mean Gregorian and tropical years
* Ignore underscore in number
* Replace defunct exchange rates source and fix bitcoin
exchange rate
* Fix asin(x)=a, acos(x)=a, and atan(x)=a, when a contains an
angle unit and default angle unit is set
* Fix output of value converted to unit expression with
numerical multiplier in denominator, e.g. "â L/(100 km)"
* Fix segfault when trying to solve
"(xsqrt(x)-ysqrt(y))/(sqrt(x)-sqrt(y))=x+sqrt(x*y)+y"
* Fix parsing of case insensitive object name ending with
Unicode character when followed by another Unicode character
in expression, e.g. "микÑомеÑÑ"
* Add history command, listing expression history
* Display all exponents 0-9 using Unicode superscript
characters if these are the only exponents in the expression
==== qemu ====
Version update (8.2.0 -> 8.2.1)
- Just "prettify" the spec files a little:
* [openSUSE][RPM] Cosmetic fixes to spec files (copyright, sorting, etc)
- Patchqueue shrinking and bugfixing (actually, more of a temporary
workaround, until a proper solution is found upstream):
* [openSUSE] roms/seabios: revert some upstream commits that
break a lot of use-cases
* [openSUSE] roms/seabios: Drop an old (and no longer necessary)
downstream patch (bsc#1219977)
Update to latest stable version (8.2.1)
- Downstream changes:
* [openSUSE][RPM]: Install the VGA module "more often" (bsc#1219164)
* [openSUSE][RPM] Fix handling of qemu-kvm legacy package for RISCV
* [openSUSE][RPM] factor common definitions between qemu and qemu-linux-user spec files
- Upstream backports:
* target/arm: Fix incorrect aa64_tidcp1 feature check
* target/arm: Fix A64 scalar SQSHRN and SQRSHRN
* target/xtensa: fix OOB TLB entry access
* qtest: bump aspeed_smc-test timeout to 6 minutes
* monitor: only run coroutine commands in qemu_aio_context
* iotests: port 141 to Python for reliable QMP testing
* iotests: add filter_qmp_generated_node_ids()
* block/blklogwrites: Fix a bug when logging "write zeroes" operations.
* virtio-net: correctly copy vnet header when flushing TX (bsc#1218484, CVE-2023-6693)
* tcg/arm: Fix SIGILL in tcg_out_qemu_st_direct
* linux-user/riscv: Adjust vdso signal frame cfa offsets
* linux-user: Fixed cpu restore with pc 0 on SIGBUS
* block/io: clear BDRV_BLOCK_RECURSE flag after recursing in bdrv_co_block_status
* coroutine-ucontext: Save fake stack for pooled coroutine
* tcg/s390x: Fix encoding of VRIc, VRSa, VRSc insns
* accel/tcg: Revert mapping of PCREL translation block to multiple virtual addresses
* acpi/tests/avocado/bits: wait for 200 seconds for SHUTDOWN event from bits VM
* s390x/pci: drive ISM reset from subsystem reset
* s390x/pci: refresh fh before disabling aif
* s390x/pci: avoid double enable/disable of aif
* hw/scsi/esp-pci: set DMA_STAT_BCMBLT when BLAST command issued
* hw/scsi/esp-pci: synchronise setting of DMA_STAT_DONE with ESP completion interrupt
* hw/scsi/esp-pci: generate PCI interrupt from separate ESP and PCI sources
* hw/scsi/esp-pci: use correct address register for PCI DMA transfers
* migration/rdma: define htonll/ntohll only if not predefined
* hw/pflash: implement update buffer for block writes
* hw/pflash: use ldn_{be,le}_p and stn_{be,le}_p
* hw/pflash: refactor pflash_data_write()
* backends/cryptodev: Do not ignore throttle/backends Errors
* target/i386: pcrel: store low bits of physical address in data[0]
* target/i386: fix incorrect EIP in PC-relative translation blocks
* target/i386: Do not re-compute new pc with CF_PCREL
* load_elf: fix iterator's type for elf file processing
* target/hppa: Update SeaBIOS-hppa to version 15
* target/hppa: Fix IOR and ISR on error in probe
* target/hppa: Fix IOR and ISR on unaligned access trap
* target/hppa: Export function hppa_set_ior_and_isr()
* target/hppa: Avoid accessing %gr0 when raising exception
* hw/hppa: Move software power button address back into PDC
* target/hppa: Fix PDC address translation on PA2.0 with PSW.W=0
* hw/pci-host/astro: Add missing astro & elroy registers for NetBSD
* hw/hppa/machine: Disable default devices with --nodefaults option
* hw/hppa/machine: Allow up to 3840 MB total memory
* readthodocs: fully specify a build environment
* .gitlab-ci.d/buildtest.yml: Work around htags bug when environment is large
* target/s390x: Fix LAE setting a wrong access register
* tests/qtest/virtio-ccw: Fix device presence checking
* tests/acpi: disallow tests/data/acpi/virt/SSDT.memhp changes
* tests/acpi: update expected data files
* edk2: update binaries to git snapshot
* edk2: update build config, set PcdUninstallMemAttrProtocol = TRUE.
* edk2: update to git snapshot
* tests/acpi: allow tests/data/acpi/virt/SSDT.memhp changes
* util: fix build with musl libc on ppc64le
* tcg/ppc: Use new registers for LQ destination
* hw/intc/arm_gicv3_cpuif: handle LPIs in in the list registers
* hw/vfio: fix iteration over global VFIODevice list
* vfio/container: Replace basename with g_path_get_basename
* edu: fix DMA range upper bound check
* hw/net: cadence_gem: Fix MDIO_OP_xxx values
* audio/audio.c: remove trailing newline in error_setg
* chardev/char.c: fix "abstract device type" error message
* target/riscv: Fix mcycle/minstret increment behavior
* hw/net/can/sja1000: fix bug for single acceptance filter and standard frame
* target/i386: the sgx_epc_get_section stub is reachable
* configure: use a native non-cross compiler for linux-user
* include/ui/rect.h: fix qemu_rect_init() mis-assignment
* target/riscv/kvm: do not use non-portable strerrorname_np()
* iotests: Basic tests for internal snapshots
* vl: Improve error message for conflicting -incoming and -loadvm
* block: Fix crash when loading snapshot on inactive node
- Fixes:
* bsc#1218484 (CVE-2023-6693)
- Try to solve the qemu-kvm dependency issues on all arches
(see, e.g., bsc#1218684)
* [openSUSE][RPM] Create the legacy qemu-kvm symlink for all arches
- Update the service file to use OBS-scm (by fvogt)
- Various fixes:
* [openSUSE][RPM] Fix enabling features on non-x86_64 (bsc#1220011, bsc#1219818)
* [openSUSE][RPM] Disable test-crypto-secret in linux-user build
* [openSUSE] Update ipxe submodule reference (bsc#1219733, bsc#1219722)
* [openSUSE][RPM] spec: allow building without spice
==== rpm ====
- Add patches to enable reproducible builds by default (bsc#1148824). For
upstream versions see:
https://github.com/rpm-software-management/rpm/pull/2880
0001-Add-option-to-set-mtime-of-files-in-rpms.patch
0002-log-build-time-if-it-is-set-from-SOURCE_DATE_EPOCH.patch
0003-Error-out-on-a-missing-changelog-date.patch
==== rpm-config-SUSE ====
Version update (20240118 -> 20240214)
- Update to version 20240214:
* set_permissions: handle chkstat failure more grateful (bsc#1219736)
==== samba ====
Version update (4.19.4+git.339.acf1ccaa020 -> 4.19.5+git.342.57620c4f7e)
Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-libs samba-libs samba-libs-python3 samba-python3
- Update to 4.19.5
* Windows 2016 fails to restore previous version of a file from
a shadow_copy2 snapshot; (bso#13688).
* Symlinks on AIX are broken in 4.19 (and a few version before
that); (bso#15549).
* Fake directory create times has no effect; (bso#12421).
* ctime mixed up with mtime by smbd; (bso#15550).
* samba-gpupdate --rsop fails if machine is not in a site;
(bso#15548).
* gpupdate: The root cert import when NDES is not available is
broken; (bso#15557).
* samba-gpupdate should print a useful message if cepces-submit
can't be found; (bso#15552).
* samba-gpupdate logging doesn't work; (bso#15558).
* smbpasswd reset permissions only if not 0600; (bso#15555).
==== sdbootutil ====
Version update (1+git20240122.c0d8f76 -> 1+git20240215.cb7e392)
Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper
- Update to version 1+git20240215.cb7e392:
* Add --no-random-seed argument
- Update to version 1+git20240214.ba81e0e:
* Fix pcr-oracle use
* Add device when generating initrd for snapshots
* Use systemd-pcrlock
* Pre-built initrd support
* Add subvolumes_prefix support
==== sg3_utils ====
Version update (1.48+7.63e63cb -> 1.48+8.37ca384)
Subpackages: libsgutils2-1_48-2
- Fix missing SCSI_MODEL and other fields for "sg_inq --export"
(bsc#1219874)
==== shadow ====
Version update (4.14.3 -> 4.14.5)
Subpackages: libsubid4 login_defs
- Update to 4.14.5:
* Build system:
+ Fix regression introduced in 4.14.4, due to a typo. chgpasswd had
been deleted from a Makefile variable, but it should have been
chpasswd.
- Remove shadow-4.14.4-chgpasswd-typo.patch
- Update to 4.14.4:
* Build system:
+ Link correctly with libdl.
+ Install pam configs for chpasswd(8) and newusers(8) when using
./configure --with-libpam --disable-account-tools-setuid.
* libshadow:
+ Fix build error (parameter name omitted).
+ Fix off-by-one bug.
+ Remove warning.
- Add shadow-4.14.4-chgpasswd-typo.patch: to fix build. See #926
- Update patch macro `patchN` -> `patch -P N`
==== shared-mime-info ====
- Explicitly use gcc 13 on SLE.
==== shim ====
- Modified shim.spec file to add suffix string of project to filename
of included certificates. e.g.
rpm -pql shim-15.8-lp155.6.1.x86_64.rpm
/etc/uefi
/etc/uefi/certs
/etc/uefi/certs/2B697CB1-shim-devel.crt
/etc/uefi/certs/4659838C-shim-opensuse.crt
/etc/uefi/certs/BCA4E38E-shim-sles.crt
The original name of crt files are:
/etc/uefi/certs/2B697CB1-shim.crt
/etc/uefi/certs/4659838C-shim.crt
/etc/uefi/certs/BCA4E38E-shim.crt
It can indicate the souce project of certificates.
- Sometimes SLE shim signature be Microsoft updated before openSUSE shim
signature. When submit request on IBS for updating SLE shim, the submitreq
project be generated, but it always be blocked by checking the signature
of openSUSE shim.
It doesn't make sense checking openSUSE shim signature when building
SLE shim on SLE platform, and vice versa. So the following change adds the
logic to compare suffix (sles, opensuse) with distro_id (sle, opensuse).
When and only when hash mismatch and distro_id match with suffix, stop
building.
[#] compare suffix (sles, opensuse) with distro_id (sle, opensuse)
[#] when hash mismatch and distro_id match with suffix, stop building
- Sync the changelog between openSUSE:Factory/shim with SLE-15-SP3/shim
- Add CVE-2022-28737 number to "Mon Mar 27 09:26:02 UTC 2023" record
- Add "Thu Apr 13 05:28:10 UTC 2023" record for updating shim-install
for bsc#1210382.
- Add "Thu Apr 13 09:13:22 UTC 2023" record for changing the logic of
checking shim signature.
- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
92d0f4305df73 Set the SRK algorithm for the TPM2 protector
==== signon-plugin-oauth2 ====
- Switch to %autosetup
==== slirp4netns ====
Version update (1.2.2 -> 1.2.3)
- New upstream release 1.2.3:
* Fix some FD leaks (#334, thanks to @giuseppe)
==== systemd ====
Version update (254.8 -> 254.9)
Subpackages: libsystemd0 libudev1 systemd-boot systemd-coredump systemd-doc udev
- Import commit 31f1148f75a1155d3eb37fd1a450096d669ec65b
31f1148f75 seccomp: include `fchmodat2` in `@file-system` (bsc#1219766)
001f349c57 service: Demote log level of NotifyAccess= messages to debug (bsc#1210113 jsc#PED-6214)
- Add a new %upstream macro to support building from upstream sources. This
will allow upstream to build systemd rpms using the opensuse systemd packaging
specs. These rpms will be built and used in upstream's mkosi based hacking and
testing environment to test changes and in the future to run integration tests
as well. By building the rpms using the opensuse packaging specs, the idea is
to catch more issues ahead of time as the mkosi environment will behave more
like a regular opensuse system.
- Add new %version_override and %version_release macros to allow overriding the
version and release of the rpm respectively.
- Import commit 53e2aaaf9d69fb1c8f6ae2c9f8a99b02d70d318f
53e2aaaf9d vconsole-setup: don't fail if the only found vc is already used by plymouth (bsc#1218618)
22c4878430 vconsole-setup: port to main-func.h boilerplate
- systemd-testsuite: depend on "qemu" instead of "qemu-kvm", the latter is
obsolete. (bsc#1218684)
- Import commit fbf9f32eb774ba6ec54e0d5d53b36baaf3e6b146
fbf9f32eb7 test/test-shutdown.py: optionally display the test I/Os in a dedicated log file
cd012774df test-69: send SIGTERM to ask systemd-nspawn to properly stop the container
d883b83244 man: Document ranges for distributions config files and local config files
- Import commit fa94ab006d09686cef121aaa3baa10cf5ca95e19 (merge of v254.9)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/67a5ac1043417d900bf417a884372ae…
- Update the version of libbpf dlopened by systemd (weak dependency) (bsc#1219440)
==== tecla-keyboard-layout-viewer ====
Version update (45.rc -> 45.0)
- Update to version 45.0:
+ Added shortcuts to exit the dialog
+ Fix UI in RTL environments
+ Fix a11y initialization
+ Updated translations.
==== thin-provisioning-tools ====
Version update (1.0.10 -> 1.0.11)
- Update to version 1.0.11:
* Bump version nr to 1.0.11
* [thin/cache_check] Print suggestive hints for improving error resolution
* [tests] Fix a typo in command name
* [cache_check] Fix boundary check on the bitset for cached blocks
==== tigervnc ====
Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module
- Set the URL at Source0.
- patches have been renamed
* u_build_libXvnc_as_separate_library.patch -->
u_tigervnc-Build-libXvnc-as-separate-library.patch
* n_vncserver.patch -->
n_tigervnc-Vncserver.patch
* n_correct_path_in_desktop_file.patch -->
n_tigervnc-Correct-path-in-desktop-file.patch
* n_tigervnc-date-time.patch -->
n_tigervnc-Date-time.patch
* u_change-button-layout-in-ServerDialog.patch -->
u_tigervnc-Change-button-layout-in-ServerDialog.patch
* n_dont_sign_java_client.patch -->
n_tigervnc-Dont-sign-java-client.patch
* u_tigervnc-add-autoaccept-parameter.patch -->
u_tigervnc-Add-autoaccept-parameter.patch
* u_tigervnc-ignore-epipe-on-write.patch
u_tigervnc-Ignore-epipe-on-write.patch
- Cleanup specfile
* Use the same format for all the patches.
* Use autosetup to apply all the patches with -p1.
* Clean number of sources.
- buildrequire xorg-x11-server-source/-sdk >= 21.1.11 and trigger
rebuild with newer xorg-x11-server-source package (bsc#1219311,
bsc#1219205)
==== u-boot-rpiarm64 ====
Subpackages: u-boot-rpiarm64-doc
Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2024.01
* Patches dropped:
0020-bcm2835-brcm-bcm2708-fb-device-is-u.patch
0023-pci-pcie-brcmstb-Add-bcm2712-PCIe-c.patch
* Patches added:
0020-bcm2835-Dynamically-calculate-bytes.patch
0023-configs-rpi_arm64-build-position-in.patch
==== unzip ====
Subpackages: unzip-doc
- Use %patch -P N instead of deprecated %patchN.
==== utempter ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
==== util-linux ====
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1
- Add file conflict of util-linux-tty-tools and busybox-util-linux.
==== util-linux-systemd ====
- Add file conflict of util-linux-tty-tools and busybox-util-linux.
==== vid_stab ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
==== vim ====
Version update (9.1.0000 -> 9.1.0111)
Subpackages: vim-data vim-data-common vim-small xxd
- Use %patch -P N instead of deprecated %patchN.
