Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version=Tumbleweed&build=20240731 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: MicroOS-release (20240730 -> 20240731) coreutils coreutils-systemd health-checker (1.10+git20240111.cb84209 -> 1.11+git20240730.5dafd6a) libX11 (1.8.9 -> 1.8.10) libzypp (17.35.1 -> 17.35.6) p11-kit perl-Bootloader (1.13 -> 1.14) python-cryptography (42.0.8 -> 43.0.0) python-pycairo (1.26.0 -> 1.26.1) python311 python311-core runc (1.2.0~rc1 -> 1.2.0~rc2) systemd-presets-branding-Aeon sysuser-tools (3.2 -> 3.3) === Details === ==== MicroOS-release ==== Version update (20240730 -> 20240731) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== coreutils ==== - Avoid empty scriptlets ==== coreutils-systemd ==== - Avoid empty scriptlets ==== health-checker ==== Version update (1.10+git20240111.cb84209 -> 1.11+git20240730.5dafd6a) Subpackages: health-checker-plugins-MicroOS - Update to version 1.11+git20240730.5dafd6a: * Add rpm db consistency plugin ==== libX11 ==== Version update (1.8.9 -> 1.8.10) Subpackages: libX11-6 libX11-data libX11-xcb1 - Update to 1.8.10; this release includes: * Re-fix XIM input sometimes jumbled (#205, #206, #207, #208, !246) * Fix various static analysis errors (!250) * Add compose sequences for Arabic hamza (!218), Ezh (!221), and hryvnia currency (!259) * Make colormap private interfaces thread safe (#215, !254) * Fix deadlock in XRebindKeysym() (!256) * Assorted memory handling cleanups (!251, !258) * Restore VAX support still in use by NetBSD (!257) ==== libzypp ==== Version update (17.35.1 -> 17.35.6) - Export CredentialManager for legacy YAST versions (bsc#1228420) - version 17.35.6 (35) - Export asSolvable for YAST (bsc#1228420) - Fix 4 typos in zypp.conf. - version 17.35.5 (35) - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - version 17.35.4 (35) - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) Older zypp-plugins reject stomp headers including a '-'. Like the 'content-length' header we may send. - Fix int overflow in Provider (fixes #559) This patch fixes an issue in safe_strtonum which caused timestamps to overflow in the Provider message parser. - Fix error reporting on repoindex.xml parse error (bsc#1227625) - version 17.35.3 (35) - Keep UrlResolverPlugin API public (fixes #560) - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) Buddy pairs (like -release package and product) internally share the same status object. When applying locks from query results the locked bit must be set if either item is locked. - version 17.35.2 (35) ==== p11-kit ==== Subpackages: libp11-kit0 p11-kit-tools - Added a backport of an upstream commit in p11-kit-d938f4a8a3a2.patch to avoid passing an incompatible pointer type to a function which is an error by default in GCC 14. ==== perl-Bootloader ==== Version update (1.13 -> 1.14) - merge gh#openSUSE/perl-bootloader#169 - support grub2-bls (bsc#1226676, bsc#1208135) - better config file reading - add check whether bootloader is supported - unit test output changed, adjust reference data - adjust GRUB_ENABLE_BLSCFG when setting grub2-bls - add config, install, add-kernel, remove-kernel for grub2-bls - support --default option for grub2* - unify cmdline parsing code and move to library - add missing options for bls conforming loaders - updated tests - unify test case names - adjust documentation - 1.14 ==== python-cryptography ==== Version update (42.0.8 -> 43.0.0) - update to 43.0.0: * BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e has been removed. Users on older version of OpenSSL will need to upgrade. * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1. * Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0. * :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generat e_private_key` now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still considered insecure, users should generally use a key size of 2048-bits. * :func:`~cryptography.hazmat.primitives.serialization.pkcs7.se rialize_certificates` now emits ASN.1 that more closely follows the recommendations in RFC 2315. * Added new :doc:`/hazmat/decrepit/index` module which contains outdated and insecure cryptographic primitives. :class:`~cryp tography.hazmat.primitives.ciphers.algorithms.CAST5`, :class: `~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :c lass:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA `, and :class:`~cryptography.hazmat.primitives.ciphers.algori thms.Blowfish`, which were deprecated in 37.0.0, have been added to this module. They will be removed from the cipher module in 45.0.0. * Moved :class:`~cryptography.hazmat.primitives.ciphers.algorit hms.TripleDES` and :class:`~cryptography.hazmat.primitives.ci phers.algorithms.ARC4` into :doc:`/hazmat/decrepit/index` and deprecated them in the cipher module. They will be removed from the cipher module in 48.0.0. * Added support for deterministic :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA` (RFC 6979) * Added support for client certificate verification to the :mod:`X.509 path validation <cryptography.x509.verification>` APIs in the form of :class:`~cryptography.x509.verification.ClientVerifier`, :class:`~cryptography.x509.verification.VerifiedClient`, and PolicyBuilder :meth:`~cryptography.x509.verification.PolicyBu ilder.build_client_verifier`. * Added Certificate :attr:`~cryptography.x509.Certificate.publi c_key_algorithm_oid` and Certificate Signing Request :attr:`~ cryptography.x509.CertificateSigningRequest.public_key_algori thm_oid` to determine the :class:`~cryptography.hazmat._oid.PublicKeyAlgorithmOID` Object Identifier of the public key found inside the certificate. * Added :attr:`~cryptography.x509.InvalidityDate.invalidity_dat e_utc`, a timezone-aware alternative to the naïve datetime attribute :attr:`~cryptography.x509.InvalidityDate.invalidity_date`. * Added support for parsing empty DN string in :meth:`~cryptography.x509.Name.from_rfc4514_string`. * Added the following properties that return timezone-aware datetime objects: :meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`, :meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_u tc`, :meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`, :meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`, :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_ time_utc`, :meth:`~cryptography.x509.ocsp.OCSPSingleResponse. this_update_utc`, :meth:`~cryptography.x509.ocsp.OCSPSingleRe sponse.next_update_utc`, These are timezone-aware variants of existing properties that return naïve datetime objects. * Added :func:`~cryptography.hazmat.primitives.asymmetric.rsa.r sa_recover_private_exponent` * Added :meth:`~cryptography.hazmat.primitives.ciphers.CipherCo ntext.reset_nonce` for altering the nonce of a cipher context without initializing a new instance. See the docs for additional restrictions. * :class:`~cryptography.x509.NameAttribute` now raises an exception when attempting to create a common name whose length is shorter or longer than RFC 5280 permits. * Added basic support for PKCS7 encryption (including SMIME) via :class:`~cryptography.hazmat.primitives.serialization.pkc s7.PKCS7EnvelopeBuilder`. - add use-offline-build.patch ==== python-pycairo ==== Version update (1.26.0 -> 1.26.1) - Update to 1.26.1 * Fix Surface.set_mime_data() with Python 3.13 :pr:`366` This also fixes the test suite with Python 3.13b2. * Update vendored Windows wheel dependencies :pr:`370` ==== python311 ==== - Remove %suse_update_desktop_file macro as it is not useful any more. - Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 adding reproducibility patches from gh#python/cpython!121872 and gh#python/cpython!121883. - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). ==== python311-core ==== Subpackages: libpython3_11-1_0 python311-base - Remove %suse_update_desktop_file macro as it is not useful any more. - Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 adding reproducibility patches from gh#python/cpython!121872 and gh#python/cpython!121883. - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). ==== runc ==== Version update (1.2.0~rc1 -> 1.2.0~rc2) - Update to runc v1.2.0~rc2. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.2.0-rc.2>. - Re-allow Go 1.22 builds for >= 1.22.4. - Build with Go 1.21 until the upstream Go 1.22 compatibility issue gets fixed. <https://github.com/opencontainers/runc/issues/4233> ==== systemd-presets-branding-Aeon ==== - Enable aeon-check.service (boo#1228416) ==== sysuser-tools ==== Version update (3.2 -> 3.3) - Allow setting of UID:GID for as defined in sysusers.d