Packages changed: ImageMagick (7.1.1.12 -> 7.1.1.15) Mesa (23.1.4 -> 23.1.5) Mesa-drivers (23.1.4 -> 23.1.5) MozillaFirefox (115.0.3 -> 116.0.3) NetworkManager (1.42.8 -> 1.44.0) accountsservice at-spi2-core attica-qt5 (5.108.0 -> 5.109.0) baloo5 (5.108.0 -> 5.109.0) bash-completion bind (9.18.17 -> 9.18.18) bluez (5.66 -> 5.68) bluez-qt (5.108.0 -> 5.109.0) breeze5-icons (5.108.0 -> 5.109.0) brltty (6.5 -> 6.6) busybox-links ca-certificates-mozilla (2.60 -> 2.62) chrony (4.3 -> 4.4) cloud-init (23.1 -> 23.1.2) cockpit (293 -> 298) cockpit-podman (70 -> 74) colord dracut (059+suse.476.g5e324584 -> 059+suse.491.g87f19c22) firewalld frameworkintegration (5.108.0 -> 5.109.0) fuse3 (3.15.1 -> 3.16.1) gcc13 (13.1.1+git7597 -> 13.2.1+git7683) gdb gdbm gdm giflib glibc (2.37 -> 2.38) glu gmp (6.2.1 -> 6.3.0) gnome-bluetooth (42.5 -> 42.6) gnome-disk-utility gnome-settings-daemon gnome-software (44.3 -> 44.4) gnome-terminal (3.48.1 -> 3.48.2) gnutls (3.8.0 -> 3.8.1) gpgme (1.21.0 -> 1.22.0) grub2 gspell (1.12.1 -> 1.12.2) gtk3 gtk4 (4.10.4 -> 4.12.0) gupnp (1.6.4 -> 1.6.5) harfbuzz (8.0.1 -> 8.1.1) hwdata (0.372 -> 0.373) imlib2 (1.11.1 -> 1.12.0) installation-images-MicroOS (17.90 -> 17.91) kactivities-stats (5.108.0 -> 5.109.0) kactivities5 (5.108.0 -> 5.109.0) karchive (5.108.0 -> 5.109.0) kauth (5.108.0 -> 5.109.0) kbookmarks (5.108.0 -> 5.109.0) kcmutils (5.108.0 -> 5.109.0) kcodecs (5.108.0 -> 5.109.0) kcompletion (5.108.0 -> 5.109.0) kconfig (5.108.0 -> 5.109.0) kconfigwidgets (5.108.0 -> 5.109.0) kcoreaddons (5.108.0 -> 5.109.0) kcrash (5.108.0 -> 5.109.0) kdbusaddons (5.108.0 -> 5.109.0) kdeclarative (5.108.0 -> 5.109.0) kded (5.108.0 -> 5.109.0) kdelibs4support (5.108.0 -> 5.109.0) kdesu (5.108.0 -> 5.109.0) kdnssd-framework (5.108.0 -> 5.109.0) kdoctools (5.108.0 -> 5.109.0) kernel-firmware (20230724 -> 20230814) kernel-source (6.4.6 -> 6.4.11) keylime (7.3.0 -> 7.4.0) kfilemetadata5 (5.108.0 -> 5.109.0) kglobalaccel (5.108.0 -> 5.109.0) kguiaddons (5.108.0 -> 5.109.0) kholidays (5.108.0 -> 5.109.0) khtml (5.108.0 -> 5.109.0) ki18n (5.108.0 -> 5.109.0) kiconthemes (5.108.0 -> 5.109.0) kidletime (5.108.0 -> 5.109.0) kimageformats (5.108.0 -> 5.109.0) kinit (5.108.0 -> 5.109.0) kio (5.108.0 -> 5.109.0) kirigami2 (5.108.0 -> 5.109.0) kitemmodels (5.108.0 -> 5.109.0) kitemviews (5.108.0 -> 5.109.0) kjobwidgets (5.108.0 -> 5.109.0) kjs (5.108.0 -> 5.109.0) kmod knewstuff (5.108.0 -> 5.109.0) knotifications (5.108.0 -> 5.109.0) knotifyconfig (5.108.0 -> 5.109.0) kpackage (5.108.0 -> 5.109.0) kparts (5.108.0 -> 5.109.0) kpeople5 (5.108.0 -> 5.109.0) kpty (5.108.0 -> 5.109.0) kquickcharts (5.108.0 -> 5.109.0) krunner (5.108.0 -> 5.109.0) kservice (5.108.0 -> 5.109.0) ktexteditor (5.108.0 -> 5.109.0) ktextwidgets (5.108.0 -> 5.109.0) kunitconversion (5.108.0 -> 5.109.0) kwallet (5.108.0 -> 5.109.0) kwayland (5.108.0 -> 5.109.0) kwidgetsaddons (5.108.0 -> 5.109.0) kwindowsystem (5.108.0 -> 5.109.0) kxmlgui (5.108.0 -> 5.109.0) less (633 -> 643) libKF5ModemManagerQt (5.108.0 -> 5.109.0) libKF5NetworkManagerQt (5.108.0 -> 5.109.0) libadwaita (1.3.3 -> 1.3.4) libcloudproviders (0.3.1 -> 0.3.2) libcontainers-common (20230214 -> 20230814) libdnf (0.70.1 -> 0.70.2) libgweather4 (4.2.0 -> 4.3.2) libimobiledevice (1.3.0+179git.20230430 -> 1.3.0+190git.20230705) liblc3 (1.0.3 -> 1.0.4) libpaper (2.1.0 -> 2.1.1) libplacebo (6.292.0 -> 6.292.1) libselinux libsemanage libsoup2 libssh libstorage-ng (4.5.133 -> 4.5.136) libxmlb (0.3.11 -> 0.3.13) libzypp (17.31.17 -> 17.31.19) lvm2 lvm2-device-mapper man (2.10.2 -> 2.11.2) mokutil mozjs102 (102.12.0 -> 102.14.0) mutter ncurses (6.4.20230715 -> 6.4.20230812) openssl-3 (3.1.1 -> 3.1.2) openssl (3.1.1 -> 3.1.2) opensuse-welcome (0.1.9+git.0.66be0d8 -> 0.1.9+git.35.4b9444a) openvpn (2.6.5 -> 2.6.6) osinfo-db (20230518 -> 20230719) pam pam-full-src patterns-base patterns-microos perl (5.36.1 -> 5.38.0) perl-LWP-Protocol-https (6.10 -> 6.110.0) pipewire (0.3.76 -> 0.3.77) plasma-framework (5.108.0 -> 5.109.0) plasma5-desktop (5.27.7 -> 5.27.7.1) plasma5-workspace plymouth podman (4.6.0 -> 4.6.1) prison-qt5 (5.108.0 -> 5.109.0) procmail (3.22 -> 3.24) procps4 purpose (5.108.0 -> 5.109.0) python-M2Crypto python-PyYAML (6.0 -> 6.0.1) python-Pygments (2.15.1 -> 2.16.1) python-SQLAlchemy python-alembic (1.10.4 -> 1.11.2) python-blinker python-certifi (2023.5.7 -> 2023.7.22) python-click (8.1.3 -> 8.1.6) python-cryptography (41.0.2 -> 41.0.3) python-gevent (22.10.2 -> 23.7.0) python-jsonschema (4.18.4 -> 4.18.6) python-numpy (1.24.2 -> 1.25.2) python-pexpect python-psutil python-pycups python-pyzmq (25.0.2 -> 25.1.1) python-referencing (0.30.0 -> 0.30.2) python-semanage python-typing_extensions (4.5.0 -> 4.7.1) python311 python311-core qemu (8.0.3 -> 8.0.4) qqc2-desktop-style (5.108.0 -> 5.109.0) rebootmgr (2.0 -> 2.1) rpm setools (4.4.2 -> 4.4.3) shadow (4.13 -> 4.14.0) signon (8.60 -> 8.61) slirp4netns (1.2.0 -> 1.2.1) smartmontools (7.3 -> 7.4) solid (5.108.0 -> 5.109.0) sonnet (5.108.0 -> 5.109.0) speech-dispatcher (0.11.4 -> 0.11.5) srt (1.5.1 -> 1.5.2) suse-module-tools (16.0.32 -> 16.0.33) syndication (5.108.0 -> 5.109.0) syntax-highlighting (5.108.0 -> 5.109.0) system-config-printer systemd (253.7 -> 253.8) sysvinit (3.07 -> 3.08) tar telepathy-logger threadweaver (5.108.0 -> 5.109.0) tracker-miners upower (1.90.1 -> 1.90.2) util-linux util-linux-systemd webkit2gtk3 (2.40.4 -> 2.40.5) webkit2gtk4 (2.40.4 -> 2.40.5) wpebackend-fdo (1.14.0 -> 1.14.2) wtmpdb (0.7.1 -> 0.9.1) xdg-desktop-portal-gnome (44.1 -> 44.2) xmlsec1 xz (5.4.3 -> 5.4.4) yast2-country (4.6.2 -> 4.6.3) yast2-installation (4.6.5 -> 4.6.7) yast2-packager (4.6.1 -> 4.6.2) zxing-cpp === Details === ==== ImageMagick ==== Version update (7.1.1.12 -> 7.1.1.15) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.1.15 * upstream changelog: https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-15---2023-07-30 - modified patches % ImageMagick-library-installable-in-parallel.patch (refreshed) - deleted patches - ImageMagick-CVE-2023-3428.patch (upstreamed) ==== Mesa ==== Version update (23.1.4 -> 23.1.5) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Update to bugfix release 23.1.5 - -> https://docs.mesa3d.org/relnotes/23.1.4.html ==== Mesa-drivers ==== Version update (23.1.4 -> 23.1.5) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Update to bugfix release 23.1.5 - -> https://docs.mesa3d.org/relnotes/23.1.4.html ==== MozillaFirefox ==== Version update (115.0.3 -> 116.0.3) - Mozilla Firefox 116.0.3 * Fixed an issue for OPFS users that broke access to files that were locally cached in a previous version (bmo#1847989, bmo#1847619) * Fixed an issue that was breaking screensharing for some users on Wayland (bmo#1841851) * Fixed an issue where a fullscreen notification was persistently being shown to a user, even after disabling it (bmo#1847901) * Fixed an issue where Firefox would hang when doing a Google search (bmo#1847066) - After further testing on memory consumption during linking, it's safe to remove most of the memory reducing options for ix86 linker. A combination of these actually resulted in the OOM condition. It's even possible to add basic debugging info while keeping linker memory consumption at about 2GB - Mozilla Firefox 116.0.2 * fixes for other platforms - Workarold ld bug causing OOM when linking on 32-bit - Remove -j1 limit on x86. The build runs on 64-bit kernel with a 32-bit userland. This means there is plenty of memory available but userland is limited to just under 4GB per process. - Mozilla Firefox 116.0.1 * fixes for other platforms - ship vaapitest binary for supported archs - re-enable ppc64le - ship v4l2test binary for supported archs - drop obsolete mozilla-bmo1775202.patch - Mozilla Firefox 116.0 * https://www.mozilla.org/en-US/firefox/116.0/releasenotes/ MFSA 2023-29 (bsc#1213746) * CVE-2023-4045 (bmo#1833876) Offscreen Canvas could have bypassed cross-origin restrictions * CVE-2023-4046 (bmo#1837686) Incorrect value used during WASM compilation * CVE-2023-4047 (bmo#1839073) Potential permissions request bypass via clickjacking * CVE-2023-4048 (bmo#1841368) Crash in DOMParser due to out-of-memory conditions * CVE-2023-4049 (bmo#1842658) Fix potential race conditions when releasing platform objects * CVE-2023-4050 (bmo#1843038) Stack buffer overflow in StorageManager * CVE-2023-4051 (bmo#1821884) Full screen notification obscured by file open dialog * CVE-2023-4052 (bmo#1824420) File deletion and privilege escalation through Firefox uninstaller * CVE-2023-4053 (bmo#1839079) Full screen notification obscured by external program * CVE-2023-4054 (bmo#1840777) Lack of warning when opening appref-ms files * CVE-2023-4055 (bmo#1782561) Cookie jar overflow caused unexpected cookie jar state * CVE-2023-4056 (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 * CVE-2023-4057 (bmo#1841682) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1 * CVE-2023-4058 (bmo#1819160, bmo#1828024) Memory safety bugs fixed in Firefox 116 - require NSS 3.91 - remove obsolete mozilla-fix-top-level-asm.patch - re-enable LTO ==== NetworkManager ==== Version update (1.42.8 -> 1.44.0) Subpackages: NetworkManager-bluetooth NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Update to version 1.44.0: + Introduce a new "link" setting that holds properties related to the kernel link such as "tx-queue-length", "gso-max-size", "gso-max-segments", "gro-max-size". + Support sending a DHCPv6 prefix delegation hint via the "ipv6.dhcp-pd-hint" connection property. + Support new bond options: "arp_missed_max", "lacp_active", "ns_ip6_target". + Add new "initial-eps-bearer-configure" and "initial-eps-bearer-apn" properties in the GSM setting. + Setting "connection.stable-id=default${CONNECTION}" changed behavior to be identical to the built-in default value when the stable-id is not set. + Add a "[keyfile].rename" option to NetworkManager.conf to force renaming profiles on disk when their name changes. + The ifcfg-rh plugin is deprecated; it will only receive bugfixes and no new features. A