- update to 9.1.0111:
* filetype: no support for bats files
* filetype: add 'Config.in' filetype detection
* runtime(asciidoc): include basic ftplugin
* filetype: no support for its files
* runtime(vim): Update base-syntax, remove unused vimString region
* runtime(vim): Update base-syntax, fix :behave highlighting
* runtime(vim): update Vim Syntax generator
* filetype: no support for dtso files
* Visual highlight hard to read with 'termguicolors'
* runtime(vim): include Vim Syntax generator
* Style: typos found
* Linking fails with -lto because of PERL_CFLAGS
* 'breakindentopt' "min" not correct with 'signcolumn'
* settabvar() may change the last accessed tabpage
* upper-case of German sharp s should be U+1E9E
* Redrawing can be improved with undo and 'spell'
* Not able to use diff() with 'diffexpr'
* runtime(gpg): Mark dangerous use-embedded-filename with WarningMsg
* CompletionChanged not triggered when new leader added without matches
* 'breakindent' behaves inconsistently with 'list' and splits
* runtime(vim): Update syntax file
* diff() function uses 'diffexpr'
* tests: test_restricted() fails
* xxd: buffer-overflow when writing color output
* Still a qsort() comparison function that returns result of subtraction
* Compiler warning for missing type in scroll_event()
* Syntax test fails when run with non C locale
* Assigning wrong colors when parsing terminal OSC response
* runtime(vim): Fix indent after line with literal dict
* qsort() comparison functions should be transitive
* TextChanged not triggered for :norm! commands
* Restoring lastused_tabpage too early in do_arg_all()
* Problem when scrolling using slow touchpads scroll event
* X11 scroll size changes after accessing clipboard
* Visual hl wrong when it ends before multibyte 'showbreak'
* Redrawing can be improved when deleting lines with 'number'
* Redrawing can be improved when deleting lines with 'cursorline'
* runtime(doc): further improve docs about List/Blob += operator
* X11 mouse-scrolling stutters
* runtime(doc): Clarify list-concatenation a bit more
* unexpected error for modifying final list using +=
* LineNrAbove/Below highlighting wrong on wrapped lines
* runtime(dosbatch): improve '::' comment highlighting
* GTK3: using wrong style for pre-edit area
* Unnecessary call to redraw_for_cursorline() in nv_mousescroll()
* runtime(colors): color names in the v:colornames dict should be lower cased
* luau config file not detected
* runtime(vim): Update syntax file
* insert completion not correct when adding new leader
* did_set_breakat() should be in optionstr.c
* Looping over modifier_keys_table unnecessarily
* Not able to build without FEAT_DIFF
* translation(ca): Fixe typos in Catalan translation
* Need a diff() Vim script function
* translation(ru): Updated Russian translation of messages
* runtime(vim): Update syntax file
* runtime(fortran): update syntax
* ScreenLines may not be correctly initialized, causing hang
* Visual highlighting can still be improved
* gcc still complains about use of uninitialized var
* runtime(racket): add missing space to b:undo_indent var
* runtime(Filelist): include README_vimlogo.txt
* gcc complains about use of uninitialized var
* runtime(vimlogo): Include and modernize vimlogo.svg
* runtime(netrw): fixing remote file removal via ssh
* runtime(doc): correct Vim patch for Wayland support
* runtime(racket): undo some indent options only when vim9script is available
* runtime(doc): Update help for Wayland support
* Segfault with CompleteChanged autocommand
* No Wayland support
* GTK code can be improved
* Internal error when :luado/perldo/pydo etc delete lines
* UX of visual highlighting can be improved
* runtime(netrw): Use :exec norm! <leftmouse> before :call mapping in netrw
* Recorded register cannot be translated using keytrans()
* runtime(vim): Highlight string interpolation
* runtime(vim): Update syntax and ftplugin files
* runtime(ant): Update syntax file
* runtime(hurl): add hurl filetype plugin
* runtime(vim): Update syntax file
* runtime(doc): style fixes in vim9.txt
* No event triggered before creating a window
* Cannot map Super Keys in GTK UI
* wrong number of trailing spaces inserted after blockwise put
* formatting long lines is slow
* 'linebreak' may still apply to leading whitespace
* Patch 9.1.0041 causes regressions for users
* runtime(mail): fix #13913
* runtime(netrw): Don't change global options
* runtime(fortran): update syntax and documentation
* Win32 Keyboard handling is sub-optimal
* Make "[Command Line]" a special buffer name
* Abort opening cmdwin if autocmds screw things up
* issues with temp curwin/buf while cmdwin is open
* runtime(c): Highlight user defined functions
* :drop does not re-use empty buffer
* --remote-* does not ignore `wilidignore`
... changelog too long, skipping 76 lines ...
* Add support for `syntax foldlevel` command
==== vmaf ====
- fix dependency on xxd
==== webkit2gtk3 ====
Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles
- Increase mem_per_process again to match what is in SLE. The build
was sporadically failing there (bsc#1198743).
- Require libwaylandclient0 >= 1.20. 15.4 originally had 1.19.0,
but webkitgtk uses a function added in 1.20.0, so we need to
ensure that the wayland update is pulled in (bsc#1215072).
- Fix package names for v6, and obsolete old packages.
- Use gcc 11 on SLE, to match what is currently used on SP4, and
adjust version check to include SP6. Also, use system malloc
there; the build currently fails without this (webkit#243535).
- Require gcc >= 10.2 to match the current cmake test.
- Disable jpegxl on SLE; it isn't currently available there.
==== webkit2gtk4 ====
- Increase mem_per_process again to match what is in SLE. The build
was sporadically failing there (bsc#1198743).
- Require libwaylandclient0 >= 1.20. 15.4 originally had 1.19.0,
but webkitgtk uses a function added in 1.20.0, so we need to
ensure that the wayland update is pulled in (bsc#1215072).
- Fix package names for v6, and obsolete old packages.
- Use gcc 11 on SLE, to match what is currently used on SP4, and
adjust version check to include SP6. Also, use system malloc
there; the build currently fails without this (webkit#243535).
- Require gcc >= 10.2 to match the current cmake test.
- Disable jpegxl on SLE; it isn't currently available there.
==== webrtc-audio-processing ====
- Use %patch -P N instead of deprecated %patchN.
==== wget ====
- Use %patch -P N instead of deprecated %patchN.
==== wmctrl ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
==== wpa_supplicant ====
- Add CVE-2023-52160.patch - Bypassing WiFi Authentication (bsc#1219975)
==== wsdd ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
==== xdg-menu ====
- Use %patch -P N instead of deprecated %patchN.
==== xfsprogs ====
Version update (6.5.0 -> 6.6.0)
- update to 6.6.0
- xfs_scrub: add missing license and copyright information
- xfs_db: report the device associated with each io cursor
- libxfs: Fix UAF in a requeued EFI
- xfs_io: Add new option, to exercise log2_data_unit_size in kernel fscrypt_policy_v2
- xfs_db: Add upport to read from external log device
- metadump: New metadump format
- xfs_quota: fix missing mount point warning
==== xorg-x11-server ====
Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra
- fix permissions of files in xorg-x11-server-source for tigervnc
build later (needed since latest autoconf)
- Provide again xorg-x11-server-source
* xwayland sources are not meant for a generic server.
* https://github.com/TigerVNC/tigervnc/issues/1728
- Stop providing xorg-x11-server-source from xorg-x11-server
* Now the sources are provided by xwayland because it is more updated.
* Fixes bsc#1219892.
==== xtermset ====
- Use %patch -P N instead of deprecated %patchN.
==== xwayland ====
- Don't provide xorg-x11-server-source
* xwayland sources are not meant for a generic server.
* https://github.com/TigerVNC/tigervnc/issues/1728
- Provide xorg-x11-server-source from xwayland
* xwayland will be more updated than xorg-x11-server, so the server sources
will be more updated too if are provided by xwayland.
* Fixes bsc#1219892.
==== yast2 ====
Version update (5.0.5 -> 5.0.6)
Subpackages: yast2-logs
- Allow host/domain names starting with an underscore (bsc#1219920)
- 5.0.6
==== yast2-packager ====
Version update (5.0.2 -> 5.0.4)
- SLE HPC is not a base product anymore, it is replaced by
SLES + HPC module, added migration mapping (jsc#PED-7841)
- 5.0.4
- Fixed ERB template loading in self update, if the template
cannot be found using a relative path then fallback to the
absolute path (bsc#1219174)
- 5.0.3
==== yast2-perl-bindings ====
Version update (5.0.0 -> 5.0.1)
- Fix the locale after initializing embedded Perl interpreter
(bsc#1216689)
- 5.0.1
==== yast2-storage-ng ====
Version update (5.0.4 -> 5.0.6)
- jsc#PED-6407
- new env variable YAST_REUSE_LVM for reusing LVM in new
installation. It can be used as linuxrc boot param.
- 5.0.6
- Added new libstorage enum value UF_BCACHEFS to fix build failure
(bsc#1219804)
- 5.0.5
==== zchunk ====
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang_path macro, [bsc#1212476]
==== zip ====
- Use %patch -P N instead of deprecated %patchN.
==== zlib ====
Subpackages: libminizip1 libz1
- Use %patch -P N instead of deprecated %patchN.
==== zvbi ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
1
0
Hey!
https://hackaday.com/2024/02/14/floss-weekly-episode-769-10-more-internet/
listening to this weeks FLOSS Weekly and MicroOS is on next week live
on Wednesday 21th February and recording uploaded on Thursday 22th
February
1
1
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
attica-qt5 (5.114.0 -> 5.115.0)
baloo5 (5.114.0 -> 5.115.0)
bluez-qt (5.114.0 -> 5.115.0)
breeze5-icons (5.114.0 -> 5.115.0)
frameworkintegration (5.114.0 -> 5.115.0)
kactivities-stats (5.114.0 -> 5.115.0)
kactivities5 (5.114.0 -> 5.115.0)
karchive (5.114.0 -> 5.115.0)
kauth (5.114.0 -> 5.115.0)
kbookmarks (5.114.0 -> 5.115.0)
kcmutils (5.114.0 -> 5.115.0)
kcodecs (5.114.0 -> 5.115.0)
kcompletion (5.114.0 -> 5.115.0)
kconfig (5.114.0 -> 5.115.0)
kconfigwidgets (5.114.0 -> 5.115.0)
kcoreaddons (5.114.0 -> 5.115.0)
kcrash (5.114.0 -> 5.115.0)
kdbusaddons (5.114.0 -> 5.115.0)
kdeclarative (5.114.0 -> 5.115.0)
kded (5.114.0 -> 5.115.0)
kdelibs4support (5.114.0 -> 5.115.0)
kdesu (5.114.0 -> 5.115.0)
kdnssd-framework (5.114.0 -> 5.115.0)
kdoctools (5.114.0 -> 5.115.0)
kfilemetadata5 (5.114.0 -> 5.115.0)
kglobalaccel (5.114.0 -> 5.115.0)
kguiaddons (5.114.0 -> 5.115.0)
kholidays (5.114.0 -> 5.115.0)
khtml (5.114.0 -> 5.115.0)
ki18n (5.114.0 -> 5.115.0)
kiconthemes (5.114.0 -> 5.115.0)
kidletime (5.114.0 -> 5.115.0)
kimageformats (5.114.0 -> 5.115.0)
kinit (5.114.0 -> 5.115.0)
kio (5.114.0 -> 5.115.0)
kirigami2 (5.114.0 -> 5.115.0)
kitemmodels (5.114.0 -> 5.115.0)
kitemviews (5.114.0 -> 5.115.0)
kjobwidgets (5.114.0 -> 5.115.0)
kjs (5.114.0 -> 5.115.0)
knewstuff (5.114.0 -> 5.115.0)
knotifications (5.114.0 -> 5.115.0)
knotifyconfig (5.114.0 -> 5.115.0)
kpackage (5.114.0 -> 5.115.0)
kparts (5.114.0 -> 5.115.0)
kpeople5 (5.114.0 -> 5.115.0)
kpty (5.114.0 -> 5.115.0)
kquickcharts (5.114.0 -> 5.115.0)
krunner (5.114.0 -> 5.115.0)
kservice (5.114.0 -> 5.115.0)
ktexteditor (5.114.0 -> 5.115.0)
ktextwidgets (5.114.0 -> 5.115.0)
kunitconversion (5.114.0 -> 5.115.0)
kwallet (5.114.0 -> 5.115.0)
kwayland (5.114.0 -> 5.115.0)
kwidgetsaddons (5.114.0 -> 5.115.0)
kwindowsystem (5.114.0 -> 5.115.0)
kxmlgui (5.114.0 -> 5.115.0)
libKF5ModemManagerQt (5.114.0 -> 5.115.0)
libKF5NetworkManagerQt (5.114.0 -> 5.115.0)
libxml2
plasma-framework (5.114.0 -> 5.115.0)
prison-qt5 (5.114.0 -> 5.115.0)
purpose (5.114.0 -> 5.115.0)
qqc2-desktop-style (5.114.0 -> 5.115.0)
solid (5.114.0 -> 5.115.0)
sonnet (5.114.0 -> 5.115.0)
syndication (5.114.0 -> 5.115.0)
syntax-highlighting (5.114.0 -> 5.115.0)
threadweaver (5.114.0 -> 5.115.0)
xorg-x11-server
=== Details ===
==== attica-qt5 ====
Version update (5.114.0 -> 5.115.0)
Subpackages: libKF5Attica5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== baloo5 ====
Version update (5.114.0 -> 5.115.0)
Subpackages: baloo5-file baloo5-file-lang baloo5-imports baloo5-kioslaves baloo5-kioslaves-lang baloo5-tools baloo5-tools-lang libKF5Baloo5 libKF5BalooEngine5 libKF5BalooEngine5-lang
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== bluez-qt ====
Version update (5.114.0 -> 5.115.0)
Subpackages: bluez-qt-imports bluez-qt-udev libKF5BluezQt6
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== breeze5-icons ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- Changes since 5.114.0:
* Update Google icon (kde#462165)
==== frameworkintegration ====
Version update (5.114.0 -> 5.115.0)
Subpackages: frameworkintegration-plugin libKF5Style5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kactivities-stats ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kactivities5 ====
Version update (5.114.0 -> 5.115.0)
Subpackages: kactivities5-imports libKF5Activities5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== karchive ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kauth ====
Version update (5.114.0 -> 5.115.0)
Subpackages: libKF5Auth5 libKF5Auth5-lang libKF5AuthCore5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kbookmarks ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kcmutils ====
Version update (5.114.0 -> 5.115.0)
Subpackages: kcmutils-imports libKF5KCMUtils5 libKF5KCMUtilsCore5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kcodecs ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kcompletion ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kconfig ====
Version update (5.114.0 -> 5.115.0)
Subpackages: kconf_update5 libKF5ConfigCore5 libKF5ConfigGui5 libKF5ConfigQml5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kconfigwidgets ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kcoreaddons ====
Version update (5.114.0 -> 5.115.0)
Subpackages: libKF5CoreAddons5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- Changes since 5.114.0:
* Add isProcExists func to check if /proc exists
* Determine UNIX process if "/proc" does not exist
==== kcrash ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kdbusaddons ====
Version update (5.114.0 -> 5.115.0)
Subpackages: kdbusaddons-tools libKF5DBusAddons5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kdeclarative ====
Version update (5.114.0 -> 5.115.0)
Subpackages: kdeclarative-components libKF5CalendarEvents5 libKF5Declarative5 libKF5QuickAddons5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- Changes since 5.114.0:
* Show GridDelegate labels as plaintext (kde#480106)
==== kded ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kdelibs4support ====
Version update (5.114.0 -> 5.115.0)
Subpackages: libKF5KDELibs4Support5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kdesu ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kdnssd-framework ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kdoctools ====
Version update (5.114.0 -> 5.115.0)
Subpackages: libKF5DocTools5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kfilemetadata5 ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- Changes since 5.114.0:
* Fix compilation with latest TagLib git master
* Fix build with taglib 2
==== kglobalaccel ====
Version update (5.114.0 -> 5.115.0)
Subpackages: kglobalaccel5 libKF5GlobalAccel5 libKF5GlobalAccelPrivate5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kguiaddons ====
Version update (5.114.0 -> 5.115.0)
Subpackages: libKF5GuiAddons5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kholidays ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- Changes since 5.114.0:
* holiday_ie_en-gb - Add St Brigid's Day (kde#479832)
==== khtml ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== ki18n ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
- Add upstream change:
* 0001-KCountrySubdivision-unbreak-support-of-iso-codes-4.1.patch
==== kiconthemes ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- Changes since 5.114.0:
* CI: Don't require Windows test to pass
==== kidletime ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kimageformats ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kinit ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kio ====
Version update (5.114.0 -> 5.115.0)
Subpackages: kio-core
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- Changes since 5.114.0:
* KDirModel: Consider invalid roots are local fs (kde#477039)
* slavebase: abort mimetype emission when the worker was terminated (kde#474909, boo#1217175)
* KDirModel: Allow expanding network directories in file picker again (kde#479531)
* KCoreDirLister: updateDirectory: update parent folder if it is listed (kde#440712)
* copyjob: Fix implicitly skipping files when copying (kde#479082)
==== kirigami2 ====
Version update (5.114.0 -> 5.115.0)
Subpackages: libKF5Kirigami2-5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
- Switch to the latest GCC version available in Leap for packages
that can't build with the default compiler
==== kitemmodels ====
Version update (5.114.0 -> 5.115.0)
Subpackages: kitemmodels-imports libKF5ItemModels5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kitemviews ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kjobwidgets ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kjs ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== knewstuff ====
Version update (5.114.0 -> 5.115.0)
Subpackages: knewstuff-imports libKF5NewStuff5 libKF5NewStuffCore5 libKF5NewStuffWidgets5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== knotifications ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== knotifyconfig ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kpackage ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kparts ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kpeople5 ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kpty ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kquickcharts ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- Changes since 5.114.0:
* CI: Don't require FreeBSD test to pass
==== krunner ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kservice ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== ktexteditor ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- Changes since 5.114.0:
* Add parent widget for diff dialogs
==== ktextwidgets ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kunitconversion ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kwallet ====
