Packages changed: 7zip autofs cloud-init colord docker-buildx (0.11.1 -> 0.11.2) dracut (059+suse.447.g9d1fc722 -> 059+suse.476.g5e324584) exiv2 freetype2 (2.13.0 -> 2.13.1) fuse3 (3.15.0 -> 3.15.1) harfbuzz (7.3.0 -> 8.0.1) kmod krb5 (1.20.1 -> 1.21.1) libX11 (1.8.5 -> 1.8.6) libgudev (237 -> 238) libstorage-ng (4.5.123 -> 4.5.127) libwebp (1.3.0 -> 1.3.1) openexr (3.1.7 -> 3.1.9) pipewire (0.3.72 -> 0.3.74) poppler (23.06.0 -> 23.07.0) poppler-qt5 (23.06.0 -> 23.07.0) python-charset-normalizer (3.1.0 -> 3.2.0) python-jsonschema (4.18.3 -> 4.18.4) python-referencing (0.29.1 -> 0.30.0) qemu (8.0.2 -> 8.0.3) setools smartmontools systemd (253.5 -> 253.7) systemd-presets-branding-openSUSE taglib (1.13 -> 1.13.1) xkeyboard-config (2.38 -> 2.39) xterm (382 -> 384) zimg (3.0.4 -> 3.0.5) zlib-ng-compat (2.1.2 -> 2.1.3) === Details === ==== 7zip ==== - Enable ARM64 ASM introduced in 23.01 ==== autofs ==== - Add autofs-suse-manpage-remove-initdir.patch Removes references of initdir from man pages (bsc#1207881) ==== cloud-init ==== - Update cloud-init-write-routes.patch (bsc#1212879) + Add necessary import statement - Enable flake8 linting, fix up patches + cloud-init-cve-2023-1786-redact-instance-data-json-main.patch + cloud-init-power-rhel-only.patch + cloud-init-write-routes.patch + datasourceLocalDisk.patch - Add cloud-init-power-rhel-only.patch (bsc#1210273) + Config module cc_refresh_rmc_and_interface is implemented such that it will only work on RH distros. Set the module availability accordingly. - Sensitive data exposure (bsc#1210277, CVE-2023-1786) + Add hidesensitivedata + Add cloud-init-cve-2023-1786-redact-inst-data.patch + Do not expose sensitive data gathered from the CSP ==== colord ==== Subpackages: colord-color-profiles libcolord2 libcolorhug2 - Tune _constraints for various architectures. ==== docker-buildx ==== Version update (0.11.1 -> 0.11.2) - Update to version 0.11.2: * vendor: github.com/moby/buildkit v0.12.1-0.20230717122532-faa0cc7da353 * vendor: github.com/tonistiigi/fsutil v0.0.0-20230629203738-36ef4d8c0dbb * vendor: github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb * tests: set a dedicated buildx config dir for each worker * ci: run docker-container tests in parallel * tests: share single docker between docker-container backends * vendor: update buildkit to master@2d91ddcceedc * k8s: fix missing kubeconfig check from endpoint * build: mark result handle build as internal * util/imagetools: remove unused Resolver.ImageConfig * hack(generated-files): bump golang image to bookworm * update go to 1.20.6 * hack: force go version to 1.20.5 * vendor: github.com/docker/docker@24.0 36e9e79 ==== dracut ==== Version update (059+suse.447.g9d1fc722 -> 059+suse.476.g5e324584) Subpackages: dracut-ima - Update to version 059+suse.476.g5e324584: This is the 2nd backport of the most important fixes and features from the upstream master branch, while the release date of version 060 is still undefined. Features: * feat(network-wicked): remove module * feat(systemd-rfkill): remove module * feat(livenet): add memory size check depending on live image size * feat(nvmf): add code for parsing the NBFT Fixes: * fix(systemd-sysext): handle confexts and correct extensions search path * fix(modsign): load keys to correct keyring * fix(dmsquash-live-autooverlay): specify filesystemtype when it is already known * fix(fs-lib): remove quoting form the first argument of the e2fsck call * fix(Makefile): remove leftover rpm build rules * fix(Makefile): no longer upload to kernel.org * fix(nvmf): support /etc/nvme/config.json * fix(nvmf): install 8021q module unconditionally * fix(install.d): respect even more kernel-install vars, plus style fixes * fix(install.d): respect more kernel-install env variables * fix(dracut.sh): also prevent fsfreeze for tmpfs * fix(dmsquash-live): allow other fstypes * fix(bluetooth): make bluetooth rules more strict * fix(bluetooth): add missing files * fix(bluetooth): include it if Appearance matches the value assigned for keyboard * fix(btrfs): do not require module via cmdline when --no-kernel * fix(btrfs): add missing cmdline function Other: * refactor(dracut-init.sh): remove redundant "dracut" from "dracut module" prints * refactor(virtiofs): remove exit after die * build: remove rpm spec file and build rules * docs: remove rd.lvm.snapsize and rd.lvm.snapshot * chore(gentoo.conf): remove examples to avoid confusion * chore: remove git2spec.pl, it is no longer used ==== exiv2 ==== - add exiv2-metadata-null-checks.patch fixes gwenview crashes and other apps https://github.com/Exiv2/exiv2/issues/2638 ==== freetype2 ==== Version update (2.13.0 -> 2.13.1) - update to 2.13.1: * New function `FT_Get_Default_Named_Instance` to get the index of the default named instance of an OpenType Variation Font. A new load flag `FT_LOAD_NO_SVG` to make FreeType ignore glyphs in an 'SVG ' table. * New function `FT_GlyphSlot_AdjustWeight` to adjust the glyph weight either horizontally or vertically. This is part of the `ftsynth.h` header file * TrueType interpreter version 38 (also known as 'Infinality') has been deactivated; the value of `TT_INTERPRETER_VERSION_38` is now the same as `TT_INTERPRETER_VERSION_40`. * Switching named instances on and off in Variation Fonts was buggy if the design coordinates didn't change. - drop enable-infinality-subpixel-hinting.patch (obsolete, infinality is deactivated) ==== fuse3 ==== Version update (3.15.0 -> 3.15.1) Subpackages: libfuse3-3 - Update to release 3.15.1 * Reduce default write size by half ==== harfbuzz ==== Version update (7.3.0 -> 8.0.1) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 8.0.1: + Build fix on 32-bit arm. + More speed optimizations: - 60% speedup in retaingids subsetting SourceHanSans-VF. - 38% speed up in subsetting (beyond-64k) mega-merged Noto. - 16% speed up in retain-gid (used for IFT) subsetting of NotoSansCJKkr. - Changes from version 8.0.0: + New, experimental, WebAssembly (WASM) shaper, that provides greater flexibility over OpenType/AAT/Graphite shaping, using WebAssembly embedded inside the font file. Currently WASM shaper is disabled by default and needs to be enabled at build time. + Improvements to Experimental features introduced in earlier releases: - Support for subsetting beyond-64k and VarComposites fonts. - Support for instancing variable fonts with cubic “glyf” table. - Many big speed optimizations. ==== kmod ==== Subpackages: kmod-bash-completion libkmod2 - Edit usr-lib-modules.patch to /lib/modules provide fallback behavior for successfully running `make modules_install` in pristine tarballs. ==== krb5 ==== Version update (1.20.1 -> 1.21.1) - update to 1.121.1 (CVE-2023-36054): * Fix potential uninitialized pointer free in kadm5 XDR parsing [CVE-2023-36054]. * Added a credential cache type providing compatibility with the macOS 11 native credential cache. * libkadm5 will use the provided krb5_context object to read configuration values, instead of creating its own. * Added an interface to retrieve the ticket session key from a GSS context. * The KDC will no longer issue tickets with RC4 or triple-DES session keys unless explicitly configured with the new allow_rc4 or allow_des3 variables respectively. * The KDC will assume that all services can handle aes256-sha1 session keys unless the service principal has a session_enctypes string attribute. * Support for PAC full KDC checksums has been added to mitigate an S4U2Proxy privilege escalation attack. * The PKINIT client will advertise a more modern set of supported CMS algorithms. * Removed unused code in libkrb5, libkrb5support, and the PKINIT module. * Modernized the KDC code for processing TGS requests, the code for encrypting and decrypting key data, the PAC handling code, and the GSS library packet parsing and composition code. * Improved the test framework's detection of memory errors in daemon processes when used with asan. ==== libX11 ==== Version update (1.8.5 -> 1.8.6) Subpackages: libX11-6 libX11-data libX11-xcb1 - update to 1.8.6: * InitExt.c: Add bounds checks for extension request, event, & error codes * Fixes CVE-2023-3138: X servers could return values from XQueryExtension that would cause Xlib to write entries out-of-bounds of the arrays to store them, though this would only overwrite other parts of the