warning is emitted the log when a connection in ifcfg-rh format is found. + To automatically migrate existing ifcfg-rh connections to the keyfile format, a new configuration option "main.migrate-ifcfg-rh" is provided. Migration is disabled by default, but the default value can be changed at build time via "--with-config-migrate-ifcfg-rh-default=yes". + When configuring hostnames in non-public TLD (like "example.local"), use the TLD as default search domain instead of the full hostname. + Always apply DNS options from the [global-dns] configuration section + The NetworkManager daemon now acquires the D-Bus name only after populating the D-Bus tree. This can add a delay during startup but it is required to avoid race conditions with other services depending on NM. + Add a "version-id" argument to the Update2() D-Bus call to guard against concurrent modifications of profiles. + Don't use tentative IPv6 addresses to resolve the system hostname via DNS. + Track the number of autoconnect retries left for each device and connection. Previously it was tracked only per connection and this lead to unexpected behaviors in case of multiconnect profiles. + Set VLAN filtering options on bridge via netlink instead of sysfs. + nm-cloud-setup now supports IMDSv2 on Amazon EC2. + nmtui now allows to enable or disable Wi-Fi and WWAN radios. + Honor ignore-carrier=no for bond/bridge/team devices. + Add version mismatch warning when running nmcli commands. - Rebase patches with quilt. ==== accountsservice ==== Subpackages: libaccountsservice0 typelib-1_0-AccountsService-1_0 - Rebase as-fate318433-prevent-same-account-multi-logins.patch: (bsc#1213884). ==== at-spi2-core ==== Subpackages: libatk-1_0-0 libatk-bridge-2_0-0 libatspi0 typelib-1_0-Atk-1_0 typelib-1_0-Atspi-2_0 - Support build environments like SLE 15 SP5 and Leap 15.5 which had %{_distconfdir) not defined yet. ==== attica-qt5 ==== Version update (5.108.0 -> 5.109.0) Subpackages: libKF5Attica5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== baloo5 ==== Version update (5.108.0 -> 5.109.0) Subpackages: baloo5-file baloo5-file-lang baloo5-imports baloo5-kioslaves baloo5-kioslaves-lang baloo5-tools baloo5-tools-lang libKF5Baloo5 libKF5BalooEngine5 libKF5BalooEngine5-lang - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Document uses and abuses of Baloo::IndexerConfig * [BalooSearch] Add sort order option * [Codecs] Make encode/decode methods static, cleanup * [QueryTest] Add full stack test * [TermGeneratorTest] Extend phrase coverage * [AdvancedQueryParserTest] Extend phrase coverage * [SearchStore] Move private helpers to anonymous namespace * [BasicIndexingJob] Ignore filename based mimetype for empty files * Reduce filesystem dependencies in more tests * [DocumentUrlDbTest] Remove file system dependencies from test * [DocumentUrlDb] Split document addition and file tree creation * [DocumentUrlDbTest] Use explicit recursion when walking directory tree * [Transaction] Use DocumentUrlDB::contains * [DocumentUrlDB] Add `contains` method * Remove proxy for obsolete org.kde.baloo interface * [Transaction] Remove Transaction::exec convenience method * Add explicit moc includes to sources for moc-covered headers ==== bash-completion ==== - Modify patches * ls-completion-boo889319.patch * rm-completion-smart-boo958462.patch to avoid skipping spaces after last word on command line (boo#1210974) - Add patch fix_quote_readline_by_ref.patch * Do not escape leading ~ nor backslash and avoid empty quoting ==== bind ==== Version update (9.18.17 -> 9.18.18) - Update to release 9.18.18 Feature Changes: * When a primary server for a zone responds to an SOA query, but the subsequent TCP connection required to transfer the zone is refused, that server is marked as temporarily unreachable. This now also happens if the TCP connection attempt times out, preventing too many zones from queuing up on an unreachable server and allowing the refresh process to move on to the next configured primary more quickly. * The dialup and heartbeat-interval options have been deprecated and will be removed in a future BIND 9 release. Bug Fixes: * Processing already-queued queries received over TCP could cause an assertion failure, when the server was reconfigured at the same time or the cache was being flushed. This has been fixed. * Setting dnssec-policy to insecure prevented zones containing resource records with a TTL value larger than 86400 seconds (1 day) from being loaded. This has been fixed by ignoring the TTL values in the zone and using a value of 604800 seconds (1 week) as the maximum zone TTL in key rollover timing calculations. ==== bluez ==== Version update (5.66 -> 5.68) Subpackages: bluez-auto-enable-devices bluez-cups libbluetooth3 - Use %_firmwaredir - For pushing bluez 5.68 to 15-SP6 (bluez-5.65), sync change log: (jsc#PED-5599) - RPi-Move-the-43xx-firmware-into-lib-firmware.patch be removed by Stefan Seyfried since updating to bluez-5.66. (bsc#995059)(bsc#1094902) Because the header file has "#ifndef FIRMWARE_DIR...