Version update (5.114.0 -> 5.115.0)
Subpackages: kwallet-tools kwalletd5 libKF5Wallet5 libkwalletbackend5-5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- Changes since 5.114.0:
* Emit the walletCreated signal in the KWalletD::pamOpen function
if a new wallet is created during its call
==== kwayland ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kwidgetsaddons ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kwindowsystem ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== kxmlgui ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== libKF5ModemManagerQt ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== libKF5NetworkManagerQt ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== libxml2 ====
Subpackages: libxml2-2 libxml2-tools
- Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader
* Added libxml2-CVE-2024-25062.patch
==== plasma-framework ====
Version update (5.114.0 -> 5.115.0)
Subpackages: libKF5Plasma5 plasma-framework-components plasma-framework-desktoptheme
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== prison-qt5 ====
Version update (5.114.0 -> 5.115.0)
Subpackages: libKF5Prison5 prison-qt5-imports
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- Changes since 5.114.0:
* Enable exceptions for videoscannerworker.cpp
==== purpose ====
Version update (5.114.0 -> 5.115.0)
Subpackages: libKF5Purpose5 libKF5PurposeWidgets5
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== qqc2-desktop-style ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== solid ====
Version update (5.114.0 -> 5.115.0)
Subpackages: libKF5Solid5 solid-imports solid-tools
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== sonnet ====
Version update (5.114.0 -> 5.115.0)
Subpackages: libKF5SonnetCore5 libKF5SonnetUi5 sonnet-imports
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== syndication ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== syntax-highlighting ====
Version update (5.114.0 -> 5.115.0)
Subpackages: libKF5SyntaxHighlighting5 syntax-highlighting-imports
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== threadweaver ====
Version update (5.114.0 -> 5.115.0)
- Update to 5.115.0
* New feature release
* For more details please see:
* https://kde.org/announcements/frameworks/5/5.115.0
- No code change since 5.114.0
==== xorg-x11-server ====
Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra
- Release 21.1.11 also covers fixes for security issue CVE-2022-46340
and bug numbers bsc#1205874, bsc#1217765
- Release 21.1.11 covers fixes for the following bug numbers, which
are not mentioned in this changelog before: bsc#1218845,
bsc#1218846, bsc#1216261, bsc#1216133, bsc#1216135
- Release 21.1.11 supersedes the following patches still used with
xorg-x11-server 21.1.4 on sle15-sp5/Leap 15.5 and not mentioned in
this changelog as superseded before:
* U_Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch
* U_bsc1216133-mi-reset-the-PointerWindows-reference-on-screen-swit.patch
* U_bsc1216135-Xi-randr-fix-handling-of-PropModeAppend-Prepend.patch
* U_bsc1216261-0001-mi-fix-CloseScreen-initialization-order.patch
* U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch
* U_bsc1216261-0003-dix-always-initialize-pScreen-CloseScreen.patch
* bsc1218582-0001-dix-allocate-enough-space-for-logical-button-maps.patch
* bsc1218583-0001-dix-Allocate-sufficient-xEvents-for-our-DeviceStateN.patch
* bsc1218583-0002-dix-fix-DeviceStateNotify-event-calculation.patch
* bsc1218583-0003-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch
* bsc1218584-0001-Xi-flush-hierarchy-events-after-adding-removing-mast.patch
* bsc1218585-0001-Xi-do-not-keep-linked-list-pointer-during-recursion.patch
* bsc1218585-0002-dix-when-disabling-a-master-float-disabled-slaved-de.patch
* U_bsc1218845-glx-Call-XACE-hooks-on-the-GLX-buffer.patch
* U_bsc1218846-ephyr-xwayland-Use-the-proper-private-key-for-cursor.patch
- xserver sources of this release fixes segfault in Xvnc (bsc#1219311)
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
Mesa (23.3.4 -> 23.3.5)
Mesa-drivers (23.3.4 -> 23.3.5)
apparmor (3.1.6 -> 3.1.7)
c-ares (1.20.1 -> 1.26.0)
cpio (2.14 -> 2.15)
distribution-logos-openSUSE (20230921 -> 20240207)
dracut (059+suse.538.ge7a5cff9 -> 059+suse.549.gc9f63878)
ethtool (6.6 -> 6.7)
fwupd (1.9.12 -> 1.9.13)
gcc13 (13.2.1+git8250 -> 13.2.1+git8285)
glibc
grub2
gstreamer-plugins-bad
gtk4 (4.12.4 -> 4.12.5)
ibus
imlib2 (1.12.1 -> 1.12.2)
installation-images-MicroOS (17.112 -> 17.114)
inxi (3.3.32 -> 3.3.33)
kdsoap
kernel-source (6.7.2 -> 6.7.4)
libXext (1.3.5 -> 1.3.6)
libapparmor (3.1.6 -> 3.1.7)
libei (1.2.0 -> 1.2.1)
libgsf (1.14.51 -> 1.14.52)
libidn2 (2.3.4 -> 2.3.7)
libjxl (0.9.0 -> 0.9.2)
libjxl-gtk (0.9.0 -> 0.9.2)
libmemcached
libpciaccess (0.17 -> 0.18)
libxcb
libxkbfile (1.1.2 -> 1.1.3)
libzypp (17.31.28 -> 17.31.31)
man
microos-tools (2.21+git9 -> 2.21+git11)
netavark (1.9.0 -> 1.10.2)
netpbm
numactl (2.0.17.4.g63befa8 -> 2.0.18.0.g3871b1c)
openssl-3
pam
pam-full-src
patterns-microos
permissions (1699_20230602 -> 1699_20240206)
pipewire (1.0.2 -> 1.0.3)
polkit-default-privs (1550+20231213.09963a4 -> 1550+20240207.d833f4b)
pulseaudio (16.1 -> 17.0)
python-MarkupSafe (2.1.4 -> 2.1.5)
python-h11
python-pip
python-typing_extensions
python311 (3.11.7 -> 3.11.8)
python311-core (3.11.7 -> 3.11.8)
qemu (8.1.3 -> 8.2.0)
rebootmgr (2.1 -> 2.2)
rpm (4.19.1 -> 4.19.1.1)
selinux-policy (20240116 -> 20240205)
shim
spectacle
systemd
webkit2gtk3 (2.42.4 -> 2.42.5)
webkit2gtk4 (2.42.4 -> 2.42.5)
wireplumber
xkbcomp (1.4.6 -> 1.4.7)
xprop (1.2.6 -> 1.2.7)
yast2-installation (5.0.5 -> 5.0.6)
yast2-network (5.0.1 -> 5.0.2)
=== Details ===
==== Mesa ====
Version update (23.3.4 -> 23.3.5)
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1
- Update to bugfix release 23.3.5
- -> https://docs.mesa3d.org/relnotes/23.3.5.html
- re-enabled rusticl on sle15-sp6 after linkpac'ing rust-bindgen
in X11:XOrg project
==== Mesa-drivers ====
Version update (23.3.4 -> 23.3.5)
Subpackages: Mesa-dri Mesa-gallium Mesa-libva
- Update to bugfix release 23.3.5
- -> https://docs.mesa3d.org/relnotes/23.3.5.html
- re-enabled rusticl on sle15-sp6 after linkpac'ing rust-bindgen
in X11:XOrg project
==== apparmor ====
Version update (3.1.6 -> 3.1.7)
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- Update to AppArmor 3.1.7
- aa-logprof: don't skip exec events in hats
- fix aa-cleanprof to work with named profiles
- add permissions in various abstractions
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7
for the full list of changes
- drop upstreamed apparmor-systemd-sessions.patch
==== c-ares ====
Version update (1.20.1 -> 1.26.0)
- Ensure multibuild flavors result in different src names.
- c-ares 1.26.0:
* Event Thread support. Integrators are no longer required to
monitor the file descriptors registered by c-ares for events
and call ares_process() when enabling the event thread feature
via ARES_OPT_EVENT_THREAD passed to ares_init_options().
* Added flags to are_dns_parse() to force RAW packet parsing
* Mark ares_fds() as deprecated
* Bug fixes
- move tests into a build flavor to avoid gtest/gmock build loop
- Update to version 1.25
Changes:
o Rewrite ares_strsplit() as a wrapper for ares__buf_split() for memory
safety reasons.
o The ahost utility now uses ares_getaddrinfo() and returns both IPv4 and
IPv6 addresses by default.
Bug Fixes:
o Tests: Live reverse lookups for Google's public DNS servers no longer
return results, replace with CloudFlare pubic DNS servers.
o Connection failures should increment the server failure count first or a
retry might be enqueued to the same server
o On systems that don't implement the ability to enumerate network interfaces
the stubs used the wrong prototype.
o Fix minor warnings and documentation typos
o Fix support for older GoogleTest versions
o getrandom() may require sys/random.h on some systems.
o Fix building tests with symbol hiding enabled.
- 0001-Use-RPM-compiler-options.patch: dropped, obsolete
- Update to version 1.24
Features:
* Add support for IPv6 link-local DNS servers. Nameserver formats
can now accept the 0face suffix, and a new ares_get_servers_csv()
function was added to return servers that can contain the link-local
interface name.
Changes:
* Unbundle GoogleTest for test cases. Package maintainers will now
need torequire GoogleTest (GMock) as a build dependency if
building tests. New GoogleTest versions require C++14 or later.
* Replace nameserver parsing code to use new memory-safe functions.
* Replace the sortlist parser with new memory-safe functions.
* Various warning fixes and dead code removal.
Bugfixes:
* Old Linux versions require POSIX_C_SOURCE or _GNU_SOURCE to
compile with thread safety support
* A non-responsive DNS server that caused timeouts wouldn't
increment thefailure count, this would lead to other servers
not being tried. Regression introduced in 1.22.0
* Some projects that depend on c-ares expect invalid parameter
option valuespassed into ares_init_options() to simply be
ignored. This behavior has been restored
* getrandom() can fail if the kernel doesn't support
the syscall, fall back to another random source
* ares_cancel() when performing ares_gethostbyname() or
ares_getaddrinfo()with AF_UNSPEC, if called after one address
class was returned but before the other address class, it
would return ARES_SUCCESS rather than ARES_ECANCELLED
- disable-live-tests.patch: dropped, not needed
- Update to version 1.23
Features:
Introduce optional (but on by default) thread-safety for the c-ares library. This has no API nor ABI implications.
resolv.conf in modern systems uses attempts and timeouts options instead of the old retrans and retry options.
Query caching support based on TTL of responses. Can be enabled via ares_init_options() with ARES_OPT_QUERY_CACHE.
Bugfixes:
ares_init_options() for ARES_OPT_UDP_PORT and ARES_OPT_TCP_PORT accept theport in host byte order, but it was reading it as network byte order. Regression introduced in 1.20.0.
ares_init_options() for ARES_FLAG_NOSEARCH was not being honored forares_getaddrinfo() or ares_gethostbyname(). Regression introduced in 1.16.0.
Autotools MacOS and iOS version check was failing
Environment variables passed to c-ares are meant to be an override for system configuration. Regression introduced in 1.22.0.
Spelling fixes as detected by codespell.
The timeout returned by ares_timeout() was truncated to milliseconds butvalidated to microseconds which could cause a user to attempt to process timeouts prior to the timeout actually expiring.
CMake was not honoring CXXFLAGS passed in via the environment which couldcause compile and link errors with distribution hardening flags during packaging.
Fix Windows UWP and Cygwin compilation.
ares_set_servers_*() for legacy reasons needs to accept an empty server listand zero out all servers. This results in an inoperable channel and thus is only used in simulation testing, but we don't want to break users. Regression introduced in 1.21.0.
Changes in version 1.22.1
Bugfixes:
Fix /etc/hosts processing performance with all entries using same IPaddress. Large hosts files using the same IP address for all entries could use exponential time.
Fix typos in manpages
Fix OpenWatcom building
Changes in version 1.22.0
Features:
ares_reinit() is now implemented to re-read any system configuration and immediately apply to an existing ares channel
The adig command line program has been rewritten and its format now more closely matches that of BIND's dig utility
The new DNS message parser and writer functions have now been made public
RFC9460 HTTPS and SVCB records are now supported
RFC6698 TLSA records are now supported
The server list is now internally dynamic and can be changed without impacting existing queries
Hosts file processing is now cached until the file is detected to be changed to speed up repetitive lookups of large hosts files
Changes:
Internally all DNS messages are now written using the new DNS writing functions
EDNS is now enabled by default
Internal cleanups in function prototypes
Bugfixes:
Randomize retry penalties to prevent thundering herd issues when dns servers throttle requests
Fix Windows build error for missing if_indextoname()
- update to 1.21.0:
* Replace multiple DNS hand-made parsers with new memory-safe DNS
message parser
* developer visible changes and bug fixes
==== cpio ====
Version update (2.14 -> 2.15)
Subpackages: cpio-mt
- Update to 2.15:
* Fix the operation of --no-absolute-filenames --make-directories.
* Restore access and modification times of symlinks in copy-in and
copy-pass modes.
- Remove fix-operation-no-absolute-filenames.patch
==== distribution-logos-openSUSE ====
Version update (20230921 -> 20240207)
Subpackages: distribution-logos-openSUSE-MicroOS distribution-logos-openSUSE-icons
- switch to a service using zstd
- list the source url
- Update Leap 15.6 branding poo#131666
==== dracut ====
Version update (059+suse.538.ge7a5cff9 -> 059+suse.549.gc9f63878)
Subpackages: dracut-ima
- Update to version 059+suse.549.gc9f63878:
* fix(overlayfs): split overlayfs mount in two steps (bsc#1219778)
* fix(dracut-init.sh): handle decompress with `--sysroot`
* fix(i18n): handle keymap includes with `--sysroot`
* fix(dracut-systemd): replace `rd.udev.log-priority` with `rd.udev.log_level`
* fix(i18n): handle symlinked keymap
==== ethtool ====
Version update (6.6 -> 6.7)
Subpackages: ethtool-bash-completion
- update to upstream release 6.7
* Feature: support for setting TCP data split
* Fix: fix new gcc14 warning
* Fix: fix SFF-8472 transceiver module identification (-m)
==== fwupd ====
Version update (1.9.12 -> 1.9.13)
Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0
- Update to version 1.9.13:
+ This release adds the following features:
- Add a timer inhibit if the daemon took a long time to
startup.
- Add a concept of 'Test Mode' rather than enabling specific
plugins.
- Do not idle-quit the daemon if there is a connected D-Bus
client.
+ This release fixes the following bugs:
- Allow plugins to opt-out of the child-device first depsolve.
- Allow setting multiple flags in LVFS::DeviceFlags.
- Do not migrate config comments for removed keys.
- Do not request the Advantech BMC to reboot.
- Do not warn the user about ESP when using MBR.
- Fix a critical warning when adding a PixArt wireless device.
- Fix migration of legacy config files.
- Only save config values to the mutable config file.
- Parse DS-20 descriptors earlier in device setup.
- Store the version format in the history database to fix
offline reports.
- Use the correct GUID for matching realtek-mst and
parade-lspcon.
+ This release adds support for the following hardware:
- GoodWay Acer Dock.
==== gcc13 ====
Version update (13.2.1+git8250 -> 13.2.1+git8285)
Subpackages: cpp13 libgcc_s1 libgfortran5 libgomp1 libobjc4 libstdc++6 libstdc++6-pp libubsan1
- Add gcc13-sanitizer-remove-crypt-interception.patch to remove
crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
breaks them. [bsc#1219520]
- Update to gcc-13 branch head, 67ac78caf31f7cb3202177e642, git8285
- Add gcc13-pr88345-min-func-alignment.diff to add support for
- fmin-function-alignment. [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
==== glibc ====
Subpackages: glibc-extra glibc-locale glibc-locale-base
- Add libnsl1 to baselibs.conf (bsc#1219640)
- arm-dl-start-user.patch: arm: Remove wrong ldr from _dl_start_user (BZ
[#31339])
==== grub2 ====
Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin
- Fix build error on gcc-14 (bsc#1218949)
* 0001-squash-ieee1275-ofpath-enable-NVMeoF-logical-device-.patch
==== gstreamer-plugins-bad ====
Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0
- Require libvpl only on supported architectures (x86_64 and aarch64)
- drop support for libmfx, which is no longer supported upstream
at all (boo#1219494)
- added support for oneVPL
==== gtk4 ====
Version update (4.12.4 -> 4.12.5)
Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0
- Update to version 4.12.5:
+ GtkColumnView: Fix a crash on dispose.
+ GtkEmojiChooser:
- Update to CLDR v44.
- Add more translations.
+ GtkFileDialog:
- Return an error if no file is selected.
- Make closing the portal file chooser work.
+ GtkDropDown: Fix display of the initial checkmark.
+ GtkShortcutsWindow: Reduce the minimum width.
+ GDK: Make the png loader safer against overflow.
+ Wayland: Fix cursor handling with graphics tablets.
==== ibus ====
Subpackages: libibus-1_0-5 typelib-1_0-IBus-1_0
- Fix dead keys with non-English keyboard in some applications
(MAME, Wine) (boo#1218135)
ibus-complete-preedit-signals-for-postprocesskeyevent.patch
ibus-enginesimple-dont-commit-any-characters.patch
==== imlib2 ====
Version update (1.12.1 -> 1.12.2)
Subpackages: imlib2-loaders libImlib2-1
- update to 1.12.2:
* Fixes for Y4M, ANI, PNG and JPG loaders
==== installation-images-MicroOS ====
Version update (17.112 -> 17.114)
- merge gh#openSUSE/installation-images#693
- remove explicit dependency on libopenssl*-hmac (bsc#1219762)
- 17.114
- merge gh#openSUSE/installation-images#689
- change HMC console name from ttyS1 to ttysclp0 (bsc#1203405)
- 17.113
==== inxi ====
Version update (3.3.32 -> 3.3.33)
- Updated to version 3.3.33:
+ /usr/share/doc/packages/inxi/inxi.changelog.
==== kdsoap ====
- Fix package docs
- Fix build to handle changes in (open)SUSE specific cmake macros,
no user visible changes
==== kernel-source ====
Version update (6.7.2 -> 6.7.4)
- Linux 6.7.4 (bsc#1012628).
- asm-generic: make sparse happy with odd-sized put_unaligned_*()
(bsc#1012628).
- powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
(bsc#1012628).
- arm64: irq: set the correct node for VMAP stack (bsc#1012628).
- drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
(bsc#1012628).
- powerpc: Fix build error due to is_valid_bugaddr()
(bsc#1012628).
- powerpc/mm: Fix build failures due to
arch_reserved_kernel_pages() (bsc#1012628).
- powerpc/64s: Fix CONFIG_NUMA=n build due to
create_section_mapping() (bsc#1012628).
- x86/boot: Ignore NMIs during very early boot (bsc#1012628).
- powerpc: pmd_move_must_withdraw() is only needed for
CONFIG_TRANSPARENT_HUGEPAGE (bsc#1012628).
- powerpc/lib: Validate size for vector operations (bsc#1012628).
- x86/mce: Mark fatal MCE's page as poison to avoid panic in
the kdump kernel (bsc#1012628).
- sched/numa: Fix mm numa_scan_seq based unconditional scan
(bsc#1012628).