Display struct, not outside the bounds allocated for that structure. - drop U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch (upstream) ==== libgudev ==== Version update (237 -> 238) - Update to version 238: * Fix newline stripping * Add g_udev_device_get_current_tags() * Add a number of tests, and devel docs * Fix devhelp not being able to find the docs * Skip locale test with locale isn't available - Drop patches fixed upstream: * 71b2fda04dd71c637361e8ead103980ad6f27ed5.patch * 4216ecd4513bd4c8af73543817a51d6f72f166cc.patch ==== libstorage-ng ==== Version update (4.5.123 -> 4.5.127) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#941 - added get_version_string function - 4.5.127 - merge gh#openSUSE/libstorage-ng#940 - wait for block device before using blkdiscard - 4.5.126 - merge gh#openSUSE/libstorage-ng#939 - wait for block device before using wipefs (bsc#1213420) - coding style - 4.5.125 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.124 ==== libwebp ==== Version update (1.3.0 -> 1.3.1) Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3 - Update to version 1.3.1: * security fixes for lossless encoder (CVE-2023-1999) * improve error reporting through WebPPicture error codes * fix upsampling for RGB565 and RGBA4444 in NEON builds * img2webp: add -sharp_yuv & -near_lossless * fix webp_js with emcc >= 3.1.27 (stack size change) * CMake fixes * further updates to the container and lossless bitstream docs - Drop libwebp-double-free.patch: fixed upstream. ==== openexr ==== Version update (3.1.7 -> 3.1.9) Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30 - Add patch to fix regression on non-SSE architectures https://github.com/AcademySoftwareFoundation/openexr/issues/1460: * 1488.patch - Also disable 'DWA[AB]Compression' test on aarch64 as the patch above fixes the issue for all targets, except aarch64 - version update to 3.1.9 * Patch release that addresses miscelleneous build and doc issues, as well as: . OSS-fuzz 59382 Heap-buffer-overflow in internal_huf_decompress - update to 3.1.8: * Support for DWA compression in OpenEXRCore * Fix OSS-fuzz 59070 Stack-buffer-overflow in DwaCompressor_readChannelRules ==== pipewire ==== Version update (0.3.72 -> 0.3.74) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 0.3.74: * Highlights - Fix a critical bug where audio to bluetooth devices would cut out randomly. - Improve RAOP compatibility. - Avoid crashes after an update. - Small fixes and improvements. * PipeWire - Mix info on port is now created explicitly. - Remove the node as a driver peer when stopping. This caused some problem with playback on and other remote bluetooth devices. - Work on avoiding crashes when loading new modules that use internal API with old libpipewire. This is typical after an update where the old library is still loaded by an application but when a new stream is created, updated modules are loaded. * Modules - The RTP source module now has an option to ignore the SSRC, which is useful to continue to receive the stream when the sender is restarted. - The native protocol will refuse to load twice now instead of silently ignoring the error. - module-raop is compatible with more devices. * SPA - plugins will now warn when running out of buffers. This is always a bad thing. - Merge scope based cleanup macros. - Add ratelimit function. - Update to version 0.3.73: * Highlights - Fixes an ALSA resume after suspend error. - Handle and disable seemingly wrong hires timestamps from ALSA. - Filter-chain now has loadable plugin modules. The LV2 and sofa plugins are moved to a separate .so file to make things more modular. - Rate changes in the graph should now be handled more gracefully by loopback and filter-chain. - A regression in the rtp-sap module was fixed where it would in some cases fail to start. - A potential crash in the peaks resampler was fixed. - Many cleanups and other small bug fixes. * PipeWire - Fix a potential segfault when no fallback driver was set in the config. - Improve OPUS detection. - Add ASYNC flag to pw-filter and pw-stream when queue/dequeue is not called from the process function. This ensure we allocate an extra