Packages changed: NetworkManager-branding-openSUSE avahi avahi-glib2 blog (2.27 -> 2.28) brltty dialog erofs-utils ethtool (6.5 -> 6.6) evolution (3.50.1 -> 3.50.2) evolution-data-server (3.50.1 -> 3.50.2) evolution-ews (3.50.1 -> 3.50.2) firewalld (2.0.1 -> 2.0.2) fontconfig fonts-config (20200609+git0.42e2b1b -> 20230604+git0.630c8206607c) gcc13 (13.2.1+git7813 -> 13.2.1+git8109) gnome-disk-utility (45.0 -> 45.1) gnome-software (45.1 -> 45.2) gnome-sudoku (45.2 -> 45.3) gobject-introspection gpgme (1.23.1 -> 1.23.2) gpgmeqt (1.23.1 -> 1.23.2) gtk2 gtk4 (4.12.3 -> 4.12.4) guestfs-tools (1.50.1 -> 1.51.5) inkscape (1.3.1 -> 1.3.2) iproute2 (6.5 -> 6.6) irqbalance (1.9.2.24.git+184c950 -> 1.9.3.8.git+c963f48) jasper (4.1.0 -> 4.1.1) kernel-firmware (20231127 -> 20231128) kernel-source (6.6.2 -> 6.6.3) libHX (4.17 -> 4.19) libadwaita (1.4.0+12 -> 1.4.1) libavif (1.0.0 -> 1.0.2) libkolabxml libnotify (0.8.2 -> 0.8.3) librsvg libselinux-bindings llvm17 (17.0.5 -> 17.0.6) ncurses (6.4.20231111 -> 6.4.20231125) netcfg openssh openssl-1_1 perl (5.38.0 -> 5.38.2) perl-CGI (4.590.0 -> 4.600.0) perl-Net-DNS (1.400.0 -> 1.410.0) polkit-default-privs (1550+20231103.3b4a82f -> 1550+20231129.269abcd) python-immutables (0.19 -> 0.20) python-psycopg2 (2.9.7 -> 2.9.9) qemu (8.1.2 -> 8.1.3) rdma-core (48.0 -> 49.0) snapper (0.10.6 -> 0.10.7) systemd tree unar (1.10.7 -> 1.10.8) update-alternatives (1.22.0 -> 1.22.1) usbutils vim (9.0.2103 -> 9.0.2136) virt-v2v xdmbgrd xfce4-whiskermenu-plugin (2.8.1 -> 2.8.2) xxhash zxing-cpp === Details === ==== NetworkManager-branding-openSUSE ==== - Fix most rpmlint warnings: + suse-zypp-packageand: use current Supplements: (A and B) syntax over packagand(A:B) + summary-ended-with-dot: Remove dot at the end of Summary: + no-%build-section: Add empty %build section + branding-supplements-missing: Fixes as part of suse-zypp-packageand. ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Add avahi-CVE-2023-38472.patch: Fix reachable assertion in avahi_rdata_parse (bsc#1216853, CVE-2023-38472). ==== avahi-glib2 ==== Subpackages: libavahi-glib1 libavahi-gobject0 libavahi-ui-gtk3-0 - Add avahi-CVE-2023-38472.patch: Fix reachable assertion in avahi_rdata_parse (bsc#1216853, CVE-2023-38472). ==== blog ==== Version update (2.27 -> 2.28) Subpackages: blog-plymouth libblogger2 - Update to version 2.28 * UTMP support is gone, remove dependency also add support for initramfs at shutdown. ==== brltty ==== Subpackages: brltty-driver-at-spi2 brltty-driver-brlapi brltty-driver-speech-dispatcher brltty-driver-xwindow libbrlapi0_8 python3-brlapi system-user-brltty xbrlapi - Disable parallel build again ==== dialog ==== Subpackages: libdialog15 - don't install config file, dialog has built in defaults anyway - add support for /usr/etc (dialog-1.3-usretc.diff) ==== erofs-utils ==== - Enable lzma/xz compression; make `mkfs.erofs -z lzma` work. ==== ethtool ==== Version update (6.5 -> 6.6) Subpackages: ethtool-bash-completion - update to upstream release 6.6 * Feature: support for more CMIS transceiver modules (-m) * Fix: fix build on systems with old kernel uapi headers ==== evolution ==== Version update (3.50.1 -> 3.50.2) Subpackages: evolution-plugin-spamassassin - Update to version 3.50.2: + EContactCard: Card sometimes hides values. + docs: Add API indexes for new symbols in 3.50. + Fix a memory leak in ECompEditor. + ECompoEditor: Some attachments can be hidden. + Calendar: Go to day/today in Year View doesn't update internal view dates. + EYearView: Fix a crash when moving through search results. + Bug Fixes: - EAttachment: Ask for GFileInfo's icon only when attribute is set. - Mail: Subject header not decoded with encrypted messages. - On empty mailbox new mail is automaticly selected and marked read. - Contacts: Update preview on contact change in List View. - Mail: Search with "current folder and subfolders" in local Trash fails. - "Do not sign