- perf/core: Fix narrow startup race when creating the perf
nr_addr_filters sysfs file (bsc#1012628).
- debugobjects: Stop accessing objects after releasing hash
bucket lock (bsc#1012628).
- sched/fair: Fix tg->load when offlining a CPU (bsc#1012628).
- regulator: core: Only increment use_count when enable_count
changes (bsc#1012628).
- audit: Send netlink ACK before setting connection in auditd_set
(bsc#1012628).
- ACPI: tables: Correct and clean up the logic of
acpi_parse_entries_array() (bsc#1012628).
- ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
(bsc#1012628).
- PNP: ACPI: fix fortify warning (bsc#1012628).
- ACPI: extlog: fix NULL pointer dereference check (bsc#1012628).
- selftests/nolibc: fix testcase status alignment (bsc#1012628).
- ACPI: NUMA: Fix the logic of getting the fake_pxm value
(bsc#1012628).
- kunit: tool: fix parsing of test attributes (bsc#1012628).
- kunit: Reset test->priv after each param iteration
(bsc#1012628).
- PM / devfreq: Synchronize devfreq_monitor_[start/stop]
(bsc#1012628).
- ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on
synchronous events (bsc#1012628).
- OPP: The level field is always of unsigned int type
(bsc#1012628).
- thermal: core: Fix thermal zone suspend-resume synchronization
(bsc#1012628).
- FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
(bsc#1012628).
- UBSAN: array-index-out-of-bounds in dtSplitRoot (bsc#1012628).
- jfs: fix slab-out-of-bounds Read in dtSearch (bsc#1012628).
- jfs: fix array-index-out-of-bounds in dbAdjTree (bsc#1012628).
- jfs: fix uaf in jfs_evict_inode (bsc#1012628).
- hwrng: starfive - Fix dev_err_probe return error (bsc#1012628).
- crypto: p10-aes-gcm - Avoid -Wstringop-overflow warnings
(bsc#1012628).
- pstore/ram: Fix crash when setting number of cpus to an odd
number (bsc#1012628).
- erofs: fix up compacted indexes for block size < 4096
(bsc#1012628).
- crypto: starfive - Fix dev_err_probe return error (bsc#1012628).
- crypto: octeontx2 - Fix cptvf driver cleanup (bsc#1012628).
- erofs: fix ztailpacking for subpage compressed blocks
(bsc#1012628).
- crypto: stm32/crc32 - fix parsing list of devices (bsc#1012628).
- afs: fix the usage of read_seqbegin_or_lock() in
afs_lookup_volume_rcu() (bsc#1012628).
- rxrpc_find_service_conn_rcu: fix the usage of
read_seqbegin_or_lock() (bsc#1012628).
- jfs: fix array-index-out-of-bounds in diNewExt (bsc#1012628).
- s390/boot: always align vmalloc area on segment boundary
(bsc#1012628).
- arch: consolidate arch_irq_work_raise prototypes (bsc#1012628).
- arch: fix asm-offsets.c building with -Wmissing-prototypes
(bsc#1012628).
- s390/vfio-ap: fix sysfs status attribute for AP queue devices
(bsc#1012628).
- s390/ptrace: handle setting of fpc register correctly
(bsc#1012628).
- KVM: s390: fix setting of fpc register (bsc#1012628).
- sysctl: Fix out of bounds access for empty sysctl registers
(bsc#1012628).
- SUNRPC: Fix a suspicious RCU usage warning (bsc#1012628).
- ext4: treat end of range as exclusive in ext4_zero_range()
(bsc#1012628).
- smb: client: fix renaming of reparse points (bsc#1012628).
- smb: client: fix hardlinking of reparse points (bsc#1012628).
- cifs: fix in logging in cifs_chan_update_iface (bsc#1012628).
- ecryptfs: Reject casefold directory inodes (bsc#1012628).
- ext4: fix inconsistent between segment fstrim and full fstrim
(bsc#1012628).
- ext4: unify the type of flexbg_size to unsigned int
(bsc#1012628).
- ext4: remove unnecessary check from alloc_flex_gd()
(bsc#1012628).
... changelog too long, skipping 1153 lines ...
- commit f71b395
==== libXext ====
Version update (1.3.5 -> 1.3.6)
- Update to version 1.3.6
* Wrap Xext*CheckExtension() in do { ... } while(0)
* configure: raise minimum autoconf requirement to 2.70
* configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
* _xgeGetExtensionVersion should not free info on failure
* Check for malloc failure in _xgeGetExtensionVersion
* _xgeDpyClose: handle NULL return from _xgeFindDisplay
* XEVI: fix -Walloc-size
==== libapparmor ====
Version update (3.1.6 -> 3.1.7)
- Update to AppArmor 3.1.7
- aa-logprof: don't skip exec events in hats
- fix aa-cleanprof to work with named profiles
- add permissions in various abstractions
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7
for the full list of changes
- drop upstreamed apparmor-systemd-sessions.patch
==== libei ====
Version update (1.2.0 -> 1.2.1)
- Update to release 1.2.1
* Previously, using OEFFIS_DEVICE_ALL_DEVICES in
oeffis_create_session() would erroneously result in the portal
selecting no devices instead of all.
==== libgsf ====
Version update (1.14.51 -> 1.14.52)
Subpackages: gsf-office-thumbnailer libgsf-1-114
- Update to version 1.14.52:
+ xml: Fix build with libxml2 2.12.
==== libidn2 ====
Version update (2.3.4 -> 2.3.7)
- update to 2.3.7:
* Un-deprecate idn2_to_ascii_4i and make it NUL terminate output
* Export punycode APIs
* Developer visible code maintenance
==== libjxl ====
Version update (0.9.0 -> 0.9.2)
- Update to release 0.9.2
* Fixed some unspecified bugs in the gdk-pixbuf plugin
==== libjxl-gtk ====
Version update (0.9.0 -> 0.9.2)
- Update to release 0.9.2
* Fixed some unspecified bugs in the gdk-pixbuf plugin
==== libmemcached ====
Subpackages: libmemcached11 libmemcachedutil2
- explicitly set docdir to converge cmake doc macro change
between leap and tumbleweed
==== libpciaccess ====
Version update (0.17 -> 0.18)
- Update to version 0.18
* Remove "All rights reserved" from Oracle copyright notices
* Try fopen(".../pci.ids", "re") on Solarish systems as well
* Remove autotools build
* gitlab-ci: use `meson setup`
* gitlab-ci: don't bother to configure meson for the version check
* gitlab-ci: remove unnecessary call to `meson configure`
* FreeBSD: Fallback to /usr/share/misc/pci_vendors
* FreeBSD: Remove sparc64 code
* Fix compilation warnings when building against hurd-amd64.
==== libxcb ====
Subpackages: libxcb-composite0 libxcb-damage0 libxcb-dpms0 libxcb-dri2-0 libxcb-dri3-0 libxcb-glx0 libxcb-present0 libxcb-randr0 libxcb-record0 libxcb-render0 libxcb-res0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb-xinput0 libxcb-xkb1 libxcb-xv0 libxcb1
- devel package: added missing Requires to libxcb-dbe0 (boo#1219572)
==== libxkbfile ====
Version update (1.1.2 -> 1.1.3)
- update to 1.1.3
* configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL
* Set close-on-exec when opening files
* _XkbMakeAtom: remove check for impossible case
* _XkbInitAtoms: check for malloc() failure
* XkbChangeAtomDisplay: stop leaking atom name
* XkbCFReportError: avoid -Wformat-nonliteral warning
* XkbWriteCFile: stop leaking header file ifdef name
* DefaultParser: avoid -Wimplicit-fallthrough warnings
* xkbtext.c: Add tbGetBufferString helper function
* XkbIndentText: Fix -Wsign-compare warning
* Fix -Wsign-compare warnings in xkbtext.c & xkmread.c
* Add a meson build system
- switched to meson build system
==== libzypp ====
Version update (17.31.28 -> 17.31.31)
- tui: allow to access the underlying ostream of out::Info.
- Add MLSep: Helper to produce not-NL-terminated multi line
output.
- version 17.31.31 (22)
- applydeltaprm: Create target directory if it does not exist
(bsc#1219442)
- Add ProblemSolution::skipsPatchesOnly (for openSUSE/zypper#514)
- Fix problems with EINTR in ExternalDataSource::getline (fixes
bsc#1215698)
- version 17.31.30 (22)
- CheckAccessDeleted: fix running_in_container detection
(bsc#1218782)
- Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime
(bsc#1218831)
- Make Wakeup class EINTR safe.
- Add a way to cancel media operations on shutdown
(openSUSE/zypper#522)
This patch adds a mechanism to signal libzypp that a shutdown was
requested, usually when CTRL+C was pressed by the user. Currently
only the media backend will utilize this, but can be extended to
all code paths that use g_poll() to wait for events.
- Manually poll fds for curl in MediaCurl.
Using curl_easy_perform does not give us the required control on
when we want to cancel a download. Switching to the MultiCurl
implementation with a external poll() event loop will give us
much more freedom and helps us to improve our Ctrl+C handling.
- Move reusable curl poll code to curlhelper.h.
- version 17.31.29 (22)
==== man ====
- Make lua scriplets more failsafe (boo#1219370)
==== microos-tools ====
Version update (2.21+git9 -> 2.21+git11)
- Update to version 2.21+git11:
* Install man-online alias only for bash
==== netavark ====
Version update (1.9.0 -> 1.10.2)
- Rely only on <major>.<minor> for aardvark-dns requires, even though
it is released in sync with netavark, relying on patch version is brittle.
- Update to version 1.10.2:
* Release v1.10.2
* Release notes for v1.10.2
* [CI:BUILD] Packit/rpm: fix aardvark-dns handling
* Do not perform network namespace detection on AV update
* Release v1.10.1
* Updated release notes for v1.10.1
* update to nftables release 0.3 from crates.io
* DISTRO_PACKAGE: fix incorrect vendored tar archive URL
* Bump to 1.11.0-dev
* Release 1.10.0
* Release notes for 1.10.0
* RPM: update .cargo/config before building
* Add support for isolation to the nftables driver
* build(deps): bump h2 from 0.3.22 to 0.3.24
* chore(deps): update rust crate chrono to 0.4.32
* fix(deps): update rust crate env_logger to 0.11.0
* chore(deps): update dependency containers/automation_images to v20240102
* Bump nftables-rs to latest commit
* Netavark: nftables support
* fix(deps): update rust crate serde_json to 1.0.111
* feat: added the --firewall-driver option
* Document how to generate a code coverage report for netavark
* fix(deps): update rust crate clap to ~4.4.12
* fix(deps): update rust crate serde_json to 1.0.110
* fix(deps): update rust-futures monorepo to 0.3.30
* fix(deps): update rust crate nispor to 1.2.16
* chore(deps): update rust crate tempfile to 3.9.0
* Use tonic::transport::Uri instead of HTTP
* chore(deps): update dependency containers/automation_images to v20231208
* fix(deps): update rust crate tokio to 1.35
* dhcp-proxy: return actual error instead of generic one
* dhcp-proxy: skip set gateway if missing
* bump netlink-packet-route to 0.18.1
* chore(deps): update rust crate once_cell to 1.19.0
* fix(deps): update rust crate nispor to 1.2.15
* fix(deps): update rust crate serde to 1.0.193
* fix(deps): update rust crate clap to ~4.4.10
* aardvark: show error if process is in wrong netns
* aardvark: remove unessesary unlock lockfile calls
* fix(deps): update rust crate url to 2.5.0
* Bump working version to v1.10.0-dev
==== netpbm ====
Subpackages: libnetpbm11
- added patches
fix CVE-2017-5849 [bsc#1022790], CVE-2017-5849 [bsc#1022791]
+ netpbm-use-byrow-when-needed.patch
==== numactl ====
Version update (2.0.17.4.g63befa8 -> 2.0.18.0.g3871b1c)
Subpackages: libnuma1
- Update to version 2.0.18.0.g3871b1c:
* Increase version number to 2.0.18
* man pages: fix table include preprocessor
- Update to version 2.0.17.8.g67984e5:
* numastat: Print package version number instead of own.
* numastat: Remove commented out perl code
* Check for MPOL_PREFERRED_MANY lazily
* libnuma: add numa_set_mempolicy_home_node API
==== openssl-3 ====
Subpackages: libopenssl3
- Add migration script to move old files (bsc#1219562)
/etc/ssl/engines.d/* -> /etc/ssl/engines1.1.d.rpmsave
/etc/ssl/engdef.d/* -> /etc/ssl/engdef1.1.d.rpmsave
They will be later restored by openssl-1_1 package
to engines1.1.d and engdef1.1.d
- Security fix: [bsc#1219243, CVE-2024-0727]
* Add NULL checks where ContentInfo data can be NULL
* Add openssl-CVE-2024-0727.patch
==== pam ====
- pam.tmpfiles: Make sure the content of the /run directories get
removed in case of a soft-reboot
==== pam-full-src ====
- pam.tmpfiles: Make sure the content of the /run directories get
removed in case of a soft-reboot
==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap
- Add "Requires: steam-devices" for both Gnome and KDE
* This package is just a small set of udev rules for controller
support, and is one of the more common reasons for end users to
need to interact with transactional-update, no good reason to not
include it in the desktop patterns
==== permissions ====
Version update (1699_20230602 -> 1699_20240206)
Subpackages: chkstat permissions-config
- Drop superfluous mkdir /usr/share/permissions/permissions.d
This is now created by the Makefile. See also
commit 5900bc1ffe6275298ded3c96dee03a5c98e4db1c
- Update to version 20240206:
* Whitelisting libgtop_server2 (bsc#1218921)
* Removing bogus whitespaces
* chkstat: harmonize and transform to a more compact coding and doc style
* gitignore: also ignore hidden ctags
* build: Create /usr/share/permissions/permissions.d for packagers
* profiles: drop /usr/sbin/lockdev which is no longer packaged in Factory
* profiles: drop /etc/ftpusers which is no longer shipped in netcfg
==== pipewire ====
Version update (1.0.2 -> 1.0.3)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Update to version 1.0.3:
* Highlights
- Fix ALSA version check. This should allow the alsa plugin to
work again.
- Some small fixes and improvements.
* PipeWire
- Escape @DEFAULT_SINK@ in the conf files.
* Modules
- Improve logging in module-pipe-tunnel.
* SPA
- Always recheck rate matching in ALSA when moving drivers.
This fixes a potential issue where the adaptive resampler
would not be activated in some cases.
* ALSA
- Fix ALSA version check. This should allow the alsa plugin to
work again.
==== polkit-default-privs ====
Version update (1550+20231213.09963a4 -> 1550+20240207.d833f4b)
- Update to version 1550+20240207.d833f4b:
* profiles: remove no longer used device-rebind action
==== pulseaudio ====
Version update (16.1 -> 17.0)
Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-setup pulseaudio-utils system-user-pulse
- Update to version 17.0:
* Updates to ALSA UCM-based setups
* Battery level indication to Bluetooth devices
* Support for the Bluetooth FastStream codec
* webrtc-audio-processing dependency updated
* Trigger role groups added to module-role-cork
* XDG base directory spec for profile-set loading
* PA_RATE_MAX increased
* webrtc-audio-processing dependency updated
For details, see:
https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/17.0/
- Drop obsoleted patches:
echo-cancel-add-webrtc-AEC3-support.patch
build-sys-Bump-cpp_std-to-c-17.patch
build-sys-Bump-webrtc-audio-processing-dependency.patch
==== python-MarkupSafe ====
Version update (2.1.4 -> 2.1.5)
- update to 2.1.5:
* Fix striptags not collapsing spaces. :issue:`417`
==== python-h11 ====
- spec cleanup
==== python-pip ====
- Fix shebang path for "pip3.XX" binaries
==== python-typing_extensions ====
- Add backport-recent-implementation-of-protocol.patch upstream patch
gh#python/typing_extensions@004b893ddce2
==== python311 ====
Version update (3.11.7 -> 3.11.8)
Subpackages: python311-curses python311-dbm
- Update to 3.11.8:
- Security
- gh-113659: Skip .pth files with names starting with a dot or
hidden file attribute.
- Core and Builtins
- gh-114887: Changed socket type validation in
create_datagram_endpoint() to accept all non-stream sockets.
This fixes a regression in compatibility with raw sockets.
- gh-114388: Fix a RuntimeWarning emitted when assign an
integer-like value that is not an instance of int to an
attribute that corresponds to a C struct member of type T_UINT
and T_ULONG. Fix a double RuntimeWarning emitted when assign a
negative integer value to an attribute that corresponds to a C
struct member of type T_UINT.
- gh-89811: Check for a valid tp_version_tag before performing
bytecode specializations that rely on this value being usable.
- gh-113602: Fix an error that was causing the parser to try to
overwrite existing errors and crashing in the process. Patch by
Pablo Galindo
- gh-113566: Fix a 3.11-specific crash when the repr of a Future
is requested after the module has already been
garbage-collected.
- gh-106905: Use per AST-parser state rather than global state to
track recursion depth within the AST parser to prevent potential
race condition due to simultaneous parsing.
- The issue primarily showed up in 3.11 by multithreaded users of
ast.parse(). In 3.12 a change to when garbage collection can be
triggered prevented the race condition from occurring.
- gh-112716: Fix SystemError in the import statement and in
__reduce__() methods of builtin types when __builtins__ is not a
dict.
- gh-105967: Workaround a bug in Appleâs macOS platform zlib
library where zlib.crc32() and binascii.crc32() could produce
incorrect results on multi-gigabyte inputs. Including when using
zipfile on zips containing large data.
- gh-94606: Fix UnicodeEncodeError when
email.message.get_payload() reads a message with a Unicode
surrogate character and the message content is not well-formed
for surrogateescape encoding. Patch by Sidney Markowitz.
- Library
- gh-114965: Update bundled pip to 24.0
- gh-114959: tarfile no longer ignores errors when trying to
extract a directory on top of a file.
- gh-109475: Fix support of explicit option value âââ in argparse
(e.g. --option=--).