buffer. - Discard pending process callbacks when disconnecting. - Cleanups and improvements to the debug environment variable parsing. - The graph rate was tweaked to better handle very low rates   such as those requested by pavucontrol when it does the signal monitoring. * Modules - An example filter module was added. - Filter-chain and loopback now disable the resamplers if no rate is specified and will always follow the graph rate. - Improve setup of filter-chain. The graph is now created when starting because this ensure the target graph rate is known. - Filter-chain can now link notify ports to control ports in the graph. - Filter-chain now has loadable plugin modules. The LV2 and sofa plugins are moved to a separate .so file. - A regression in the rtp-sap module was fixed where it would in some cases fail to start. - Module-rt now has options to disable rlimits, portal and rtkit. - module-raop-discover now has an options to set the latency. * Tools - pw-cat now supports overriding all stream properties. * SPA - Disable rate negotiation when the resampler is disabled. We will always follow the graph rate. - Set device.icon property for UCM ports as well. - Improve ALSA recover when using hires timestamps. This fixes some problems after resume from suspend. - ALSA will now warn and disable hires timestamp when they seem wrong. They can also be disabled manually with a property. - V4l2 will now gracefully handle ENOTTY when enumerating frame sizes and frame rates. - A potential crash in the peaks resampler was fixed. * pulse-server - A client crash in pavucontrol is avoided by always setting a card name. - The graph rate is now taken correctly when using the FIX flags. - An option was added to ignore the FIX flags of a stream. Also the documentation for those options was updated. - module-raop-discover now support latency_msec. * Bluetooth - Remove an assert and issue a warning/recover instead when a buffer is too small. * GStreamer - The device provider does locking when destroying the registry. ==== poppler ==== Version update (23.06.0 -> 23.07.0) Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools - update to 23.07.0: core: * Fix reading of utf8-with-bom files * Fix crash if CERT_ExtractPublicKey doesn't return a public key * Fix rendering of some malformed documents. Issue #1395 * Allow for stream compression and compress font streams in forms Remove method Hints::getPageRanges qt5: * Fix crash when overprint preview is enabled * Don't fail signature basics tests if backend is not configured qt6: * Fix crash when overprint preview is enabled * Don't fail signature basics tests if backend is not configured utils: * pdfsig: Allow showung and selecting signature backend * pdfsig: Describe signature dump format in manual page ==== poppler-qt5 ==== Version update (23.06.0 -> 23.07.0) - update to 23.07.0: core: * Fix reading of utf8-with-bom files * Fix crash if CERT_ExtractPublicKey doesn't return a public key * Fix rendering of some malformed documents. Issue #1395 * Allow for stream compression and compress font streams in forms Remove method Hints::getPageRanges qt5: * Fix crash when overprint preview is enabled * Don't fail signature basics tests if backend is not configured qt6: * Fix crash when overprint preview is enabled * Don't fail signature basics tests if backend is not configured utils: * pdfsig: Allow showung and selecting signature backend * pdfsig: Describe signature dump format in manual page ==== python-charset-normalizer ==== Version update (3.1.0 -> 3.2.0) - update to 3.2.0: * Typehint for function `from_path` no longer enforce `PathLike` as its first argument * Minor improvement over the global detection reliability * Introduce function `is_binary` that relies on main capabilities, and optimized to detect binaries * Propagate `enable_fallback` argument throughout `from_bytes`, `from_path`, and `from_fp` that allow a deeper control over the detection (default True) * Edge case detection failure where a file would contain 'very- long' camel cased word (Issue #289) ==== python-jsonschema ==== Version update (4.18.3 -> 4.18.4) - update to 4.18.4: no changelog available, only