#define FIRMWARE_DIR /etc/firmare" instead of patching. So we just supply FIRMWARE_DIR on compiler's command line in bluez.spec: export CPPFLAGS="$CPPFLAGS -DFIRMWARE_DIR='\"/lib/firmware\"' - For pushing bluez 5.68 to 15-SP6 (bluez-5.65), sync change log: (jsc#PED-5599) - The avrcp-Fix-crash-while-handling-unsupported-events.patch be merged to bluez-5.67 since 2023. (bsc#1210398)(CVE-2023-27349) - 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch be removed by Timo Jyrinki when updating to 5.68. I saw some reasons: - Upstream didn't take this patch: https://www.spinics.net/lists/linux-bluetooth/msg40136.html - Fedora also marked this patch in bluez.spec since bluez-5.68-2.fc39 https://src.fedoraproject.org/rpms/bluez/blob/2b133d795f4f823c8b22ef5a07569792ad7ce6aa/f/bluez.spec We didn't put any bug number of this patch when it be introduced to bluez.spec since Nov 23, 2021. So, let's remove this patch unless upstream or Fedora add it back. - update to 5.68 * Fix issue with A2DP and handling of Transport.Acquire. * Fix issue with BAP and initiating QoS and Enable procedures. * Fix issue with BAP and detaching streams when PAC is removed. * Fix issue with BAP and reading all instances of PAC. * Fix issue with BAP and not being able to reconfigure. * Fix issue with BAP and transport configuration changes. * Fix issue with BAP and handling unexpected disconnect. * Fix issue with GATT and not removing pending services. * Fix issue with GATT and client ready handling. * Fix issue with handling fallback to transient hostname. * Add support for SecureConnections configuration option. * Add support for Mesh Remove Provisioning. * Add support for Mesh Private Beacons. - Remove patches that are not needed with the new upstream. ==== bluez-qt ==== Version update (5.108.0 -> 5.109.0) Subpackages: bluez-qt-imports bluez-qt-udev libKF5BluezQt6 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Remove code variants for building with Qt 6 * Add explicit moc includes to sources for moc-covered headers ==== breeze5-icons ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - No code change since 5.108.0 ==== brltty ==== Version update (6.5 -> 6.6) Subpackages: brltty-driver-at-spi2 brltty-driver-brlapi brltty-driver-speech-dispatcher brltty-driver-xwindow libbrlapi0_8 python3-brlapi system-user-brltty xbrlapi - Add e6707d5e.patch: brlapi: Fix python crash on connection error. Cython 3.0 started using the new Python object finalization APIs from PEP 442. - Update to version 6.6: + Too many changes; please read ChangeLog - Update api_version. - Rebase brltty-udev-dir.patch. ==== busybox-links ==== Subpackages: busybox-coreutils busybox-grep busybox-gzip busybox-hostname busybox-sed busybox-sendmail busybox-which busybox-xz - Check in filelists instead of buildrequiring all non-busybox utils ==== ca-certificates-mozilla ==== Version update (2.60 -> 2.62) - readd _multibuild - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ==== chrony ==== Version update (4.3 -> 4.4) Subpackages: chrony-pool-openSUSE - Update to 4.4: * Add support for AES-GCM-SIV with Nettle >= 3.9 to shorten NTS cookies to avoid some length-specific blocking of NTP on Internet. * Add support for multiple refclocks using extpps option on one PHC. * Add maxpoll option to hwtimestamp directive to improve PHC tracking with low packet rates * Add hwtstimeout directive to configure timeout for late timestamps. * Handle late hardware transmit timestamps of NTP requests on all sockets. * Handle mismatched 32/64-bit time_t in SOCK refclock samples * Improve source replacement * Log important changes made by command requests (chronyc) * Refresh address of NTP sources periodically * Set DSCP for IPv6 packets * Shorten NTS-KE retry interval when network is down * Update seccomp filter for musl * Warn if loading keys from file with unexpected permissions * Warn if source selection fails or falseticker is detected * Add selectopts command to modify source-specific selection options. * Add timestamp sources to serverstats report and make its fields 64-bit. * Add -e option to chronyc to indicate end of response - Update clknetsim to snapshot ef2a7a9. ==== cloud-init ==== Version update (23.1 -> 23.1.2) - update to 23.1.2: * Make user/vendor data sensitive and remove log permissions * source: Force OpenStack when it is only option (#2045) * sources/azure: fix regressions in IMDS behavior - drop cloud-init-cve-2023-1786-redact-instance-data-json-main.patch (upstream) - spec-file cleanups, including dropping flake8 (as build fails with newer flake8 versions) ==== cockpit ==== Version update (293 -> 298) Subpackages: cockpit-bridge cockpit-packagekit cockpit-system - new version 298: https://cockpit-project.org/blog/cockpit-298.html - set setroubleshoot-server dependency and do not apply 0002-selinux-temporary-remove-setroubleshoot-section-patch for cockpit-selinux when build for SLE Micro 5.5 - new version 297: - https://cockpit-project.org/blog/cockpit-297.html - hide-docs.patch: refreshed - new