- gh-110190: Fix ctypes structs with array on Windows ARM64
platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by
Diego Russo
- gh-113280: Fix a leak of open socket in rare cases when error
occurred in ssl.SSLSocket creation.
- gh-77749: email.policy.EmailPolicy.fold() now always encodes
non-ASCII characters in headers if utf8 is false.
- gh-114492: Make the result of termios.tcgetattr() reproducible
on Alpine Linux. Previously it could leave a random garbage in
some fields.
- gh-75128: Ignore an OSError in
asyncio.BaseEventLoop.create_server() when IPv6 is available but
the interface cannot actually support it.
- gh-114257: Dismiss the FileNotFound error in
ctypes.util.find_library() and just return None on Linux.
- gh-101438: Avoid reference cycle in ElementTree.iterparse. The
iterator returned by ElementTree.iterparse may hold on to a file
descriptor. The reference cycle prevented prompt clean-up of the
file descriptor if the returned iterator was not exhausted.
- gh-104522: OSError raised when run a subprocess now only has
filename attribute set to cwd if the error was caused by a
failed attempt to change the current directory.
- gh-109534: Fix a reference leak in
asyncio.selector_events.BaseSelectorEventLoop when SSL
handshakes fail. Patch contributed by Jamie Phan.
- gh-114077: Fix possible OverflowError in
socket.socket.sendfile() when pass count larger than 2 GiB on
32-bit platform.
- gh-114014: Fixed a bug in fractions.Fraction where an invalid
string using d in the decimals part creates a different error
compared to other invalid letters/characters. Patch by Jeremiah
Gabriel Pascual.
- gh-113951: Fix the behavior of tag_unbind() methods of
tkinter.Text and tkinter.Canvas classes with three arguments.
Previously, widget.tag_unbind(tag, sequence, funcid) destroyed
the current binding for sequence, leaving sequence unbound, and
deleted the funcid command. Now it removes only funcid from the
binding for sequence, keeping other commands, and deletes the
funcid command. It leaves sequence unbound only if funcid was
the last bound command.
- gh-113877: Fix tkinter method winfo_pathname() on 64-bit
Windows.
- gh-113781: Silence unraisable AttributeError when warnings are
emitted during Python finalization.
- gh-113594: Fix UnicodeEncodeError in email when re-fold lines
that contain unknown-8bit encoded part followed by
non-unknown-8bit encoded part.
- gh-113538: In asyncio.StreamReaderProtocol.connection_made(),
there is callback that logs an error if the task wrapping the
âconnected callbackâ fails. This callback would itself fail if
the task was cancelled. Prevent this by checking whether the
task was cancelled first. If so, close the transport but donât
log an error.
- gh-85567: Fix resource warnings for unclosed files in pickle and
... changelog too long, skipping 159 lines ...
- support-expat-CVE-2022-25236-patched.patch
==== python311-core ====
Version update (3.11.7 -> 3.11.8)
Subpackages: libpython3_11-1_0 python311-base
- Update to 3.11.8:
- Security
- gh-113659: Skip .pth files with names starting with a dot or
hidden file attribute.
- Core and Builtins
- gh-114887: Changed socket type validation in
create_datagram_endpoint() to accept all non-stream sockets.
This fixes a regression in compatibility with raw sockets.
- gh-114388: Fix a RuntimeWarning emitted when assign an
integer-like value that is not an instance of int to an
attribute that corresponds to a C struct member of type T_UINT
and T_ULONG. Fix a double RuntimeWarning emitted when assign a
negative integer value to an attribute that corresponds to a C
struct member of type T_UINT.
- gh-89811: Check for a valid tp_version_tag before performing
bytecode specializations that rely on this value being usable.
- gh-113602: Fix an error that was causing the parser to try to
overwrite existing errors and crashing in the process. Patch by
Pablo Galindo
- gh-113566: Fix a 3.11-specific crash when the repr of a Future
is requested after the module has already been
garbage-collected.
- gh-106905: Use per AST-parser state rather than global state to
track recursion depth within the AST parser to prevent potential
race condition due to simultaneous parsing.
- The issue primarily showed up in 3.11 by multithreaded users of
ast.parse(). In 3.12 a change to when garbage collection can be
triggered prevented the race condition from occurring.
- gh-112716: Fix SystemError in the import statement and in
__reduce__() methods of builtin types when __builtins__ is not a
dict.
- gh-105967: Workaround a bug in Appleâs macOS platform zlib
library where zlib.crc32() and binascii.crc32() could produce
incorrect results on multi-gigabyte inputs. Including when using
zipfile on zips containing large data.
- gh-94606: Fix UnicodeEncodeError when
email.message.get_payload() reads a message with a Unicode
surrogate character and the message content is not well-formed
for surrogateescape encoding. Patch by Sidney Markowitz.
- Library
- gh-114965: Update bundled pip to 24.0
- gh-114959: tarfile no longer ignores errors when trying to
extract a directory on top of a file.
- gh-109475: Fix support of explicit option value âââ in argparse
(e.g. --option=--).
- gh-110190: Fix ctypes structs with array on Windows ARM64
platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by
Diego Russo
- gh-113280: Fix a leak of open socket in rare cases when error
occurred in ssl.SSLSocket creation.
- gh-77749: email.policy.EmailPolicy.fold() now always encodes
non-ASCII characters in headers if utf8 is false.
- gh-114492: Make the result of termios.tcgetattr() reproducible
on Alpine Linux. Previously it could leave a random garbage in
some fields.
- gh-75128: Ignore an OSError in
asyncio.BaseEventLoop.create_server() when IPv6 is available but
the interface cannot actually support it.
- gh-114257: Dismiss the FileNotFound error in
ctypes.util.find_library() and just return None on Linux.
- gh-101438: Avoid reference cycle in ElementTree.iterparse. The
iterator returned by ElementTree.iterparse may hold on to a file
descriptor. The reference cycle prevented prompt clean-up of the
file descriptor if the returned iterator was not exhausted.
- gh-104522: OSError raised when run a subprocess now only has
filename attribute set to cwd if the error was caused by a
failed attempt to change the current directory.
- gh-109534: Fix a reference leak in
asyncio.selector_events.BaseSelectorEventLoop when SSL
handshakes fail. Patch contributed by Jamie Phan.
- gh-114077: Fix possible OverflowError in
socket.socket.sendfile() when pass count larger than 2 GiB on
32-bit platform.
- gh-114014: Fixed a bug in fractions.Fraction where an invalid
string using d in the decimals part creates a different error
compared to other invalid letters/characters. Patch by Jeremiah
Gabriel Pascual.
- gh-113951: Fix the behavior of tag_unbind() methods of
tkinter.Text and tkinter.Canvas classes with three arguments.
Previously, widget.tag_unbind(tag, sequence, funcid) destroyed
the current binding for sequence, leaving sequence unbound, and
deleted the funcid command. Now it removes only funcid from the
binding for sequence, keeping other commands, and deletes the
funcid command. It leaves sequence unbound only if funcid was
the last bound command.
- gh-113877: Fix tkinter method winfo_pathname() on 64-bit
Windows.
- gh-113781: Silence unraisable AttributeError when warnings are
emitted during Python finalization.
- gh-113594: Fix UnicodeEncodeError in email when re-fold lines
that contain unknown-8bit encoded part followed by
non-unknown-8bit encoded part.
- gh-113538: In asyncio.StreamReaderProtocol.connection_made(),
there is callback that logs an error if the task wrapping the
âconnected callbackâ fails. This callback would itself fail if
the task was cancelled. Prevent this by checking whether the
task was cancelled first. If so, close the transport but donât
log an error.
- gh-85567: Fix resource warnings for unclosed files in pickle and
... changelog too long, skipping 159 lines ...
- support-expat-CVE-2022-25236-patched.patch
==== qemu ====
Version update (8.1.3 -> 8.2.0)
- Fix a build issue of OVMF caused by
https://gitlab.com/qemu-project/qemu/-/issues/2064:
* target/i386: fix incorrect EIP in PC-relative translation blocks
* target/i386: Do not re-compute new pc with CF_PCREL
- Update to latest upstream release, 8.2.0:
The full list of changes are available at: https://wiki.qemu.org/ChangeLog/8.2
Highlights include:
* New virtio-sound device emulation
* New virtio-gpu rutabaga device emulation used by Android emulator
* New hv-balloon for dynamic memory protocol device for Hyper-V guests
* New Universal Flash Storage device emulation
* Network Block Device (NBD) 64-bit offsets for improved performance
* dump-guest-memory now supports the standard kdump format
* ARM: Xilinx Versal board now models the CFU/CFI, and the TRNG device
* ARM: CPU emulation support for cortex-a710 and neoverse-n2
* ARM: architectural feature support for PACQARMA3, EPAC, Pauth2, FPAC,
FPACCOMBINE, TIDCP1, MOPS, HBC, and HPMN0
* HPPA: CPU emulation support for 64-bit PA-RISC 2.0
* HPPA: machine emulation support for C3700, including Astro memory
controller and four Elroy PCI bridges
* LoongArch: ISA support for LASX extension and PRELDX instruction
* LoongArch: CPU emulation support for la132
* RISC-V: ISA/extension support for AIA virtualization support via KVM,
and vector cryptographic instructions
* RISC-V: Numerous extension/instruction cleanups, fixes, and reworks
* s390x: support for vfio-ap passthrough of crypto adapter for
protected
virtualization guests
* Tricore: support for TC37x CPU which implements ISA v1.6.2
* Tricore: support for CRCN, FTOU, FTOHP, and HPTOF instructions
* x86: Zen support for PV console and network devices
- Patch added (from upstream stable tree):
* include/ui/rect.h: fix qemu_rect_init() mis-assignment
- Some packaging and dependencies fixes:
* [openSUSE] rpm: restrict canokey to openSUSE only
* [openSUSE] rpm: fix virtiofsd dependency on 32 bit systems
* [openSUSE] rpm: add support for canokeys (boo#1217520)
- Rearrange dependencies and subpackages and filter features for ALP
* [openSUSE] rpm: disable Xen support in ALP-based distros
* [openSUSE] rpm: some more refinements of inter-subpackage dependencies
- Fix boo#1084909 and create a new qemu-spice metapackage:
* [openSUSE] rpm: normalize hostname, for reproducible builds (#44)
* [openSUSE] rpm: new subpackage, for SPICE
==== rebootmgr ====
Version update (2.1 -> 2.2)
- Update to version 2.2
- Make sure /run/reboot-needed get's deleted after a soft-reboot
==== rpm ====
Version update (4.19.1 -> 4.19.1.1)
- update to rpm-4.19.1.1
* don't warn about missing user/group on skipped files
* make user/group lookup caching thread-safe
* fix regression in Lua scriptlet runaway child detection
* restore readline support as an explicit option
- refreshed patches:
* rpmqpack.diff
- fix %_host not containing the abi suffix on arm [bnc#1219627]
updated patch: canongnu.diff
- Need to mention the changed patches for the python-setuptools to
cmake migration:
* Drop python_setup.diff
* Add cmake_python_version.diff
==== selinux-policy ====
Version update (20240116 -> 20240205)
Subpackages: selinux-policy-targeted
- Update to version 20240205:
* Allow gpg manage rpm cache
* Allow login_userdomain name_bind to howl and xmsg udp ports
* Allow rules for confined users logged in plasma
* Label /dev/iommu with iommu_device_t
* Remove duplicate file context entries in /run
* Dontaudit getty and plymouth the checkpoint_restore capability
* Allow su domains write login records
* Revert "Allow su domains write login records"
* Allow login_userdomain delete session dbusd tmp socket files
* Allow unix dgram sendto between exim processes
* Allow su domains write login records
* Allow smbd_t to watch user_home_dir_t if samba_enable_home_dirs is on
* Allow chronyd-restricted read chronyd key files
* Allow conntrackd_t to use bpf capability2
* Allow systemd-networkd manage its runtime socket files
* Allow init_t nnp domain transition to colord_t
* Allow polkit status systemd services
* nova: Fix duplicate declarations
* Allow httpd work with PrivateTmp
* Add interfaces for watching and reading ifconfig_var_run_t
* Allow collectd read raw fixed disk device
* Allow collectd read udev pid files
* Set correct label on /etc/pki/pki-tomcat/kra
* Allow systemd domains watch system dbus pid socket files
* Allow certmonger read network sysctls
* Allow mdadm list stratisd data directories
* Allow syslog to run unconfined scripts conditionally
* Allow syslogd_t nnp_transition to syslogd_unconfined_script_t
* Allow qatlib set attributes of vfio device files
* Allow systemd-sleep set attributes of efivarfs files
* Allow samba-dcerpcd read public files
* Allow spamd_update_t the sys_ptrace capability in user namespace
* Allow bluetooth devices work with alsa
* Allow alsa get attributes filesystems with extended attributes
* Allow hypervkvp_t write access to NetworkManager_etc_rw_t
* Add interface for write-only access to NetworkManager rw conf
* Allow systemd-sleep send a message to syslog over a unix dgram socket
* Allow init create and use netlink netfilter socket
* Allow qatlib load kernel modules
* Allow qatlib run lspci
* Allow qatlib manage its private runtime socket files
* Allow qatlib read/write vfio devices
* Label /etc/redis.conf with redis_conf_t
* Remove the lockdown-class rules from the policy
* Allow init read all non-security socket files
* Replace redundant dnsmasq pattern macros
* Remove unneeded symlink perms in dnsmasq.if
* Add additions to dnsmasq interface
* Allow nvme_stas_t create and use netlink kobject uevent socket
* Allow collectd connect to statsd port
* Allow keepalived_t to use sys_ptrace of cap_userns
* Allow dovecot_auth_t connect to postgresql using UNIX socket
* Make named_zone_t and named_var_run_t a part of the mountpoint attribute
* Allow sysadm execute traceroute in sysadm_t domain using sudo
* Allow sysadm execute tcpdump in sysadm_t domain using sudo
* Allow opafm search nfs directories
* Add support for syslogd unconfined scripts
* Allow gpsd use /dev/gnss devices
* Allow gpg read rpm cache
* Allow virtqemud additional permissions
* Allow virtqemud manage its private lock files
* Allow virtqemud use the io_uring api
* Allow ddclient send e-mail notifications
* Allow postfix_master_t map postfix data files
* Allow init create and use vsock sockets
* Allow thumb_t append to init unix domain stream sockets
* Label /dev/vas with vas_device_t
* Create interface selinux_watch_config and add it to SELinux users
* Update cifs interfaces to include fs_search_auto_mountpoints()
* Allow sudodomain read var auth files
* Allow spamd_update_t read hardware state information
* Allow virtnetworkd domain transition on tc command execution
* Allow sendmail MTA connect to sendmail LDA
* Allow auditd read all domains process state
* Allow rsync read network sysctls
* Add dhcpcd bpf capability to run bpf programs
* Dontaudit systemd-hwdb dac_override capability
* Allow systemd-sleep create efivarfs files
* Allow map xserver_tmpfs_t files when xserver_clients_write_xshm is on
* Allow graphical applications work in Wayland
* Allow kdump work with PrivateTmp
* Allow dovecot-auth work with PrivateTmp
* Allow nfsd get attributes of all filesystems
* Allow unconfined_domain_type use io_uring cmd on domain
* ci: Only run Rawhide revdeps tests on the rawhide branch
* Label /var/run/auditd.state as auditd_var_run_t
* Allow fido-device-onboard (FDO) read the crack database
* Allow ip an explicit domain transition to other domains
* Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t
* Allow winbind_rpcd_t processes access when samba_export_all_* is on
* Enable NetworkManager and dhclient to use initramfs-configured DHCP connection
* Allow ntp to bind and connect to ntske port.
==== shim ====
- Limit the requirement of fde-tpm-helper-macros to the distro with
suse_version 1600 and above (bsc#1219460)
==== spectacle ====
- Drop meanwhile unneeeded BuildReqs on kColorPicker and
kImageAnnotator
==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-boot systemd-coredump systemd-doc udev
- Drop python3-pefile dependency from the experimental package. MicroOs is fond
of the experimental stuff but OTOH it doesn't ship python3. Let's drop the
dependency for now, users of ukify are invited to install python3-pe manually.
- Move systemd-reboot.service from udev to the main package as this service is
useful in containers.
==== webkit2gtk3 ====
Version update (2.42.4 -> 2.42.5)
Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles
- Update to version 2.42.5 (boo#1219604):
+ Fix webkit_web_context_allow_tls_certificate_for_host to
handle IPv6 URIs produced by SoupURI.
+ Ignore stops with offset zero before last one when rendering
gradients with cairo.
+ Write bwrapinfo.json to disk for xdg-desktop-portal.
+ Fix gamepads detection by correctly handling focused window in
GTK4.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2024-23222, CVE-2024-23206, CVE-2024-23213.
- Drop webkit2gtk3-CVE-2024-23222.patch: fixed upstream.
- Add webkit2gtk3-llint-build-fix.patch: fix the build for non-x86
architectures.
==== webkit2gtk4 ====
Version update (2.42.4 -> 2.42.5)
Subpackages: libjavascriptcoregtk6_0-1 libwebkitgtk6_0-4 webkitgtk-6_0-injected-bundles
- Update to version 2.42.5 (boo#1219604):
+ Fix webkit_web_context_allow_tls_certificate_for_host to
handle IPv6 URIs produced by SoupURI.
+ Ignore stops with offset zero before last one when rendering
gradients with cairo.
+ Write bwrapinfo.json to disk for xdg-desktop-portal.
+ Fix gamepads detection by correctly handling focused window in
GTK4.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2024-23222, CVE-2024-23206, CVE-2024-23213.
- Drop webkit2gtk3-CVE-2024-23222.patch: fixed upstream.
- Add webkit2gtk3-llint-build-fix.patch: fix the build for non-x86
architectures.