meeting requests" has no effect. ==== evolution-data-server ==== Version update (3.50.1 -> 3.50.2) Subpackages: libcamel-1_2-64 libebackend-1_2-11 libebook-1_2-21 libebook-contacts-1_2-4 libecal-2_0-2 libedata-book-1_2-27 libedata-cal-2_0-2 libedataserver-1_2-27 libedataserverui-1_2-4 - Update to version 3.50.2: + Bug Fixes: - alarm-notify: . Some reminders could be lost . Birthday floating date shifted by one day - CamelGpgContext: Don't leak istream in gpg_sign_sync(). - e-xml-utils: Fix build with libxml2 2.12. + Miscellaneous: - OAuth2: Add scheme handler for OAuth2 prompts in external browser. - EReminderWatcher: Last-notified time not always set. + Updated translations. ==== evolution-ews ==== Version update (3.50.1 -> 3.50.2) - Update to version 3.50.2: + Calendar: Don't convert UTC times to local timezone + Updated translations. ==== firewalld ==== Version update (2.0.1 -> 2.0.2) Subpackages: firewalld-bash-completion python3-firewall - update to 2.0.2: * fix(policy): runtime dispatch update if *-zone=ANY (e8b9637) * fix(nm): release NM client after a timeout (d534f07) ==== fontconfig ==== Subpackages: libfontconfig1 - Run autoreconf for Leap 15.x to fix build breakage ==== fonts-config ==== Version update (20200609+git0.42e2b1b -> 20230604+git0.630c8206607c) - Update to 20230604+git0.630c8206607c: * Fix uninitialised use of the HOME environment variable (bsc#1086804,bsc#1210700) * font match and pattern match can't put in one file. * source han are packaged nowadays, no need to give alias; just give CFF fontformat fonts in zh-/ja/ko hintfull * split 59-family-prefer-lang-specific to cjk/noto and raw, the former two may be generated by scripts in later version * emoji support(part1): add emoji family * delete 10-group-tt*.conf, since fontconfig 2.14 introduces 09-autohint-if-no-hinting.conf (bsc#1217542) * Fix fonts-config does not read user config with `-u` option given * widen comparison operator for emoji fonts - Fix typos in the configs: 0001-Fix-typos-in-32-emoji-reject.conf-and-59-family-pref.patch - Enable 09-autohint-if-no-hinting.conf from fontconfig ==== gcc13 ==== Version update (13.2.1+git7813 -> 13.2.1+git8109) Subpackages: cpp13 libasan8 libatomic1 libgcc_s1 libgccjit0 libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libstdc++6 libstdc++6-locale libstdc++6-pp libtsan2 libubsan1 - Update to gcc-13 branch head, 741743c028dc00f27b9c8b1d5, git8109 * Includes fix for building mariadb on i686. [bsc#1217667] * Remove pr111411.patch contained in the update. - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ==== gnome-disk-utility ==== Version update (45.0 -> 45.1) - Update to version 45.1: + creatediskimage: Fix crash if image creation has errors. + Update appdata + Updted translations. ==== gnome-software ==== Version update (45.1 -> 45.2) Subpackages: gnome-software-plugin-packagekit - Update to version 45.2: + Updated translations. ==== gnome-sudoku ==== Version update (45.2 -> 45.3) - Update to version 45.3: + Adjust red warning color to be brighter, to help colorblind users + Fix earmarks not being checked for warnings + Fix crash when using arrow keys with no cell selected + Fix criticals when adding earmarks introduced in 45.2 ==== gobject-introspection ==== Subpackages: girepository-1_0 libgirepository-1_0-1 - Drop BuildRequires on pkgconfig(cairo)/pkgconfig(cairo-gobject), cairo is only needed for some tests. ==== gpgme ==== Version update (1.23.1 -> 1.23.2) Subpackages: libgpgme11 libgpgmepp6 - Update to 1.23.2: * Preserve more specific existing failure code. [T6575] * qt: Start dirmngr with gpgconf to avoid multiple instances. [T6833] * qt: On Windows, use UTF-8 when logging the error text. [T5960] * qt: Remove left-over partial files more persistently. [T6584] * qt: Use a temporary file name when creating signed or encrypted archives. [T6721] * qt: Build Qt 6 bindings with -fPIC if requested or Qt 6 was built with this