version 296: - https://cockpit-project.org/blog/cockpit-296.html - https://cockpit-project.org/blog/cockpit-295.html - https://cockpit-project.org/blog/cockpit-294.html - 0004-leap-gnu18-removal.patch: added support for Leap thanks to Lubos ==== cockpit-podman ==== Version update (70 -> 74) - New version 74: * Bug fixes and translation updates * fixes for PatternFly 5 - deps.patch: fix dependencies - New version 73. Changes since 70 include, * show time of container's latest checkpoint * Bug fixes and translation updates * Add manifest condition for the Python bridge - 1299.patch: included in release and deleted here ==== colord ==== Subpackages: colord-color-profiles libcolord2 libcolorhug2 - Reduce memory constraints for riscv64 ==== dracut ==== Version update (059+suse.476.g5e324584 -> 059+suse.491.g87f19c22) Subpackages: dracut-ima - Update to version 059+suse.491.g87f19c22: * fix(dracut-install): protect against broken links pointing to themselves * fix(dracut.sh): exit if resolving executable dependencies fails (bsc#1214081) - Update to version 059+suse.488.g81715832: This is the 3rd backport of the most important fixes and features from the upstream master branch, while the release date of version 060 is still undefined. * fix(systemd-udevd): add missing override paths * fix(systemd-journald): add systemd-sysusers dependency * fix(base): correct handling of quiet in loginit * chore(suse): require gawk instead of awk * refactor(install): log about missing firmware only once * fix(integrity): do not require ls * fix(dracut-init.sh): `module_check` method ignores `forced` option * fix(man): add missing initrd-root-device.target to flow chart * fix(dracut-init.sh): use the local _ret variable * fix(dracut.sh): use gawk for strtonum * fix(man): remove duplicate entry ==== firewalld ==== Subpackages: firewalld-bash-completion python3-firewall - fix(cli): all --list-all-zones output identical (boo#1213609) [+ fix_list_all_zones_output.patch] ==== frameworkintegration ==== Version update (5.108.0 -> 5.109.0) Subpackages: frameworkintegration-plugin libKF5Style5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== fuse3 ==== Version update (3.15.1 -> 3.16.1) Subpackages: libfuse3-3 - Update to release 3.16.1 * Readdir kernel cache can be enabled from high-level API. ==== gcc13 ==== Version update (13.1.1+git7597 -> 13.2.1+git7683) Subpackages: cpp13 libgcc_s1 libgfortran5 libgomp1 libobjc4 libstdc++6 libstdc++6-pp libubsan1 - Bump to cc279d6c64562f05019e1d12d0d825f9391b5553, git7683 * Includes GCC 13.2 release * Includes patch to fix broken testcase in libbacktrace, fixing build problems on SLES 12 - gdcflags.patch: Use substituted GDCFLAGS - Filter out -Werror=return-type from D compile flags ==== gdb ==== - Drop libdebuginfod1 BuildRequires/Recommends. The former isn't needed because there's a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it's bogus since RPM auto generated dependency will take care of that requirement. ==== gdbm ==== Subpackages: libgdbm6 libgdbm_compat4 - Fix bsc#1209583, gdbm_load and gdbm_dump receive a SEGFAULT if run without arguments bsc1209583.patch ==== gdm ==== Subpackages: gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Do not use %autopatch to build on SLE where rpm version is not ready for the macro. ==== giflib ==== - Define make_build for distributions which do not define them in system macros ==== glibc ==== Version update (2.37 -> 2.38) Subpackages: glibc-extra glibc-locale glibc-locale-base nscd - Update to glibc 2.38 * When C2X features are enabled and the base argument is 0 or 2, the following functions support binary integers prefixed by 0b or 0B as input * PRIb*, PRIB* and SCNb* macros from C2X have been added to . * printf-family functions now support the wN format length modifiers for arguments of type intN_t, int_leastN_t, uintN_t or uint_leastN_t and the wfN format length modifiers for arguments of type int_fastN_t or uint_fastN_t, as specified in draft ISO C2X * A new tunable, glibc.pthread.stack_hugetlb, can be used to disable Transparent Huge Pages (THP) in stack allocation at pthread_create * Vector math library libmvec support has been added to AArch64 * The strlcpy and strlcat functions have been added * CVE-2023-25139: When the printf family of functions is called with a format specifier that uses an (enable grouping) and a minimum width specifier, the resulting output could be larger than reasonably expected by a caller that computed a tight bound on the buffer size - Enable build with _FORTIFY_SOURCE - glibc-2.3.90-langpackdir.diff: avoid reference to __strcpy_chk - iconv-error-verbosity.patch: iconv: restore verbosity with unrecognized encoding names (BZ #30694) - printf-grouping.patch, strftime-time64.patch, getlogin-no-loginuid.patch, fix-locking-in-_IO_cleanup.patch, gshadow-erange-rhandling.patch, system-sigchld-block.patch, gmon-buffer-alloc.patch, check-pf-cancel-handler.patch, powerpc64-fcntl-lock.patch, realloc-limit-chunk-reuse.patch, dl-find-object-return.patch; Removed ==== glu ==== - devel package: added missing dep to Mesa GL devel package (boo#1213976) ==== gmp ==== Version update (6.2.1 -> 6.3.0) - GMP 6.3.0 * A possible overflow of type int is avoided for mpz_cmp on huge operands. * A possible error condition when a malformed file is read with mpz_inp_raw is now correctly handled. * New public function mpz_prevprime, companion of the existing mpz_nextprime. * New documented pointer types mpz_ptr, mpz_srcptr, and similar for other GMP types. Refer to the manual for full list and suggested usage. These types have been present in gmp.h at least since GMP-4.0, but previously not advertised to users. * Support for 64-bit Arm under Macos. * Support for the loongarch64 CPU family. * Support for building with LTO, link-time optimisations. * New special code for base = 2 in mpz_powm reduces the average time for the functions that test primality. * Speedup for the function mpz_nextprime on large operands. * Speedup for multiplications (some sizes only) thanks to new internal functions to compute small negacyclic products. * Special assembly code for IBM z13 and later "mainframe" CPUs, resulting in a huge speedup. * Improved assembly for several 64-bit x86 CPUs, Risc-V, 64-bit Arm. - Removed gmp-6.2.1-CVE-2021-43618.patch which is included in the new release. ==== gnome-bluetooth ==== Version update (42.5 -> 42.6) Subpackages: libgnome-bluetooth-3_0-13 libgnome-bluetooth-ui-3_0-13 typelib-1_0-GnomeBluetooth-3_0 - Update to version 42.6: + Fix problems with icons for mice and tablets. + Updates status labels to be dimmed by default. + Updated translations. ==== gnome-disk-utility ==== - Support build environments like SLE 15 SP5 and Leap 15.5 which had %{_distconfdir) not defined yet. ==== gnome-settings-daemon ==== - Do not use %autopatch to build on SLE where rpm version is not ready for the macro. - Drop patch gnome-settings-daemon-bnc873545-hide-warnings.patch: the relevant color management has been moved to mutter. ==== gnome-software ==== Version update (44.3 -> 44.4) Subpackages: gnome-software-plugin-packagekit - Update to version 44.4: + Improve error notifications from failed GPG checks. + Disable animations in the UI according to the user’s accessibility settings. + Fix applying updates which require some packages to be removed to satisfy dependencies. + Updated translations. ==== gnome-terminal ==== Version update (3.48.1 -> 3.48.2) Subpackages: gnome-shell-search-provider-gnome-terminal nautilus-extension-terminal - Update to version 3.48.2: + build: Bump vte req version. + Updated translations. ==== gnutls ==== Version update (3.8.0 -> 3.8.1) - Fix missing GNUTLS_NO_EXTENSIONS compatibility. * Upstream: gitlab.com/gnutls/gnutls/commit/abfa8634 * Add gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch - tests: Fix the SRP test that fails with SIGPIPE signal return due to a socket being closed before using it. * Add gnutls-srp-test-SIGPIPE.patch - Update to version 3.8.1: * libgnutls: ClientHello extensions are randomized by default To make fingerprinting harder, TLS extensions in ClientHello messages are shuffled. As this behavior may cause compatibility issue with legacy applications that do not accept the last extension without payload, the behavior can be reverted with the %NO_SHUFFLE_EXTENSIONS priority keyword. * libgnutls: Add support for RFC 9258 external PSK importer. This enables to deploy the same PSK across multiple TLS versions (TLS 1.2 and TLS 1.3) in a secure manner. To use, the application needs to set up a callback that formats the PSK identity using gnutls_psk_format_imported_identity(). * libgnutls: %GNUTLS_NO_EXTENSIONS has been renamed to %GNUTLS_NO_DEFAULT_EXTENSIONS. * libgnutls: Add additional PBKDF limit checks in FIPS mode as defined in SP 800-132. Minimum salt length is 128 bits and minimum iterations bound is 1000 for PBKDF in FIPS mode. * libgnutls: Add a mechanism to control whether to enforce extended master secret (RFC 7627). FIPS 140-3 mandates the use of TLS session hash (extended master secret, EMS) in TLS 1.2. To enforce this, a new priority keyword %FORCE_SESSION_HASH is added and if it is set and EMS is not set, the peer aborts the connection. This behavior is the default in FIPS mode, though it can be overridden through the configuration file with the "tls-session-hash" option. In either case non-EMS PRF is reported as a non-approved operation through the FIPS service indicator. * New option --attime to specify current time. To make testing with different timestamp to the system easier, the tools doing certificate verification now provide a new option - -attime, which takes an arbitrary time. * API and ABI modifications: gnutls_psk_client_credentials_function3: New typedef gnutls_psk_server_credentials_function3: New typedef gnutls_psk_set_server_credentials_function3: New function gnutls_psk_set_client_credentials_function3: New function gnutls_psk_format_imported_identity: New function GNUTLS_PSK_KEY_EXT: New enum member of gnutls_psk_key_flags * Rebase patches: - gnutls-FIPS-140-3-references.patch - gnutls-FIPS-jitterentropy.patch * Remove patches merged/fixed upstream: - gnutls-FIPS-PCT-DH.patch - gnutls-FIPS-PCT-ECDH.patch ==== gpgme ==== Version update (1.21.0 -> 1.22.0) Subpackages: libgpgme11 libgpgmepp6 python311-gpg - Fix builds with qt and qt6 [T6673]: * qt,tests: Fix build in source directory. Include Qt binding sources before C++ binding sources and C sources. This fixes the problem that the debug.h in the C sources was found before the one in the Qt bindings. * build: Suggest out-of-source build. Suggest to run configure from a build subdirectory. * Add patches: - gpgme-qt-tests-Fix-build-in-source-directory.patch - gpgme-build-Suggest-out-of-source-build.patch - Update to 1.22.0: * Prevent wrong plaintext when verifying clearsigned signature. * Return bad data error instead of general error on unexpected data. * Take care of offline mode for all operations of gpgsm engine. * Prepare the use of the forthcoming libassuan version 3. * New configure option --with-libtool-modification. * cpp: Expose gpgme_decrypt_result_t.is_mime. * qt: Clean up after failure or cancel of sign/encrypt archive operation. * qt: Add setInputEncoding to QGpgMe::EncryptJob. * qt: Make toLogString helper public. * Interface changes relative to the 1.21.0 release: - qt: EncryptJob::setInputEncoding NEW. - qt: DecryptionResult::isMime NEW. - qt: toLogString NEW. - Run testsuite in qemu build ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Change the bash-completion directory (bsc#1213855) * grub2-change-bash-completion-dir.patch ==== gspell ==== Version update (1.12.1 -> 1.12.2) - Update to version 1.12.2: + Small code maintenance: don't use g_slice_*(). ==== gtk3 ==== Subpackages: gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-tigrigna gtk3-immodule-vietnamese gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Do not use %autopatch to build on SLE where rpm version is not ready for the macro. ==== gtk4 ==== Version update (4.10.4 -> 4.12.0) Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Add 6af9dc86.patch: print: Revert "Start sorting apart includes" change for gtkprinteroptionprivate.h. - Update to version 4.12.0: + List widgets: Add scroll_to APIs + GtkFileLauncher: Add an always-ask property + GtkTextView: Make backspace behavior match GtkEntry + gsk: Fix handling of luminance in mask nodes + Text rendering: Automate the setting of gtk-hint-font-metrics from the scale factor. This improves font rendering in flatpaks + Wayland: - Fix behavior of stylus buttons - Support suspended window state + Vulkan: Many improvements + Tools: Add gtk4-rendernode-tool + Debugging: Drop the GTK_DEBUG_TOUCHSCREEN flag + Build: Some build options have been renamed: - gtk_doc -> documentation - update_screenshots -> screenshots - The old names still work + Updated translations. - Update option passed to meson following upstream changes. - Update to version 4.11.4: + GtkFileChooser: - Default to sorting folders first - Fix a crash when visiting recent files + GtkTextView: Fix corner cases in word navigation + GtkMenuButton: Normalize label layout + GtkDropDown: Add support for sections + GtkVideo: Make the overlay icon clickable + GtkWindow: Clear the resize cursors to avoid artifacts + GtkFileDialog: Always set initial-folder + GtkDropDown: Update on expression changes + GtkMapListModel: Implement GtkSectionModel + Accessibility: - Improvements all over the place: GtkButton, GtkPasswordEntry, GtkFontChooserDialog, GtkColorChooserDialog, GtkShortcutsWindow, GtkMenuButton, GtkAboutDialog, GtkFileChooserDialog, GtkStackSidebar, GtkStackSwitcher, GtkMediaControls, GtkColorDialogButton, GtkDropDown, GtkInfoBar, GtkNotebook, GtkPrintUnixDialog, GtkModelButton - Make name computation follow the ARIA spec more closely - Adapt name computation for the common 'nested button' scenario - Change many containers to use `generic` instead of `group` - Use `generic` as the default role - Use `application` instead of `window` for windows - Add properties for accessible names of not directly exposed widgets in GtkListView, GtkGridView and GtkColumnView + DND: Fix criticals when drops are rejected + X11: Fix regressions in GLX setup + Windows: Center newly created transient windows + Vulkan: - Add antialising for gradients - Do less work on clipped away nodes - Redo image uploading - Support different image depths and formats - Add a pipeline cache + Demos: - gtk4-demo: Improve window sizing - gtk4-demo: Improve focus behavior - gtk4-demo: Add many missing a11y properties + Tools: gtk4-builder-tool: Make render an alias screenshot + Inspector: - Show more information in the a11y tab - Add an accessibility overlay with warnings and recommendations - Limit the width of the a11y tab + Build: - Require GLib 2.76 - Make asan builds work again - Fix the build if ld is not ld.bdf + Updated translations. - Update to version 4.10.5: + Fix ordering problems with filter model signals + Avoid lingering resize cursors + Fix