a diff: https://github.com/python-jsonschema/jsonschema/compare/v4.18.3...v4.18.4 ==== python-referencing ==== Version update (0.29.1 -> 0.30.0) - Update to version 0.30.0: * Declare support for 3.12. * Update the referencing suite. - Update to version 0.29.3: * Spelling. - Update to version 0.29.2: * Improve the hashability of exceptions when they contain hashable data. * [pre-commit.ci] pre-commit autoupdate * Bump suite from `9335e4a` to `fe891e8` ==== qemu ==== Version update (8.0.2 -> 8.0.3) - Update to version 8.0.3: * See full log: https://lists.nongnu.org/archive/html/qemu-stable/2023-07/msg00086.html * Security issues fixed: - 9pfs: prevent opening special files (CVE-2023-2861) - vhost-vdpa (CVE-2023-3301) * Use the official xkb name for Arabic layout, not the legacy synonym (bsc#1212966) * [openSUSE][RPM] Update to version 8.0.3 ==== setools ==== Subpackages: python311-setools setools-console - Add python3-setuptools as a runtime requirement of python3-setools (boo#1213305) ==== smartmontools ==== - smartmontools.generate_smartd_opts.in: Fix generated options when SMARTD_SAVESTATES or SMARTD_ATTRLOG are set to "no" (bsc#1207461). ==== systemd ==== Version update (253.5 -> 253.7) Subpackages: libsystemd0 libudev1 systemd-coredump systemd-doc udev - Import commit 2dac0aff9ced1eca0cd11c24e264b33095ee5a5e (merge of v253.7) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/6458c066547eaadf0e9709e441ea36ad03faa860...2dac0aff9ced1eca0cd11c24e264b33095ee5a5e - Import commit 6458c066547eaadf0e9709e441ea36ad03faa860 (merge of v253.6) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/07bb12a282b0ea378850934c4a76008b448b8bad...6458c066547eaadf0e9709e441ea36ad03faa860 - Drop 5002-Revert-core-service-when-resetting-PID-also-reset-kn.patch, it's been backported to v253.6. - Move a bunch of files from systemd to udev. These are pretty useless without block devices. ==== systemd-presets-branding-openSUSE ==== - enable the various libvirt modular daemons (boo#1212195) ==== taglib ==== Version update (1.13 -> 1.13.1) - Update to version 1.13.1: * Fixed parsing of TXXX frames without description. * Detect MP4 atoms with invalid length or type. * Do not miss ID3v2 frames when an extended header is present. * Use property "DISCSUBTITLE" for ID3v2 "TSST" frame. * Build system improvements: Use absolute path for macOS dylib install name, support --define-prefix when using pkg-config, fixed minimum required CppUnit version. * Code clean up using clang-tidy. ==== xkeyboard-config ==== Version update (2.38 -> 2.39) - Update to version 2.39 * another bugfix release; also needed for changes for the Amharic (am_ET.UTF-8) compose key sequences in libX11 1.8.5 (see corresponding changelog entry in libX11 package); removes old remappings like ar --> ara (git db45bd75, 470ad2cd) [breaks current qemu build] ==== xterm ==== Version update (382 -> 384) Subpackages: xterm-bin xterm-resize - update to 384: * exclude ASCII space from showMissingGlyphs, since a few bitmap fonts lack this * correct a step in rendering double-width characters with bitmap-fonts * fixes for ReGIS-related problems: * mimic an undocumented hardware VT340 feature which handles color initialization with incomplete parameters. * handle whitespace between operator/operands for color values. * reset ReGIS-context when resetting graphics in RIS. ==== zimg ==== Version update (3.0.4 -> 3.0.5) - Update to 3.0.5 * colorspace: add ST.428-1 (gamma 2.6) transfer function * depth: fix AVX-512 integer to float border handling (introduced in 2.6) * depth: fix NEON dither border handling (introduced in 3.0) * graph: fix clipping in alpha premultiplication (introduced in 3.0) * x86: optimizations for AMD Zen4 processors - Drop e29571.patch ==== zlib-ng-compat ==== Version update (2.1.2 -> 2.1.3) - update to 2.1.3: * Fix endless loop bug in chunkcopy_safe. #1526 * Support using distro-supplied Gtest #1519 * Minor code cleanup of deflate.c #1500 * Improve buildsystem detection of ARM Cortex #1521 * Cross-compiling and little-endian fixes #1518 #1520 * Optimize compare256 using RVV #1498 * Optimize slide_hash using RVV #1522 - drop 1526.patch (upstream)