flag. [T6781] * Notes: - qt: DefaultKeyGenerationJob DEPRECATED. * Release-info: https://dev.gnupg.org/T6782 ==== gpgmeqt ==== Version update (1.23.1 -> 1.23.2) - Update to 1.23.2: * Preserve more specific existing failure code. [T6575] * qt: Start dirmngr with gpgconf to avoid multiple instances. [T6833] * qt: On Windows, use UTF-8 when logging the error text. [T5960] * qt: Remove left-over partial files more persistently. [T6584] * qt: Use a temporary file name when creating signed or encrypted archives. [T6721] * qt: Build Qt 6 bindings with -fPIC if requested or Qt 6 was built with this flag. [T6781] * Notes: - qt: DefaultKeyGenerationJob DEPRECATED. * Release-info: https://dev.gnupg.org/T6782 ==== gtk2 ==== Subpackages: gtk2-data gtk2-immodule-amharic gtk2-immodule-inuktitut gtk2-immodule-thai gtk2-immodule-tigrigna gtk2-immodule-vietnamese gtk2-tools libgtk-2_0-0 - Add gtk2-check-attribute.patch (bsc#1217622): check for attribute availability before accessing it. Starting from GLib 2.76, the standard attribute getters in the GFileInfo object will warn if the attribute is unset, instead of silently bailing out and returning a default value. ==== gtk4 ==== Version update (4.12.3 -> 4.12.4) Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.12.4: + a11y: Tweak name computation for some corner cases. + gdk: - gl: Improve our use of GLES a bit (use vertex arrays and GL_BGRA if available) - Fix some errors in our memory format tables + gsk: - gl: handle texture-scale nodes more faithfully - gl: Fix icon padding in the atlas + Tools: Add a --undecorated option to gtk4-rendernode-tool. + Updated translations. ==== guestfs-tools ==== Version update (1.50.1 -> 1.51.5) - Remove obsolete requirement for ocaml-gettext-stub-devel - Require OCaml 4.07+ - Update to version 1.51.5 * No upstream changelog found in sources or webpage * customize: Change --chown to use UID:GID:FILENAME * Implement virt-customize --tar-in * Dropped the virt-dib tool * Various bug fixes and language translations ==== inkscape ==== Version update (1.3.1 -> 1.3.2) Subpackages: inkscape-extensions-extra inkscape-extensions-fig inkscape-extensions-gimp - Update to version 1.3.2: + important bugfix release, fixes a data loss bug in 1.3.1 + Stars, polygons, spirals, 3D boxes are now saved correctly + The data that was lost when saving these shapes, can be recovered in 1.3.2 if you manually make an edit: To fix all missing shapes at once, you can select all elements in all layers (Ctrl + Alt + A, need to unlock them first), and move them right and back left again with a press on the arrow keys + See the full release notes https://inkscape.org/release/inkscape-1.3.2 ==== iproute2 ==== Version update (6.5 -> 6.6) Subpackages: iproute2-bash-completion - Update to release 6.6 * bridge: Add backup nexthop ID support * tc: Classifier support for SPI field * tc: support the netem seed parameter for loss and corruption events * tc: remove support for CBQ * tc: remove support for RSVP classifier * tc: remove tcindex classifier * tc: remove dsmark qdisc * tc: drop support for ATM qdisc ==== irqbalance ==== Version update (1.9.2.24.git+184c950 -> 1.9.3.8.git+c963f48) Subpackages: irqbalance-ui - Update to version 1.9.3.8.git+c963f48: * Enable systemd feature support by default when building with meson * Add support for linking against libnl when building with meson * Turn NUMA support into an enabled feature, when building with meson * Set project version of meson build to 1.9.3 * Install man pages when building with meson * When building with meson, make sure to link against numa * Updating to version 1.9.3 * Automatically use systemd journal and run in foreground when under systemd - Update to version 1.9.2.34.git+5069982: * activate_mapping: avoid logging error when there is none * activate_mapping: only blacklist irq if error is considered permanent * activate_mapping: report error reason * activate_mapping: make sure to catch all errors * activate_mapping: avoid use-after-free when affinity cannot be set * Revert "activate_mapping: fflush the buffered data to smp_affinity" * activate_mapping: fflush the buffered data to smp_affinity ==== jasper ==== Version update (4.1.0 -> 4.1.1) - Update to 4.1.1: * Disallow in-source builds by default #364 * Fix a potential integer overflow problem in the jas_get_total_mem_size function (for the Windows platform) #363 ==== kernel-firmware ==== Version update (20231127 -> 20231128) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20231128 (git commit d9f6088f7e91): * Add a COPYOPTS variable * rtl_bt: Update RTL8852A BT USB firmware to 0xDFC8_145F ==== kernel-source ==== Version update (6.6.2 -> 6.6.3) - Linux 6.6.3 (bsc#1012628). - locking/ww_mutex/test: Fix potential workqueue corruption (bsc#1012628). - btrfs: abort transaction on generation mismatch when marking eb as dirty (bsc#1012628). - lib/generic-radix-tree.c: Don't overflow in peek() (bsc#1012628). - x86/retpoline: Make sure there are no unconverted return thunks due to KCSAN (bsc#1012628). - perf/core: Bail out early if the request AUX area is out of bound (bsc#1012628). - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (bsc#1012628). - selftests/lkdtm: Disable CONFIG_UBSAN_TRAP in test config (bsc#1012628). - clocksource/drivers/timer-imx-gpt: Fix potential memory leak (bsc#1012628). - clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware (bsc#1012628). - srcu: Only accelerate on enqueue time (bsc#1012628). - smp,csd: Throw an error if a CSD lock is stuck for too long (bsc#1012628). - cpu/hotplug: Don't offline the last non-isolated CPU (bsc#1012628). - workqueue: Provide one lock class key per work_on_cpu() callsite (bsc#1012628). - x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size (bsc#1012628). - wifi: plfxlc: fix clang-specific fortify warning (bsc#1012628). - wifi: ath12k: Ignore fragments from uninitialized peer in dp (bsc#1012628). - wifi: mac80211_hwsim: fix clang-specific fortify warning (bsc#1012628). - wifi: mac80211: don't return unset power in ieee80211_get_tx_power() (bsc#1012628). - atl1c: Work around the DMA RX overflow issue (bsc#1012628). - bpf: Detect IP == ksym.end as part of BPF program (bsc#1012628). - wifi: ath9k: fix clang-specific fortify warnings (bsc#1012628). - wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() (bsc#1012628). - wifi: ath10k: fix clang-specific fortify warning (bsc#1012628). - wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps() (bsc#1012628). - ACPI: APEI: Fix AER info corruption when error status data has multiple sections (bsc#1012628). - net: sfp: add quirk for Fiberstone GPON-ONU-34-20BI (bsc#1012628). - wifi: mt76: mt7921e: Support MT7992 IP in Xiaomi Redmibook 15 Pro (2023) (bsc#1012628). - wifi: mt76: fix clang-specific fortify warnings (bsc#1012628). - net: annotate data-races around sk->sk_tx_queue_mapping (bsc#1012628). - net: annotate data-races around sk->sk_dst_pending_confirm (bsc#1012628). - wifi: ath12k: mhi: fix potential memory leak in ath12k_mhi_register() (bsc#1012628). - wifi: ath10k: Don't touch the CE interrupt registers after power up (bsc#1012628). - net: sfp: add quirk for FS's 2.5G copper SFP (bsc#1012628). - vsock: read from socket's error queue (bsc#1012628). - bpf: Ensure proper register state printing for cond jumps (bsc#1012628). - wifi: iwlwifi: mvm: fix size check for fw_link_id (bsc#1012628). - Bluetooth: btusb: Add date->evt_skb is NULL check (bsc#1012628). - Bluetooth: Fix double free in hci_conn_cleanup (bsc#1012628). - ACPI: EC: Add quirk for HP 250 G7 Notebook PC (bsc#1012628). - tsnep: Fix tsnep_request_irq() format-overflow warning (bsc#1012628). - gpiolib: acpi: Add a ignore interrupt quirk for Peaq C1010 (bsc#1012628). - platform/chrome: kunit: initialize lock for fake ec_dev (bsc#1012628). - of: address: Fix address translation when