==== wireplumber ====
Subpackages: libwireplumber-0_4-0 wireplumber-audio
- Add patch to only enable bluetooth when audio support is enabled
by installing wireplumber-audio (bsc#1219411):
* fix-bsc1219411.patch
==== xkbcomp ====
Version update (1.4.6 -> 1.4.7)
- update to 1.4.7
* This release mainly focuses on code cleanup and improving
maintainability and making static analysis work better on this
code base. It also fixes a bug that could cause build failures
with gcc when the -ftracer option was used.
==== xprop ====
Version update (1.2.6 -> 1.2.7)
- Update to version 1.2.7
* This release fixes a failure to build with C23 compilers.
==== yast2-installation ====
Version update (5.0.5 -> 5.0.6)
- Restore the selected products after reloading the package
manager, properly install all products for new modules and
extensions when upgrading from SLE12 (bsc#1218391)
- 5.0.6
==== yast2-network ====
Version update (5.0.1 -> 5.0.2)
- Consider firmware configured interfaces as non bridgeable
(bsc#1218595).
- 5.0.2
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
AppStream (1.0.0 -> 1.0.1)
MozillaFirefox
alsa (1.2.10 -> 1.2.11)
alsa-ucm-conf (1.2.10 -> 1.2.11)
alsa-utils (1.2.10 -> 1.2.11)
crun (1.12 -> 1.14)
crypto-policies
cups
cups-filters (1.28.15 -> 1.28.17)
drkonqi5
ffmpeg-4
glibc (2.38 -> 2.39)
gstreamer (1.22.8 -> 1.22.9)
gstreamer-plugins-bad (1.22.8 -> 1.22.9)
gstreamer-plugins-base (1.22.8 -> 1.22.9)
gstreamer-plugins-good (1.22.8 -> 1.22.9)
inxi (3.3.31 -> 3.3.32)
iproute2 (6.6 -> 6.7)
kernel-firmware (20240126 -> 20240201)
kio
kio-extras5
ksystemstats5
kwin5
libksysguard5
libusb-1_0 (1.0.26 -> 1.0.27)
libzio (1.08 -> 1.09)
mutter
netpbm (11.2.0 -> 11.5.2)
pam
pam-full-src
parted (3.5 -> 3.6)
partitionmanager
perl-gettext
pipewire (1.0.1 -> 1.0.2)
plasma5-addons
plasma5-workspace
podman (4.9.0 -> 4.9.2)
python-Mako (1.3.0 -> 1.3.2)
python-Twisted
python-pip
python-pytz (2023.3.post1 -> 2023.4)
python-setuptools (69.0.2 -> 69.0.3)
runc (1.1.11 -> 1.1.12)
sddm
shim (15.7 -> 15.8)
strace
systemd-presets-common-SUSE
timezone (2023d -> 2024a)
vlc
xdg-utils
=== Details ===
==== AppStream ====
Version update (1.0.0 -> 1.0.1)
Subpackages: libAppStreamQt5-3 libappstream5
- Update to 1.0.1
Bugfixes:
* Fix lib name for Qt5 link target
* meson: Pass -D_DARWIN_C_SOURCE on darwin
* Fix macOS build
* stemmer: Resolve potential issue where stemmer may never be
initialized
* cli: Don't fail what-provides if components were found
* Fix query element order for what-provides queries
* validator: Demote developer-name-tag-deprecated to info
severity for now
* content-rating: Fix missing or wrong value descriptions for
rating IDs
* curl: Add transfer speed timeouts for HTTP downloads
* curl: Retry operations on potentially transient errors
Miscellaneous:
* validator: Improve hint for content-attribute-value-invalid
* Allow building without zstd temporarily
- Drop patches, merged upstream:
* 0001-validator-Demote-developer-name-tag-deprecated-to-in.patch
* 0001-content-rating-Fix-missing-or-wrong-value-descriptio.patch
* 0001-Fix-lib-name-for-Qt5-link-target.patch
- Switch to the latest GCC version available in Leap for packages
that can't build with the default compiler
==== MozillaFirefox ====
- Recommend libfido2-udev on codestreams that exist, in order to try
to get security keys (e.g. Yubikeys) work out of the box. (bsc#1184272)
==== alsa ====
Version update (1.2.10 -> 1.2.11)
Subpackages: libasound2 libatopology2
- Updated to alsa-lib 1.2.11:
* auto-tools fixes, versioned symbol fixes
* support dB TLVs for single controls
* various PCM updates, including subformat extensions
* UMP and sequencer API fixes
For details, see:
https://www.alsa-project.org/wiki/Changes_v1.2.10_v1.2.11#alsa-lib
- Dropped obsoleted patches:
0001-control.h-Fix-ump-header-file-detection.patch
0002-global.h-move-__STRING-macro-outside-PIC-ifdef-block.patch
0003-pcm-Fix-segfault-with-32bit-libs.patch
0004-reshuffle-included-files-to-include-config.h-as-firs.patch
0005-seq-Fix-typos-in-symbol-version-definitions.patch
0006-seq-Fix-invalid-sanity-check-in-snd_seq_set_input_bu.patch
0007-mixer-simple-Support-dB-TLVs-for-CTL_SINGLE-controls.patch
0008-seq-Clear-UMP-event-flag-for-legacy-apps.patch
0009-seq-Simplify-snd_seq_extract_output.patch
0010-seq-Check-protocol-compatibility-with-the-current-ve.patch
==== alsa-ucm-conf ====
Version update (1.2.10 -> 1.2.11)
- Update to version 1.2.11:
* Qualcomm, Mediatek, SOF soundwire, and various USB-audio profiles
For details, see:
https://www.alsa-project.org/wiki/Changes_v1.2.10_v1.2.11#alsa-ucm-conf
- Drop obsoleted patch:
0001-SplitPCM-Device-argument-may-not-be-set.patch
==== alsa-utils ====
Version update (1.2.10 -> 1.2.11)
- Update to alsa-utils 1.2.11:
* alsactl buffer overflow fix
* alsatplg updates, NHLT ACPI parser updates
* use smaller periods for speaker-test
* add bandwidth-limited pink noise for speaker-test
* aplay updates, including subformat extensions
* compile warning fixes
For details, see:
https://www.alsa-project.org/wiki/Changes_v1.2.10_v1.2.11#alsa-utils
- Drop obsoleted patches:
0001-axfer-use-ATTRIBUTE_UNUSED-instead-remove-argument-n.patch
0002-amidi-use-ATTRIBUTE_UNUSED-instead-remove-argument-n.patch
0003-alsaloop-use-ATTRIBUTE_UNUSED-instead-remove-argumen.patch
0004-bat-use-ATTRIBUTE_UNUSED-instead-remove-argument-nam.patch
0005-seq-use-ATTRIBUTE_UNUSED-instead-remove-argument-nam.patch
0006-alsaucm-use-ATTRIBUTE_UNUSED-instead-remove-argument.patch
0007-topology-use-ATTRIBUTE_UNUSED-instead-remove-argumen.patch
0008-topology-include-locale.h.patch
0009-nhlt-dmic-info.c-include-sys-types.h.patch
0010-topology-pre-processor-Add-support-for-enum-controls.patch
0011-configure.ac-fix-UMP-support-detection.patch
0012-bat-really-skip-analysis-of-the-first-period-and-upd.patch
0013-topology-add-include-for-ENABLE_NLS-on-musl.patch
0014-nhlt-use-stdint.h-types.patch
0015-Revert-nhlt-dmic-info.c-include-sys-types.h.patch
0016-aplay-use-stdint.h-types-instead-u_int-u_short-u_cha.patch
0017-alsa-restore.rules-use-devnode-instead-number-atribu.patch
0018-nhlt-Revert-SSP_ANALOG-device_type-field.patch
0019-alsactl-fix-potential-buffer-overwrite.patch
0020-aplay-fix-buffer-overflow-and-tainted-format-string.patch
0021-misc-fix-incorrect-usages-of-strerror.patch
0022-aplay-Add-option-for-specifying-subformat.patch
0023-aplay-allow-to-compile-with-older-alsa-lib-subformat.patch
0024-aplay-log-pcm-status-before-reporting-a-fatal-error.patch
0025-aplay-enable-timestamps-by-default.patch
0026-aplay-status-dumps-are-called-only-in-verbose-mode.patch
0027-aplaymidi-Set-event-completely-for-tempo-event.patch
==== crun ====
Version update (1.12 -> 1.14)
- update to 1.14:
* build: drop dependency on libgcrypt. Use blake3 to compute the cache key.
* cpuset: don't clobber parent cgroup value when writing the cpuset value.
* linux: force umask(0). It ensures that the mknodat syscall is not affected by the umask of the calling process,
allowing file permissions to be set as specified in the OCI configuration.
* ebpf: do not require MEMLOCK for eBPF programs. This requirement was relaxed in Linux 5.11.
- update to 1.13:
* src: use O_CLOEXEC for all open/openat calls
* cgroup v1: use "max" when pids limit < 0.
* improve error message when idmap mount fails because the underlying file system has no support for it.
* libcrun: fix compilation when building without libseccomp and libcap.
* fix relative idmapped mount when using the custom annotation.
==== crypto-policies ====
Subpackages: crypto-policies-scripts
- avoid the cycle rpm/cmake/crypto-policies/python-rpm-macros:
we only need python3-base here, we don't need the python
macros as no module is being built
==== cups ====
Subpackages: cups-client cups-config libcups2 libcupsimage2
- Removed outdated ntadmin stuff from cups.spec (boo#1219503)
==== cups-filters ====
Version update (1.28.15 -> 1.28.17)
- Removed outdated and obsoleted "Requires: cups > 1.5.4"
which was used to require a sufficient CUPS version
at times when also CUPS <= 1.5.4 was available
but it was not meant to require CUPS (boo#1216560)
- Version upgrade to 1.28.17
See https://github.com/OpenPrinting/cups-filters/releases
Bug fix release, to more reliably discover all printer
capablities from driverless printers, especially borderless
printing, and to preferably use Apple Raster instead of
PWG Raster or PCLM.
* libcupsfilters: In PPD generator create only one *cupsFilter2:
line for raster. Only use the most desirable/reliable format,
usually Apple Raster (Issue #498).
* libcupsfilters: In get_printer_attributes() poll
media-col-database separately if needed. On some printers
one gets media-col-database only this way. Often it reveals
important functionality, like for example borderless printing
(Issue #492).
* libcupsfilters: Let PPD generator also parse media-col-ready
IPP attribute. media-col-ready lists the loaded media,
in contrary to media-ready, as list of complete descriptions
of the media (media-col data structure). This often lists also
variants like borderless (it is the same physical paper).
Especially useful when media-col-database is not available
(Issue #492).
* libcupsfilters: In generate_sizes() consider all
margin alternatives. When generating the PPD file
for a driverless printer, and in the
media-{left,right,top,bottom}-margin-supported printer
IPP attributes there was more than 1 value, the first value
(which often was the 0 for borderless printing) was not
considered, leaving the borderless functionality of many
printers undiscovered (Issue #492).
Issues are those at
https://github.com/OpenPrinting/cups-filters/issues
- Version upgrade to 1.28.16
See https://github.com/OpenPrinting/cups-filters/releases
Bug fix release, to make images be printed in their original
size with "print-scaling=none" and to not use deprecated data
types for reading TIFF images.
* imagetoraster, imagetopdf, libcupsfilters: Added support
for reading the resolution of an image from its EXIF data
when loading it. This way we get the image reproduced in
its original size with "print-scaling=none" (Issue #362).
* libcupsfilters: Replaced deprecated data types uint16 and
uint32. The function to read TIFF image files via libtiff
in cupsfilters/image-tiff.c uses the deprecated types
uint16 and uint32. The replacements for these types are
uint16_t and uint32_t.
Issues are those at
https://github.com/OpenPrinting/cups-filters/issues
==== drkonqi5 ====
Subpackages: drkonqi5-lang
- Switch to the latest GCC version available in Leap for packages
that can't build with the default compiler
==== ffmpeg-4 ====
Subpackages: libavutil56_70 libpostproc55_9
- drop support for libmfx, which is no longer supported upstream
at all (boo#1219494)
==== glibc ====
Version update (2.38 -> 2.39)
Subpackages: glibc-extra glibc-locale glibc-locale-base
- Update to glibc 2.39
* A new tunable, glibc.cpu.plt_rewrite, can be used to enable PLT
rewrite on x86-64
* Sync with Linux kernel 6.6 shadow stack interface
* struct statvfs now has an f_type member, equal to the f_type statfs
member
* On Linux, the functions posix_spawnattr_getcgroup_np and
posix_spawnattr_setcgroup_np have been added, along with the
POSIX_SPAWN_SETCGROUP flag
* On Linux, the pidfd_spawn and pidfd_spawp functions have been added
* On Linux, the pidfd_getpid function has been added
* scanf-family functions now support the wN format length modifiers for
arguments pointing to types intN_t, int_leastN_t, uintN_t or
uint_leastN_t
* A new tunable, glibc.mem.decorate_maps, can be used to add additional
information on underlying memory allocated by the glibc
* The <stdbit.h> header has been added from ISO C2X
* On AArch64 new symbols were added to libmvec
* The ldconfig program now skips file names containing ';' or ending in
".dpkg.tmp" or ".dpkg.new"
* The dynamic linker calls the malloc and free functions in more cases
during TLS access if a shared object with dynamic TLS is loaded and
unloaded
- aarch64-rawmemchr-unwind.patch, cache-amd-legacy.patch,
cache-intel-shared.patch, call-init-proxy-objects.patch,
fstat-implementation.patch, gb18030-2022.patch,
getaddrinfo-eai-memory.patch, getaddrinfo-memory-leak.patch,
getcanonname-use-after-free.patch, iconv-error-verbosity.patch,
intl-c-utf-8-like-c-locale.patch, ldconfig-process-elf-file.patch,
libio-io-vtables.patch, libio-wdo-write.patch,
no-aaaa-read-overflow.patch, posix-memalign-fragmentation.patch,
ppc64-flock-fob64.patch, qsort-invalid-cmp.patch,
sem-open-o-creat.patch, setxid-propagate-glibc-tunables.patch,
syslog-buffer-overflow.patch, tls-modid-reuse.patch,
tunables-string-parsing.patch: Removed
- syslog-buffer-overflow.patch: syslog: Fix heap buffer overflow in
__vsyslog_internal (CVE-2023-6246, CVE-2023-6779, CVE-2023-6780,
bsc#1218863, bsc#1218867, bsc#1218868)
- qsort-invalid-cmp.patch: qsort: handle degenerated compare function
(bsc#1218866)
- Change minimum GCC to 13
- Split off libnsl.so.1 into a separate package
==== gstreamer ====
Version update (1.22.8 -> 1.22.9)
Subpackages: libgstreamer-1_0-0 typelib-1_0-Gst-1_0
- Update to version 1.22.9:
+ Highlighted bugfixes in 1.22.9
- More Security fixes for the AV1 video codec parser
- va: fixes for Mesa Gallium drivers in Mesa versions older
than v23.2
- v4l2src: Consider framerate during caps selection
- v4l2codec: decoder fixes
- rtspsrc: multicast fixes
- camerabin viewfinder fixes
- various bug fixes, build fixes, memory leak fixes, and other
stability and reliability improvements
+ gstreamer
- aggregator: fix use-after-free in queries processing
- multiqueue: Ignore queue fullness for most events
- Rebase reduce-required-meson.patch
==== gstreamer-plugins-bad ====
Version update (1.22.8 -> 1.22.9)
Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0
- Update to version 1.22.9:
+ av1parser: Fix potential stack overflow during tile list
parsing (CVE-2024-0444, bsc#1219453, ZDI-CAN-22300)
+ camerabin: Correctly relink viewfinderbin_queue
+ GstPlay: Fix error details parsing
+ h264decoder: Handle malformed avc/avc3 packets
+ h264decoder: h265decoder: Align with wraparound fix
+ vp8decoder: vp9decoder: av1decoder: mpeg2decoder:
Fix multiplication wraparound
+ vah264enc/vah264dec issues after recent upgrade to 1.22.8
from 1.22.7
+ va: fixes for Mesa Gallium drivers in Mesa versions older
than v23.2
+ vp9parse: Fix critical warning during caps negotiation
- Rebase reduce-required-meson.patch
==== gstreamer-plugins-base ====
Version update (1.22.8 -> 1.22.9)
Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstTag-1_0
- Update to version 1.22.9:
+ audiobasesink: Don't wait on gap events
+ audioconvert: change gst_audio_convert_get_unit_size() log
levels
+ glcolorconvert: Correct transform_caps direction
+ gloverlay: Apply updated overlay coordinates correctly
+ videorate: keep pool if max_buffers is unlimited
- Rebase reduce-required-meson.patch
==== gstreamer-plugins-good ====
Version update (1.22.8 -> 1.22.9)
Subpackages: gstreamer-plugins-good-gtk
- Update to version 1.22.9:
+ rtpsession: Only warn once if configured latency needs to be
known but isn't yet
+ rtphdrext-clientaudiolevel: Fix level value being written by
the extension
+ rtspsrc: set multicast-iface on udpsinks and fix RTCP sink TTL
+ v4l2object: clear old fds when initializing poll during
opening v4l2 device
+ v4l2src: Consider framerate during caps selection
+ vpxdec: Use appropriate domain and code for decoding errors
- Rebase reduce-required-meson.patch
==== inxi ====
Version update (3.3.31 -> 3.3.32)
- - Updated to version 3.3.32:
+ /usr/share/doc/packages/inxi/inxi.changelog.