address-size is greater than 2 (bsc#1012628). - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (bsc#1012628). - drm/gma500: Fix call trace when psb_gem_mm_init() fails (bsc#1012628). - drm/amdkfd: ratelimited SQ interrupt messages (bsc#1012628). - drm/komeda: drop all currently held locks if deadlock happens (bsc#1012628). - drm/amd/display: Blank phantom OTG before enabling (bsc#1012628). - drm/amd/display: Don't lock phantom pipe on disabling (bsc#1012628). - drm/amd/display: add seamless pipe topology transition check (bsc#1012628). - drm/edid: Fixup h/vsync_end instead of h/vtotal (bsc#1012628). - md: don't rely on 'mddev->pers' to be set in mddev_suspend() (bsc#1012628). - drm/amdgpu: not to save bo in the case of RAS err_event_athub (bsc#1012628). - drm/amdkfd: Fix a race condition of vram buffer unref in svm code (bsc#1012628). - drm/amdgpu: update retry times for psp vmbx wait (bsc#1012628). - drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments (bsc#1012628). - drm/amd/display: use full update for clip size increase of large plane source (bsc#1012628). ... changelog too long, skipping 797 lines ... - commit 1be1eb4 ==== libHX ==== Version update (4.17 -> 4.19) - Update to release 4.19 * string: fixed HX_strtoull_unit with negative fractions producing 0 sometimes * opt: fix HX_getopt losing argv on HXOPT_KEEP_ARGV - Delete 0001-string-resolve-testsuite-failure-with-aarch64.patch (merged) - Update to release 4.18 * opt: new HX_getopt5 API for the parser with untangled in and out variables * string: HX_strtoull_units handles negative values now (like strtoull) * string: HX_strtoull_units & HX_strtoull_(n)sec now set errno=ERANGE for nonrepresentable results * string: HX_strtoull_sec rejects unitless numbers now - Add 0001-string-resolve-testsuite-failure-with-aarch64.patch ==== libadwaita ==== Version update (1.4.0+12 -> 1.4.1) Subpackages: libadwaita-1-0 typelib-1_0-Adw-1 - Update to version 1.4.1: + Fix build with MSVC + Fix build with libappstream 1.0 + AdwCarousel: Fix carousel scroll behavior with page reordering + AdwComboRow: - Fix focus when opening the popover - Set the correct state on the selected checkmark + AdwNavigationView: Fix a warning message + AdwTabOverview: Allow child focus on out animations + AdwTabView: - Keep view alive during ::page-detached - Fix crashes when using :pages + Docs: Fix erroneous use in breakpoints migration guide + Updated translations. - Drop 3e3967d5f69180644519936991cad10136e84ca9.patch: Fixed upstream. ==== libavif ==== Version update (1.0.0 -> 1.0.2) - update to 1.0.2: * Update avifCropRectConvertCleanApertureBox() to the revised requirements in ISO/IEC 23000-22:2019/Amd. 2:2021 Section 7.3.6.7. * CVE-2023-6350: Out of bounds memory to alphaItemIndices (boo#1217614) * CVE-2023-6351: use-after-free in colorProperties (boo#1217615) - drop fix-gdkpixbuf.patch ==== libkolabxml ==== - Switch to %autosetup and %ldconfig_scriptlets - Replace the package URL ==== libnotify ==== Version update (0.8.2 -> 0.8.3) Subpackages: libnotify-tools libnotify4 typelib-1_0-Notify-0_7 - Update to version 0.8.3: + This release contains a critical stability/minor security update which affects Electron applications that utilize Portal notifications (eg, through Flatpak). It is highly recommended that all users of libnotify 0.8.x update to this release. + Please note that this fix has increased the minimum required version of glib to 2.62.0. + notification: - Use g_signal_connect_object - Move disconnect to dispose ==== librsvg ==== Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Run service with new obs-service-cargo, drop cargo_config as source and clean up spec and service, and switch to zst as buildtime compression. ==== libselinux-bindings ==== - Also build python3-selinux for toolchain compability on SLE ==== llvm17 ==== Version update (17.0.5 -> 17.0.6) - Update to version 17.0.6. * This release contains