==== iproute2 ====
Version update (6.6 -> 6.7)
Subpackages: iproute2-bash-completion
- Update to release 6.7
* devlink: Support setting port function ipsec_crypto cap and
ipsec_packet cap
* iplink: bridge: Add support for bridge FDB learning limits
* bridge: fdb: support match on source VNI, nexthop ID,
destination VNI, destination port, destination IP address and
[no]router flag in the flush command
* bridge: mdb: Add get support
==== kernel-firmware ====
Version update (20240126 -> 20240201)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network
- More update on version 20240201 (git commit 3677750467cb):
* linux-firmware: wilc1000: update WILC1000 firmware to v16.1.2
* rtl_nic: add firmware for RTL8126A (bsc#1217417)
* qcom: Add Audio firmware for SM8550 HDK
- Update to version 20240201 (git commit 1b24d7d3379b):
* linux-firmware: intel: Add IPU6 firmware binaries
* ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.37
* Revert "amdgpu: DMCUB updates for various AMDGPU ASICs"
* amdgpu: update SMU 13.0.0 firmware
* amdgpu: update PSP 13.0.0 firmware
* amdgpu: update GC 11.0.0 firmware
* brcm: Add brcmfmac43430-sdio.xxx.txt nvram for the Chuwi Hi8 (CWI509) tablet
* amdgpu: DMCUB updates for various AMDGPU ASICs
==== kio ====
Subpackages: kio-core
- Switch to the latest GCC version available in Leap for packages
that can't build with the default compiler
==== kio-extras5 ====
Subpackages: libkioarchive5
- Switch to the latest GCC version available in Leap for packages
that can't build with the default compiler
==== ksystemstats5 ====
- Switch to the latest GCC version available in Leap for packages
that can't build with the default compiler
==== kwin5 ====
- Switch to the latest GCC version available in Leap for packages
that can't build with the default compiler
==== libksysguard5 ====
Subpackages: ksysguardsystemstats-data libKSysGuardSystemStats1 libksysguard5-imports libksysguard5-plugins
- Switch to the latest GCC version available in Leap for packages
that can't build with the default compiler
==== libusb-1_0 ====
Version update (1.0.26 -> 1.0.27)
- Update to version 1.0.27
* New libusb_init_context API to replace libusb_init
* New libusb_get_max_alt_packet_size API
* New libusb_get_platform_descriptor API (BOS)
* Allow setting log callback with libusb_set_option/libusb_init_context
* New WebAssembly + WebUSB backend using Emscripten
* Fix regression in libusb_set_interface_alt_setting
* Fix sync transfer completion race and use-after-free
* Fix hotplug exit ordering
* Linux: NO_DEVICE_DISCOVERY option set per context
- added signature and keyring. (key received via keyserver)
==== libzio ====
Version update (1.08 -> 1.09)
- Version 1.09: Allow to create files without suffix as well
==== mutter ====
- Drop mutter-SLE-bsc984738-grab-display.patch: It blocks non-CSD
apps with GNOME 45, and the latest LTS Oracle Installer works
fine without it, the original bug is not a problem (bsc#1218935).
==== netpbm ====
Version update (11.2.0 -> 11.5.2)
Subpackages: libnetpbm11
- version update to 11.5.2
Release 11.05.02
+ ppmtowinicon: fix array overrun with 4 and 8 bits per pixel.
Release 11.05.01
Fix typo in ppmforge test case.
Release 11.05.00
+ pnmpad: Add -color, -promote, -extend-edge, -detect-background .
+ pnmconvol: Restore ability of convolution matrix to be a
pseudo-plain-PNM with samples that exceed the maxval. Lost in
10.30 (October 2005) because maxval-checking code was added to
libnetpbm. (Was fixed in 10.47.08 in November 2010, but only in
the 10.47 series).
+ pnmindex: Improve failure mode when -size or -across is zero.
+ pnmindex: Make -plain work.
+ pnmpad: fix behavior with -left, -right, and -width together or
- top, -bottom, -height together: ignores -width where it should
fail. Broken in Netpbm 10.72 (September 2015).
+ pamtosvg: fix "zero determinant" failure. Introduced in
Netpbm 11.04 (September 2023).
+ pjtoppm: fix crash based on uninitialized variable.
Introduced in Netpbm 11.04 (September 2023).
+ ppmtopcxl: fix incorrect output with > 256 colors. Always
broken. (Program was added in primordial Netpbm in 1990).
+ pbmtext: fix buffer overrun with insanely large input.
+ picttoppm: fix buffer overrun with insanely wide input.
+ ppmtoxpm: fix incorrect output with insanely large number of
colors.
+ pnmscalefixed: fix incorrect output with really big image and
- pixels option.
+ ppmdither: fix buffer overrun with insanely large dithering
matrix.
+ pnmpad: no longer accept old-style options (e.g. -t50).
+ libnetpbm: Add pm_feed_from_file, pm_accept_to_files,
pm_accept_to_filestream Standard Input feeder, Output accepter
for pm_system.
+ libnetpbm, programs that use color maps: fix buffer overrun
with insanely deep images.
+ merge build: Fix 'pnmcat'. Introduced in Netpbm 11.00
(September 2023).
Release 11.04.00
+ pamaddnoise: add -salt.
+ pamaddnoise: reject options that aren't meaningful for the type
of noise specified rather than just ignore them.
+ ppmtosixel: Add -7bit, so it works on more terminals, including
xterms. Thanks Scott Pakin.
+ g3topbm: Add -correctlong
+ pnmtojpeg: minor improvement to error messages about bad files.
+ pammixmulti: Remove disclaimer of patent license.
+ pamstack: Fix bug: acts like -firstmaxval specified when it
wasn't. Introduced in Netpbm 11.03 (June 2023).
+ pamstack: Fix -lcmmaxval: chooses wrong maxval. Always
broken (-lcmmaxval was new in Netpbm 11.03 (June 2023)).
+ pamstack: Fail gracefully when total number of planes is too
large for unsigned integer. Always broken (Pamstack was new in
Netpbm 10.0 (June 2002).
+ pamtosvg: fix hang.
+ ppmfade: fix "file not found" crash for most fade modes.
Introduced in Netpbm 10.98 (March 2022).
+ ppmfade: fix incorrect block mode fade. Always broken
(ppmfade was new in Netpbm 8.4 (April 2000)).
+ pamaddnoise: fix very incorrect noise added for all types.
Introduced in Netpbm 10.94 (March 2021).
+ ppmrough: fix buffer overrun. Always broken (Ppmrough was new
in Netpbm 10.9 (September 2002).
ppmrough: fix excessive roughness. Introduced in Netpbm 10.94
(March 2021).
+ pgmtexture: Fix buffer overflow with maxval > 255. Always
broken. Maxvals > 255 were possible starting in Netpbm 9.0
(April 2000).
+ pgmtexture: Fix bug: ignores -d. Introduced in Netpbm 10.56
(September 2011).
+ xwdtopnm Fix spurious output with really wide/deep rows.
+ imgtoppm: Fix spurious output with really wide/deep rows.
+ pbmtopgm: Fix error message for excessive -width.
+ pbmtoxbm: Fix spurious output with really wide rows.
+ tifftopnm: Fix incorrect output with insanely wide/deep rows.
+ thinkjettopbm: Fix incorrect output with insanely wide rows.
+ ybmtopbm: Fix incorrect output with insanely wide rows.
+ pjtoppm: Fix incorrect output with insanely large number of rows.
+ library: add check of maxval for computable size.
+ Build: Include LDFLAGS in link of shared library.
* Release 11.03.00
+ pamstack: Add -firstmaxval, -lcmmaxval
+ pnmcolormap: make result independent of how system's qsort
orders records with equal keys. Affects pnmquant.
+ pamtopng: fix typo in error message about -chroma option.
+ pamtopng, pnmtopng, pngtopam: fix error message when something
fails in libpng. Always broken (the programs were new in Netpbm
8.1 (March 2000)).
- modified patches
% netpbm-gcc-warnings.patch (refreshed)
% netpbm-security-code.patch (refreshed)
==== pam ====
- Enable pam_canonicalize_user.so
==== pam-full-src ====
- Enable pam_canonicalize_user.so
==== parted ====
Version update (3.5 -> 3.6)
Subpackages: libparted-fs-resize0 libparted2
- update to version 3.6:
- Support GPT partition attribute bit 63 as no_automount flag
- Add type commands to set type-id on MS-DOS and type-uuid on GPT
- Add swap flag support to the dasd disklabel
- Add display of GPT disk and partition UUIDs in JSON output
refreshed patches:
- parted-mac.patch
- libparted-dasd-implicit-partition-disk-flag.patch
- tests-disable.patch
removed patches:
- direct-handling-of-partition-type-id-and-uuid.patch
- type-command.patch
- libparted-dasd-improve-lvm-raid-flag-handling.patch
- libparted-dasd-add-swap-flag-handling-for-DASD-CDL.patch
==== partitionmanager ====
- Switch to the latest GCC version available in Leap for packages
that can't build with the default compiler
==== perl-gettext ====
- Run testsuite with locale LANG=en_US.UTF. It fails otherwise with
glibc 2.39
==== pipewire ====
Version update (1.0.1 -> 1.0.2)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Update to version 1.0.2:
* Highlights
- Fix v4l2 enumeration with filter. This should fix negotiation
in some GStreamer pipelines with capsfilter. Also probe for
EXPBUF support before using it.
- Fix max-latency property and Buffer param when dealing with
small ALSA device buffers. This should fix stuttering with
some AMD based soundcards.
- More small cleanups an improvements.
* Modules
- Improve netjack2 channel positions.
- Improve RAOP module state after suspend/resume. (#3778)
- Avoid crash in some LV2 plugins by configuring the Atom
ports. (#3815)
* SPA
- Bump libcamera requirements to 0.2.0.
- Try to avoid unaligned load exceptions. (#3790)
- Fix v4l2 enumeration with filter. (#1793)
- Fix max-latency property and Buffer param when dealing with
small ALSA device buffers. This should fix stuttering with
some AMD based soundcards. (#3744,#3622)
- Add a resync.ms option to node.driver to make it possible to
resync fast to clock jumps.
- Probe for EXPBUF support in v4l2 before using it. (#3821)
* pulse-server
- Also emit change events when the port list change.
* Bluetooth
- Log a more verbose explanation when other soundservers seem
to be interfering with bluetooth.
- Add quirks for Rockbox Brick. (#3786)
- Add quirks for SoundCore mini2. (#2927)
* JACK
- Improve check for the running state of clients. (#3794)
- Drop patches already included by upstream:
* 0001-spa-libcamera-use-CameraConfigurationorientation.patch
* 0002-spa-libcamera-bump-minimum-supported-version-to-0.2.0.patch
==== plasma5-addons ====
Subpackages: plasma5-addons-lang
- Switch to the latest GCC version available in Leap for packages
that can't build with the default compiler
==== plasma5-workspace ====
Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-libs xembedsniproxy
- Switch to the latest GCC version available in Leap for packages
that can't build with the default compiler
==== podman ====
Version update (4.9.0 -> 4.9.2)
- Update to version 4.9.2:
* Bump to v4.9.2
* Release notes for v4.9.2
* Cirrus: Update operating branch
* [v4.9] Bump to c/common v0.57.4, buildkit v0.12.5, c/buidah v1.33.5
* Fix updated runc dep breaking pod devices cgroup
* systests: kube with policies test: fix race
* Remove go.mod pin of runc and update to latest
* systests: kube with policies test: fix race
* Bump to v4.9.2-dev
- Update to version 4.9.1:
* Bump to v4.9.1
* Release notes for v4.9.1
* [v4.9] Bump Buildah to v1.33.4, c/common v0.57.3, c/image v5.29.2
* pkginstaller: bump Qemu version to 8.2.1
* Assign separate ports for each appleHV machine
* Fix machine inspect test config
* AppleHV: update LastUp time
* applehv: return socket path from setupAPIForwarding
* applehv: Remove unneeded cmd.ExtraFiles assignment
* abi: drop check for IsRootless()
* system: enhance check for re-exec into rootless userns
* system: enhance check for re-exec into rootless userns
* Fix `podman machine set --rootful` for applehv
* applehv - fix vm lookup
* rpm: use go-rpm-macros on RHEL 10
* Bump to v4.9.1-dev
==== python-Mako ====
Version update (1.3.0 -> 1.3.2)
- update to 1.3.2:
* Fixed parsing issue where attempting to render a single percent
sign % using an escaped percent %% would not function correctly
if the escaped percent were not the first character on a line.
Note that this is a revised version of a similar change made
in Mako 1.3.1 which caused unexpected parsing regressions,
resulting in the release being yanked.
==== python-Twisted ====
Subpackages: python311-Twisted python311-Twisted-tls
- Add stop-using-3-arg-throw.patch:
* Avoid 3-arg throw to fix a DeprecationWarning in Python 3.12.
==== python-pip ====
- Drop deprecated setup.py installmethod, bootstrap PEP517 with
built-in pip instead
- python3XX-pip-wheel can now be a regular subpackage
- Drop obsolete python2 directives in specfile
==== python-pytz ====
Version update (2023.3.post1 -> 2023.4)
- update to 2023.4:
* Update olson to 2023d
==== python-setuptools ====
Version update (69.0.2 -> 69.0.3)
- update to 69.0.3:
* Bugfixes - Retain valid names with underscores in egg_info.
==== runc ====
Version update (1.1.11 -> 1.1.12)
- Update to runc v1.1.12. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.12>. bsc#1218894
* This release fixes a container breakout vulnerability (CVE-2024-21626). For
more details, see the upstream security advisory:
<https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-v…>
* Remove upstreamed patches:
- CVE-2024-21626.patch
* Update runc.keyring to match upstream changes.
[ This was only ever released for SLES. ]
- Add upstream patch to fix embargoed issue CVE-2024-21626. bsc#1218894
<https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-v…>
+ CVE-2024-21626.patch
==== sddm ====
Subpackages: sddm-branding-openSUSE sddm-greeter-qt5
- Switch to the latest GCC version available in Leap for packages
that can't build with the default compiler
==== shim ====
Version update (15.7 -> 15.8)
-- Update to version 15.8
- Various CVE fixes are already merged into this version
mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
- remove shim-Enable-the-NX-compatibility-flag-by-default.patch
The codes in this patch are already existing in shim-15.8
The NX flag is disable which is same as the default value of shim-15.8,
hence, not need to enable it by this patch now.
- Patches (git log --oneline --reverse 15.7..15.8)
657b248 Make sbat_var.S parse right with buggy gcc/binutils
7c76425 Enable the NX compatibility flag by default.
89972ae CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper
c7b3051 pe: Align section size up to page size for mem attrs
e4f40ae pe: Add IS_PAGE_ALIGNED macro
f23883c Don't loop forever in load_certs() with buggy firmware
1f38cb3 Optionally allow to keep shim protocol installed
102a658 Drop invalid calls to `CRYPTO_set_mem_functions`
aae3df0 test-sbat: Fix exit code
cca3933 Block Debian grub binaries with SBAT < 4
cf59f34 Further improve load_certs() for non-compliant drivers/firmwares
0601f44 SBAT-related documents formatting and spelling
0640e13 Add a security contact email address in README.md
0bfc397 Work around malformed path delimiters in file paths from DHCP
a8b0b60 pe: only process RelocDir->Size of reloc section
f7a4338 Skip testing msleep()
549d346 Rename 'msecs' to 'usecs' to avoid potential confusion
908c388 Change type of fallback_verbose_wait from int to unsigned long
05eae92 Add SbatLevel_Variable.txt to document the various revocations
243f125 Use -Wno-unused-but-set-variable for Cryptlib and OpenSSL
89d25a1 Add a make rule for compile_commands.json
118ff87 Add gnu-stack notes
f132655 test: Make our fake dprintf be a statement.
be00279 Remove CentOS 7 test builds.
9964960 Split pe.c up even more.
569270d Test (and fix) ImageAddress()
61e9894 Verify signature before verifying sbat levels
1578b55 Add libFuzzer support for csv.c
a0673e3 Fix a 1-byte memory leak in .sbat parsing.
e246812 Add libFuzzer support to the .sbat parser.
fd43eda Work around ImageAddress() usage mistake
1e985a3 Correctly free memory allocated in handle_image()
dbbe3c8 mok: Avoid underflow in maximum variable size calculation
04111d4 Make some of the static analysis tools a little easier to run
7ba7440 compile_commands.json: remove stuff clang doesn't like
66e6579 CVE-2023-40546 mok: fix LogError() invocation
f271826 Add primitives for overflow-checked arithmetic operations.
8372147 pe-relocate: Add a fuzzer for read_header()
5a5147d CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries
e912071 pe-relocate: make read_header() use checked arithmetic operations.
93ce255 CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat()
e7f5fdf pe-relocate: Ensure nothing else implements CVE-2023-40550
afdc503 CVE-2023-40549 Authenticode: verify that the signature header is in bounds.
96dccc2 CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system
dae82f6 Further mitigations against CVE-2023-40546 as a class
ea0f9df Allow SbatLevel data from external binary
b078ef2 Always clear SbatLevel when Secure Boot is disabled
7dfb687 BS Variables for bootmgr revocations
a967c0e shim should not self revoke
577cedd Print message when refusing to apply SbatLevel
e801b0d sbat revocations: check the full section name
0226b56 CVE-2023-40547 - avoid incorrectly trusting HTTP headers
6f0c8d2 Print errors when setting/clearing memory attrs
57c0eed Updated Revocations for January 2024 CVEs
49c6d95 Fix some minor ia32 build issues.
be8ff7c post-process-pe: Don't set the NX_COMPAT flag by default after all.
13abd9f pe-relocate: Avoid __builtin_add_overflow() on GCC < 5
c46c975 Suppress "Failed to open <..>\revocations.efi" when file does not exist
30a4f37 Rename "previous" revocations to "automatic"
6f395c2 Build time selectable automatic SBATLevel revocations
a23e2f0 netboot read_image() should not hardcode DEFAULT_LOADER
993a345 Try to load revocations.efi even if directory read fails
1770a03 gitmodules: use shim-15.8 for gnu-efi branch
5914984 (HEAD -> main, tag: latest-release, tag: 15.8, origin/main, origin/HEAD) Bump version to 15.8
==== strace ====
- Enable SELinux Context Printing (--secontext).
==== systemd-presets-common-SUSE ====
- Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked
(bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84)
Support both the old and new service to avoid complex version interdependency.