bug-fixes for the LLVM 17.0.0 release. This release is API and ABI compatible with 17.0.0. - Rebase patches: * llvm-do-not-install-static-libraries.patch * llvm-normally-versioned-libllvm.patch - Use major version only instead of full (patch-level) version for versioned executables: we don't support parallel installation of multiple versions of the same LLVM major version. (boo#1217450) Also drop the clang-X.Y symlink that was introduced for boo#1012260, because Y is always 0. - Manage clang-cpp with update-alternatives like other binaries. ==== ncurses ==== Version update (6.4.20231111 -> 6.4.20231125) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20231125 + add information about "ttycap", termcap's forerunner, to tset.1 (patch by Branden Robinson). + improve formatting/style of manpages, including section reordering (patches by Branden Robinson). + modify usage messages in configure script, bracketing optional values (report by Branden Robinson). - Add ncurses patch 20231121 + amend fix for Debian #1055882, correcting nul terminator check in waddnstr (Debian #1056340). - Add ncurses patch 20231118 + improve description of length-parameter and error-returns in several manpages: curs_addchstr.3x, curs_addstr.3x, curs_addwstr.3x, curs_in_wch.3x, curs_in_wchstr.3x, curs_inchstr.3x, curs_ins_wstr.3x, curs_insstr.3x, curs_instr.3x, curs_inwstr.3x + amend parameter check for entire string versus specific length in winsnstr() and wins_nwstr() to match Solaris. + make similar correction to wins_nwstr(). + correct loop termination condition in waddnstr() and waddnwstr() (Debian #1055882, cf: 20201205). ==== netcfg ==== - Fix syntax of localhost entries in hosts [bsc#1217355] - Remove empty netgroup example file from /etc [jsc#PED-240]. NIS, the main consumer, got already dropped. - Remove empty ethers example file, /usr/etc should not contain examples, for the format there is the manual page, does not support IPv6. ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Enhanced SELinux functionality. Added * openssh-7.8p1-role-mls.patch Proper handling of MLS systems and basis for other SELinux improvements * openssh-6.6p1-privsep-selinux.patch Properly set contexts during privilege separation * openssh-6.6p1-keycat.patch Add ssh-keycat command to allow retrival of authorized_keys on MLS setups with polyinstantiation * openssh-6.6.1p1-selinux-contexts.patch Additional changes to set the proper context during privilege separation * openssh-7.6p1-cleanup-selinux.patch Various changes and putting the pieces together For now we don't ship the ssh-keycat command, but we need the patch for the other SELinux infrastructure This change fixes issues like bsc#1214788, where the ssh daemon needs to act on behalf of a user and needs a proper context for this ==== openssl-1_1 ==== Subpackages: libopenssl1_1 - Skip SHA1 test in 20-test_dgst.t when in FIPS mode * Add openssl-Skip_SHA1-test-in-FIPS-mode.patch - FIPS: add openssl-1_1-fips-bsc1190652_release_num_in_version_string.patch * bsc#1190652 - Provide a service to output module name/identifier and version - Sync patches with SLE: * Merge openssl-keep_EVP_KDF_functions_version.patch into openssl-1.1.1-evp-kdf.patch * Refresh openssl-1_1-fips-bsc1215215_fips_in_version_string.patch * Remove openssl-no-date.patch ==== perl ==== Version update (5.38.0 -> 5.38.2) Subpackages: perl-base perl-doc - Update to perl 5.38.2 * fixes [CVE-2023-47038] Write past buffer end via illegal user-defined Unicode property [bnc#1217084] * fixes [CVE-2023-47039] Perl for Windows binary hijacking vulnerability [bnc#1217085] ==== perl-CGI ==== Version update (4.590.0 -> 4.600.0) - updated to 4.60 see /usr/share/doc/packages/perl-CGI/Changes 4.60 2023-11-01 [ TESTING ] - move t/changes.t to xt/ as is now broken by the recent rewrite of Test::CPAN::Changes (GH #260) ==== perl-Net-DNS ==== Version update (1.400.0 -> 1.410.0) - updated to 1.41 see /usr/share/doc/packages/perl-Net-DNS/Changes ==== polkit-default-privs ==== Version update (1550+20231103.3b4a82f -> 1550+20231129.269abcd) - Update to version 1550+20231129.269abcd: * profiles: whitelist cinnamon-settings-daemon wacom-oled-helper (bsc#1217532) ==== python-immutables ==== Version update (0.19 -> 0.20) - update to 0.20: * Enable support for pattern matching (#96) * add support for aix/sunos (#98) * Python 3.12 compatibility (#105) * Add __contains__ to MapKeys (#99) * Add PEP 585 GenericAlias support (#101) * Move metadata to `pyproject.toml`, fix test fixture inclusion in sdist (#111) - drop python312.patch (upstream) ==== python-psycopg2 ==== Version update (2.9.7 -> 2.9.9) - update to 2.9.9: * Add support for Python 3.12. * Drop support for Python 3.6. * Wheel package bundled with PostgreSQL 16 libpq in order to add support for recent features, such as ``sslcertmode``. ==== qemu ==== Version update (8.1.2 -> 8.1.3) Subpackages: qemu-arm qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-pr-helper qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios - Align to upstream stable release. It includes many of the patches we had backported ourself, to fix bugs and issues, plus more. See here for details: * https://lore.kernel.org/qemu-devel/1700589639.257680.3420728.nullmailer@tls.msk.ru/ * https://gitlab.com/qemu-project/qemu/-/commits/stable-8.1?ref_type=heads An (incomplete!) list of such backports is: * Update version for 8.1.3 release * hw/mips: LOONGSON3V depends on UNIMP device * target/arm: HVC at EL3 should go to EL3, not EL2 * s390x/pci: only limit DMA aperture if vfio DMA limit reported * target/riscv/kvm: support KVM_GET_REG_LIST * target/riscv/kvm: improve 'init_multiext_cfg' error msg * tracetool: avoid invalid escape in Python string * tests/tcg/s390x: Test LAALG with negative cc_src * target/s390x: Fix LAALG not updating cc_src * tests/tcg/s390x: Test CLC with inaccessible second operand * target/s390x: Fix CLC corrupting cc_src * tests/qtest: ahci-test: add test exposing reset issue with pending callback * hw/ide: reset: cancel async DMA operation before resetting state * target/mips: Fix TX79 LQ/SQ opcodes * target/mips: Fix MSA BZ/BNZ opcodes displacement * ui/gtk-egl: apply scale factor when calculating window's dimension * ui/gtk: force realization of drawing area * ati-vga: Implement fallback for pixman routines * ... - Backports and bugfixes: * [openSUSE] Make Sphinx build reproducible (boo#1102408) * target/s390x/arch_dump: Add arch cleanup function for PV dumps (bsc#1217227) * dump: Add arch cleanup function (bsc#1217227) * target/s390x/dump: Remove unneeded dump info function pointer init (bsc#1217227) ==== rdma-core ==== Version update (48.0 -> 49.0) Subpackages: libefa1 libibverbs libibverbs1 libmana1 libmlx4-1 libmlx5-1 librdmacm1 rdma-ndd - Update to v49.0 (jsc#PED-6891, jsc#PED-6864, jsc#PED-6839, jsc#PED-6836, jsc#PED-6828, jsc#PED-6824, jsc#PED-6958, jsc#PED-6943, jsc#PED-6933, jsc#PED-6916) - No release notes available. ==== snapper ==== Version update (0.10.6 -> 0.10.7) Subpackages: libsnapper7 snapper-zypp-plugin - report plugin failures (gh#openSUSE/snapper#846) - version 0.10.7 - fix building with libxml 2.12.0 (gh#openSUSE/snapper#848) - fix diff for lvm based configs (bsc#1216191) - make SystemCmd take vector of strings ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-container systemd-coredump udev - udev: Tighten permissions for DRM render nodes (bsc#1217118). Note that this implicitly enables `uaccess`, so any logged-in user still gets access regardless of group membership. Some use cases, e.g. remote access via ssh, might require you to add the desired user to the `render` group. See: https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/3S3HAWVODHC2FQI4E76IFGCSRVRJ63KG/ ==== tree ==== - Build with openSUSE flags ==== unar ==== Version update (1.10.7 -> 1.10.8) - Update to version 