==== timezone ====
Version update (2023d -> 2024a)
- Update to 2024a:
* Kazakhstan unifies on UTC+5 beginning 2024-03-01
* Palestine springs forward a week later after Ramadan
* zic no longer pretends to support indefinite-past DST
* localtime no longer mishandles Ciudad Juárez in 2422
==== vlc ====
Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX
- drop support for libmfx, which is no longer supported upstream
at all (boo#1219494)
==== xdg-utils ====
- Update to version 1.2.0+20240130:
* xdg-icon-resource: unbreak syntax by removing stray grave accent
(boo#1219420)
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
cloud-init
cockpit (307 -> 309)
cockpit-podman (82 -> 83)
cups (2.4.2 -> 2.4.7)
curl (8.5.0 -> 8.6.0)
fillup
kexec-tools
keylime (7.7.0 -> 7.9.0)
libbs2b
libssh (0.10.5 -> 0.10.6)
patterns-base
permissions
python-jsonschema (4.20.0 -> 4.21.1)
python-referencing (0.32.1 -> 0.33.0)
rpm (4.18.0 -> 4.19.1)
rust-keylime (0.2.3+git.1701075380.a5dc985 -> 0.2.4~0)
suse-module-tools (16.0.42 -> 16.0.43)
vala-panel-appmenu
xz (5.4.5 -> 5.4.6)
=== Details ===
==== cloud-init ====
- Add cloud-init-skip-empty-conf.patch
+ Skip tests with empty config
- Add cloud-init-pckg-reboot.patch (boo#1198533, bsc#1218952, jsc#SMO-326)
+ Support reboot on package update/upgrade via the cloud-init config
==== cockpit ====
Version update (307 -> 309)
Subpackages: cockpit-bridge cockpit-packagekit cockpit-system
- new version 309:
* storage redesign
* initial btrfs support
https://cockpit-project.org/blog/cockpit-309.html
==== cockpit-podman ====
Version update (82 -> 83)
- New version 83:
* bug fixes and library updates
==== cups ====
Version update (2.4.2 -> 2.4.7)
Subpackages: cups-client cups-config libcups2 libcupsimage2
- Version upgrade to 2.4.7:
See https://github.com/openprinting/cups/releases
CUPS 2.4.7 is released to ship the fix for CVE-2023-4504
and several other changes, among them it is
adding OpenSSL support for cupsHashData function and bug fixes.
Detailed list:
* CVE-2023-4504 - Fixed Heap-based buffer overflow when
reading Postscript in PPD files
* Added OpenSSL support for cupsHashData (Issue #762)
* Fixed delays in lpd backend (Issue #741)
* Fixed extensive logging in scheduler (Issue #604)
* Fixed hanging of lpstat on IBM AIX (Issue #773)
* Fixed hanging of lpstat on Solaris (Issue #156)
* Fixed printing to stderr if we can't open cups-files.conf
(Issue #777)
* Fixed purging job files via cancel -x (Issue #742)
* Fixed RFC 1179 port reserving behavior in LPD backend
(Issue #743)
* Fixed a bug in the PPD command interpretation code
(Issue #768)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Version upgrade to 2.4.6:
See https://github.com/openprinting/cups/releases
CUPS 2.4.6 is released to ship the fix for CVE-2023-34241
and two other bug fixes.
Detailed list:
* Fix linking error on old MacOS (Issue #715)
* Fix printing multiple files on specific printers (Issue #643)
* Fix use-after-free when logging warnings in case of failures
in cupsdAcceptClient() (fixes CVE-2023-34241)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Version upgrade to 2.4.5:
See https://github.com/openprinting/cups/releases
CUPS 2.4.5 is a hotfix release for a bug which corrupted
locally saved certificates, which broke secured printing
via TLS after the first print job.
- Version upgrade to 2.4.4:
See https://github.com/openprinting/cups/releases
CUPS 2.4.4 release is created as a hotfix for segfault
in cupsGetNamedDest(), when caller tries to find
the default destination and the default destination
is not set on the machine.
- Version upgrade to 2.4.3:
See https://github.com/openprinting/cups/releases
CUPS 2.4.3 brings fix for CVE-2023-32324, several improvements
and many bug fixes. CUPS now implements fallback for printers
with broken firmware, which is not capable of answering
to IPP request get-printer-attributes with all,
media-col-database - this enables driverless support for
bunch of printers which don't follow IPP Everywhere standard.
Aside from the CVE fix the most important fixes are around color
settings, printer application support fixes and OpenSSL support.
Detailed list of changes:
* Added a title with device uri for found network printers
(Issues #402, #393)
* Added new media sizes defined by IANA (Issues #501)
* Added quirk for GoDEX label printers (Issue #440)
* Fixed --enable-libtool-unsupported (Issue #394)
* Fixed configuration on RISC-V machines (Issue #404)
* Fixed the device_uri invalid pointer for driverless printers
with .local hostname (Issue #419)
* Fixed an OpenSSL crash bug (Issue #409)
* Fixed a potential SNMP OID value overflow issue (Issue #431)
* Fixed an OpenSSL certificate loading issue (Issue #465)
* Fixed Brazilian Portuguese translations (Issue #288)
* Fixed cupsd default keychain location when building
with OpenSSL (Issue #529)
* Fixed default color settings for CMYK printers as well
(Issue #500)
* Fixed duplicate PPD2IPP media-type names (Issue #688)
* Fixed possible heap buffer overflow in _cups_strlcpy()
(fixes CVE-2023-32324)
* Fixed InputSlot heuristic for photo sizes smaller than 5x7"
if there is no media-source in the request (Issue #569)
* Fixed invalid memory access during generating IPP Everywhere
queue (Issue #466)
* Fixed lprm if no destination is provided (Issue #457)
* Fixed memory leaks in create_local_bg_thread() (Issue #466)
* Fixed media size tolerance in ippeveprinter (Issue #487)
* Fixed passing command name without path into ippeveprinter
(Issue #629)
* Fixed saving strings file path in printers.conf (Issue #710)
* Fixed TLS certificate generation bugs (Issue #652)
* ippDeleteValues would not delete the last value (Issue #556)
* Ignore some of IPP defaults if the application sends
its PPD alternative (Issue #484)
* Make Letter the default size in ippevepcl (Issue #543)
* Now accessing Admin page in Web UI requires authentication
(Issue #518)
* Now look for default printer on network if needed (Issue #452)
* Now we poll media-col-database separately if we fail at first
(Issue #599)
* Now report fax attributes and values as needed (Issue #459)
* Now localize HTTP responses using the Content-Language value
(Issue #426)
* Raised file size limit for importing PPD via Web UI
(Issue #433)
* Raised maximum listen backlog size to INT MAX (Issue #626)
* Update print-color-mode if the printer is modified
... changelog too long, skipping 14 lines ...
see the above CUPS 2.4.3 changes
==== curl ====
Version update (8.5.0 -> 8.6.0)
Subpackages: libcurl4
- Update to 8.6.0: [bsc#1219149, CVE-2024-0853]
* Security fixes:
- CVE-2024-0853: OCSP verification bypass with TLS session reuse
* Changes:
- add CURLE_TOO_LARGE, CURLINFO_QUEUE_TIME_T
* Bugfixes:
- altsvc: free 'as' when returning error
- asyn-ares: with modern c-ares, use its default timeout
- cf-socket: show errno in tcpkeepalive error messages
- cmdline-opts: update availability for the *-ca-native options
- configure: when enabling QUIC, check that TLS supports QUIC
- content_encoding: change return code to typedef'ed enum
- curl: show ipfs and ipns as supported "protocols"
- CURLINFO_REFERER.3: clarify that it is the *request* header
- dist: add tests/errorcodes.pl to the tarball
- gen.pl: support ## for doing .IP in table-like lists
- GHA: bump ngtcp2, gnutls, mod_h2, quiche
- hostip: return error immediately when Curl_ip2addr() fails
- http3/quiche: fix result code on a stream reset
- http3: initial support for OpenSSL 3.2 QUIC stack
- http: check for "Host:" case insensitively
- http: fix off-by-one error in request method length check
- http: only act on 101 responses when they are HTTP/1.1
- lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT
- lib: error out on multissl + http3
- lib: fix variable undeclared error caused by `infof` changes
- lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding
- lib: strndup/memdup instead of malloc, memcpy and null-terminate
- libssh2: use `libssh2_session_callback_set2()` with v1.11.1
- ngtcp2: put h3 at the front of alpn
- openldap: fix an LDAP crash
- openldap: fix STARTTLS
- openssl: re-match LibreSSL deinit with init
- rtsp: deal with borked server responses
- sasl: make login option string override http auth
- tool: prepend output_dir in header callback
- tool_getparam: stop supporting `@filename` style for --cookie
- transfer: fix upload rate limiting, add test cases
- url: don't set default CA paths for Secure Transport backend
- url: for disabled protocols, mention if found in redirect
- vquic: extract TLS setup into own source
- websockets: check for negative payload lengths
* Remove patches fixed upstream:
- curl-adjust-pollset-fix.patch
- curl-tests-errorcodes.patch
* Rebase dont-mess-with-rpmoptflags.patch
==== fillup ====
- remove bin symlink for non-suse distributions
==== kexec-tools ====
- add kexec-dont-use-kexec_file_load-on-xen.patch:
kexec: don't use kexec_file_load on xen (bsc#1218590)
==== keylime ====
Version update (7.7.0 -> 7.9.0)
Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python311-keylime
- Update to version v7.9.0:
* templates: Add version 2.2, with event log location options
* Monthly release (7.9.0)
* update roadmap for 2024
* Extended the length of `verifier_ip` column to String(255)
* mba/e/elchecking: add workaround for non spec compliant firmware
* mba/e/example: ignore EV_CPU_MICROCODE, EV_EFI_HANDOFF_TABLES2 and MokListRT
* mba/e/example: Allow db entries to be also hashes
* mba/elchecking: load imports first
* codestyle: Have pyright ignore ffi.NULL
* codestyle: Use cast() to set type after splitlines()
* codestyle: Replace _ with variable name in abstract method (pyright)
* codestyle: Address some issues detected by pyright
* codestyle: Remove a 'type: ignore' comment (mypy)
* detect template changes - docs
* detect template changes - mappings
* Tests: Switch code coverage measurement to Fedora 39
* Correcting paths in userguide documentation
* docs: fix conf.py
* Add build os and python version to readthedocs
* Fix readthedocs config file location
* docs: add additional reading section
- Update to version v7.8.0:
* Monthly release (7.8.0)
* address marcio and stefan comments
* Add documentation for IAK and IDevID
* templates/2.1: Fix enable_iak_idevid in agent template
* support for user mode in run-test.sh
* docs: fix small typo in threat model
* ca_impl_openssl: support CRL distribution point from config
* ca_util: add import functions for private keys
* Enable test functional/iak-idevid-register-with-certificates
* Replace mailing list address with Slack channel
* docs: Add configuration documentation
* tests: Add tests for exception cases in configuration update
* tests: Add test for update mapping corner cases
* convert_config: Add support for update mappings
* convert_config: Do not require keylime modules
* convert_config: Make the config upgrade less verbose
* ima: Report an error if no quote forward-progress was made
* codestyle: Modify list generator to avoid annotation issue (pyright)
* codestyle: Remove unnecessary type check ignore statement (mypy)
* codestyle: Add missing type parameter to generic type 'Pattern' (mypy)
* Update packit plan with new tests
* Fix typo in Secure Payloads docs
* incorrect boolean expression causing ECs to be disallowed
* codestyle: Create explicit sighandler with type annotation (pyright)
* cert_utils: Ignore malformed certificate files
* unit test for cert utils
* Add certificates and certificate checking for IDevID and IAK keys
==== libbs2b ====
- Add libbs2b-clipping.patch to remove clipping of overloaded
samples.
Patch is taken from: https://github.com/alexmarsev/libbs2b
For more details see:
https://github.com/strawberrymusicplayer/strawberry/issues/1320
==== libssh ====
Version update (0.10.5 -> 0.10.6)
Subpackages: libssh-config libssh4
- Fix regression parsing IPv6 addresses provided as hostname
* Added libssh-fix-ipv6-hostname-regression.patch
- Update to version 0.10.6
https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-r…
- Fix CVE-2023-6004: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (bsc#1218209)
- Fix CVE-2023-48795: prefix truncation breaking ssh channel integrity (bsc#1218126)
- Fix CVE-2023-6918: Added Missing checks for return values for digests (bsc#1218186)
==== patterns-base ====
Subpackages: patterns-base-base patterns-base-bootloader patterns-base-documentation patterns-base-enhanced_base patterns-base-minimal_base patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced
- patterns-base-fips: Require openssl-fips-provider when libopenssl
is installed (meta package and libopenssl3) (boo#1219384).
==== permissions ====
Subpackages: chkstat permissions-config
- Create directory /usr/share/permissions/permissions.d for packages
to place their drop-ins.
==== python-jsonschema ====
Version update (4.20.0 -> 4.21.1)
- update to 4.21.1:
* Slightly speed up the contains keyword by removing some
unnecessary validator (re-)creation.
- update to 4.21.0:
* Wrong behaviour for enum keyword by @otto-ifak in
https://github.com/python-jsonschema/jsonschema/pull/1208
==== python-referencing ====
Version update (0.32.1 -> 0.33.0)
- Update to version 0.33.0:
* Add a referencing.jsonschema.SchemaResource type alias to go
along with the other JSON Schema specialized types.
==== rpm ====
Version update (4.18.0 -> 4.19.1)
- fix Source url to match what is listed on https://rpm.org/download.html
- disable sysusers handling for now
- update to rpm-4.19.1
* new spec snippet support for dynamic spec generation
* new sysusers.d integration for automated user and group handling
* new CMake build system
* removal of various deprecated and/or unused APIs
* various internal code cleanups
- refreshed patches:
* brp-compress-no-img.patch
* brp.diff
* brpcompress.diff
* build.diff
* enable-postin-scripts-error.diff
* fileattrs.diff
* findlang.diff
* findsupplements.diff
* langnoc.diff
* macrosin.diff
* platformin.diff
* posttrans.diff
* refreshtestarch.diff
* rpm-findlang-inject-metainfo.patch
* rpmqpack.diff
* rpmrc.diff
* selinux_transactional_update.patch
* localetag.diff
* weakdepscompat.diff
* zstdpool.diff
- deleted patches:
* cpuid_lzcnt.patch
* libmagic-exceptions.patch
* remove-awk-dependency.patch
* whatrequires-doc.diff
* x86_64-microarchitectures.patch
- new patches:
* python_setup.diff
* rpmsort_reverse.diff
* canongnu.diff
- new file:
* build-aux.tar.bz2 (taken from rpm-4.18)
- fix --runposttrans not working correctly with the --root
option [bnc#1216091]
==== rust-keylime ====
Version update (0.2.3+git.1701075380.a5dc985 -> 0.2.4~0)
Subpackages: keylime-ima-policy
- Update to version 0.2.4+git.1706692574.a744517:
* Bump version to 0.2.4
* build(deps): bump uuid from 1.4.1 to 1.7.0
* keylime-agent.conf: Allow setting event logs paths
* Mutable log paths: allow IMA and MBA log paths to be overridden by keylime configuration.
* workflows: Update checkout action to version 4
* build(deps): bump serde from 1.0.188 to 1.0.195
* build(deps): bump pest_derive from 2.7.0 to 2.7.6
* build(deps): bump openssl from 0.10.62 to 0.10.63
* build(deps): bump config from 0.13.3 to 0.13.4
* build(deps): bump base64 from 0.21.4 to 0.21.7
* build(deps): bump tempfile from 3.8.0 to 3.9.0
* build(deps): bump pest from 2.7.0 to 2.7.6
* build(deps): bump actix-web from 4.4.0 to 4.4.1
* build(deps): bump reqwest from 0.11.22 to 0.11.23
* build(deps): bump h2 from 0.3.17 to 0.3.24
* build(deps): bump shlex from 1.1.0 to 1.3.0
* cargo: Bump tss-esapi to version 7.4.0
* workflows: Fix keylime-bot token usage
* tpm: Add error context for every possible error
* tpm: Add AlgorithmError to TpmError
* detect idevid template from certificates
* build(deps): bump wiremock from 0.5.18 to 0.5.22
* build(deps): bump thiserror from 1.0.48 to 1.0.56
* Make use of workspace dependencies
* build(deps): bump openssl from 0.10.57 to 0.10.62
* packit: Bump Fedora version used for code coverage
==== suse-module-tools ====
Version update (16.0.42 -> 16.0.43)
Subpackages: suse-module-tools-scriptlets
- Update to version 16.0.43:
* macros.initrd: %regenerate_initrd_post: don't fail if mkdir is unavailable
(boo#1217979)
* Don't rebuild existing initramfs imagees if the environment variable
SKIP_REGENERATE_ALL=1 is set (boo#1192014)
* README: Update blacklist description (gh#openSUSE/suse-module-tools#71)
==== vala-panel-appmenu ====
Subpackages: appmenu-gtk-module-common appmenu-gtk2-module appmenu-gtk3-module libappmenu-gtk2-parser0 libappmenu-gtk3-parser0
- Fix CFLAGS and CXXFLAGS to use distro flags
==== xz ====
Version update (5.4.5 -> 5.4.6)
Subpackages: liblzma5
- Build static library on SLE
- update to 5.4.6:
* Fixed a bug involving internal function pointers in liblzma
not being initialized to NULL. The bug can only be
triggered if lzma_filters_update() is called on a LZMA1
encoder, so it does not affect xz or any application known
to us that uses liblzma.
* Fixed a regression introduced in 5.4.2 that caused
encoding in the raw format to unnecessarily fail if --suffix
was not used. For instance, the following command no longer
reports that --suffix must be used:
echo foo | xz --format=raw --lzma2 | wc -c
* Fixed an issue on MinGW-w64 builds that prevented
reading from or writing to non-terminal character devices
like NUL.
* Added a new test.
1
0