1.10.8 * Fix a major memory leak in CSBzip2Handle * Fix Quarantine attribute for created directories * Fix crash corrupted iso * Fix crash during unarchive sitx format with symlink on deleted file * Implement Clang modules support * [TUN-189] Add Alternarive CRC calcuation for Mac Binary format * [WARC-1] Add basic support of WARC 1.1 archives * [TUN-138] Fix case with directories in Solid RAR5 archives * [TUN-184] Fix old archives with RAR 1.5 - Update source URL - Add universal-detector as source ==== update-alternatives ==== Version update (1.22.0 -> 1.22.1) - Update to version 1.22.1. The full changelog is very large. Please check it here: https://git.dpkg.org/cgit/dpkg/dpkg.git/tree/debian/changelog?h=1.22.1 - Refresh update-alternatives-suse.patch so it applies cleanly. ==== usbutils ==== - Split out devel package, containing the .pc file: + The .pc file declares dependencies on other devel packages, which is not wanted on regular end-user systems. + Drop rpmlintrc file. ==== vim ==== Version update (9.0.2103 -> 9.0.2136) Subpackages: vim-data vim-data-common xxd - Update to version 9.0.2136 * MSVC errorformat can be improved * No test for mode() when executing Ex commands * Revise Makefile * Update syntax file * ml_get error when scrolling * Cannot detect overstrike mode in Cmdline mode * Duplicate Netbeans Error Message * not all nushell files detected * Updated German translations * add additional nginx keywords * add Make_mvc.mak file for tutor * updated Russian translations for tutorials * updated Italian translation * some errors with translation Makefiles * [security]: use-after-free in call_dfunc() * Update doc Makefiles with comments from #13567 * add indentation plugin (fixes #13574) * runtime(swig): add syntax and filetype plugins * translation Makefiles can be improved * unused assignments when checking 'listchars' * File info disappears when 'cmdheight' has decreased * INT overflow detection logic can be simplified * Problem with initializing the length of range() lists * [security]: prevent overflow in indenting * [security]: use-after-free in ex_substitute * Fix handling of very long filename on longlist style * un-used assignment in do_source_buffer_init * remove dead-condition in ex_class * [security]: avoid double-free in get_style_font_variants * [security] use-after-free in qf_free_items * expand $COMSPEC without applying 'wildignore' * Improve keymap file highlighting * include new doc-Makefiles * Fix whitespace and formatting of some help files * minor typo fixes * No test for defining sign without attribute * crash when callback function aborts because of recursiveness * overflow detection not accurate when adding digits * Coverity warns for another overflow in shift_line() * Refactor doc-Makefiles * document proper notation of gVim, document vim-security list * Update Serbian messages translation * [security]: overflow in shift_line * [security]: overflow in get_number * [security]: overflow in ex address parsing * [security]: overflow in nv_z_get_count * [security]: overflow with count for :s command * [security]: FPE in adjust_plines_for_skipcol * [security]: Use-after-free in win_close() * comment out strange error condition check * skipcol not reset when topline changed * wast filetype should be replaced by wat filetype * fix typo in pi_gzip.txt ==== virt-v2v ==== Subpackages: virt-v2v-bash-completion - Remove obsolete requirement for ocaml-gettext-stub-devel - Require OCaml 4.07+ - Align ExclusiveArch with libguestfs ==== xdmbgrd ==== - USe %{optflags} to build package ==== xfce4-whiskermenu-plugin ==== Version update (2.8.1 -> 2.8.2) Subpackages: xfce4-whiskermenu-plugin-lang - Update to version 2.8.2 * Fix crash when searching. (Issue #120) * Translation updates ==== xxhash ==== - Make use of openSUSE build flags ==== zxing-cpp ==== - Add back %{optflags} in c++ flags This was unintentionally disabled when c++17 was forced