alignment issues on sparc + Fix a problem with CSS corner values + Updated translations. ==== gupnp ==== Version update (1.6.4 -> 1.6.5) - Update to version 1.6.5: + Fix build with meson 1.2 - Drop patches fixed upstream: + a10c57bd.patch + 884639bd.patch ==== harfbuzz ==== Version update (8.0.1 -> 8.1.1) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 8.1.1: + Fix shaping of contextual rules at the end of string, introduced in 8.1.0. + Fix stack-overflow in repacker with malicious fonts. + 30% speed up loading Noto Duployan font. - Update to version 8.1.0: + Fix long-standing build issue with the AIX compiler and older Apple clang. + Revert optimization that could cause timeout during subsetting with malicious fonts. + More optimization work: - 45% speed up in shaping Noto Duployan font. - 10% speed up in subsetting Noto Duployan font. - Another 8% speed up in shaping Gulzar. - 5% speed up in loading Roboto. + New API: +hb_ot_layout_collect_features_map(). ==== hwdata ==== Version update (0.372 -> 0.373) - update to 0.373: * Update pci, usb and vendor ids ==== imlib2 ==== Version update (1.11.1 -> 1.12.0) Subpackages: imlib2-loaders libImlib2-1 - Update to 1.12.0: * test_load2: make error messages more descriptive * Y4M loader: fix support for 420 colorspaces * Y4M loader: add support for images with unexpected aspects * imlib2_view: Avoid potential use of uninitialized data * GIF loader: Enable showing animated images even if truncated * Introduce __imlib_perror() to produce error messages * loaders: Use common function to print error messages * imlib2_load: Move time_us() to separate file * imlib2_conv: Add option to time save operations * test: Fix pr_info() when not printing to stdout * loading: Enable calling function on loader load/unload * HEIF loader: Call heif_[de]init() on loader load/unload * autofoo: Don't check for freetype if we are building without text * QOI loader: Add progress calback, indent, cosmetics * Loaders: Static constify some data that may as well be * TGA loader: Fix TGA v2.0 signature check * test: Add basic qoi checks * test_scale: Test scaling some more * scaling: Unifdef OLD_SCALE_DOWN * scaling: Correct scaleinfo array length * scaling: Move scaling function call sequence into common __imlib_Scale() * scaling: Cosmetics (comments) * scaling: Simplify scaling points calculation (eliminate j) * scaling: Change ypoints[] from pointers to indices * scaling: Cosmetics * scaling: Minor refactoring * scaling: Correct scaling up * test_scale: Update for new scaling * image: Fix missing munmap() when using imlib_load_image_fd() * image: Fix potentially using incorrect file size * file: Remove a couple of unused functions * image: Fix potentially using incorrect file size - fixup * test: Bypass wrappers when running tests * test_load: Minor fix in debug message * Add new raw loader * TIFF loader: Slightly more strict signature check * image: Use sub-second time info when available * image: Fix preservation of alpha chanel flag in imlib_clone_image() * image cache: Avoid negative refcounts * image cache: Drop redundant cleanup * image cache: Rework cleanup * Revert "scaling: Correct scaling up" * Revert "test_scale: Update for new scaling" * scaling: Various trivial changes * scaling: Improve non-AA scale-up case * scaling: Correct scaling up - take 2 * test_scale: Update for new scaling (re-applied) * test_scale: Exercise non-AA path too * WEBP saver: allow lossless and respect compression tag * add a new QOI decoder * QOI loader: fix build on non-gnu compilers * QOI loader: use memcmp for magic and endmarker check * Y4M loader: check file size before magic check * loading: add some debug logs * loading: check for alloc failure * Y4M loader: use custom y4m parser * test_load: allow y4m memory loading * file: Remove unused functions some more * introduce imlib_image_decache_file() ==== installation-images-MicroOS ==== Version update (17.90 -> 17.91) - merge gh#openSUSE/installation-images#652 - add reset-rzg2l-usbphy-ctrl module (bsc#1213805) - 17.91 ==== kactivities-stats ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kactivities5 ==== Version update (5.108.0 -> 5.109.0) Subpackages: kactivities5-imports libKF5Activities5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== karchive ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Support reading file sizes from ZIP64 extended fields * Add explicit moc includes to sources for moc-covered headers ==== kauth ==== Version update (5.108.0 -> 5.109.0) Subpackages: libKF5Auth5 libKF5Auth5-lang libKF5AuthCore5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kbookmarks ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kcmutils ==== Version update (5.108.0 -> 5.109.0) Subpackages: kcmutils-imports libKF5KCMUtils5 libKF5KCMUtilsCore5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kcodecs ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kcompletion ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kconfig ==== Version update (5.108.0 -> 5.109.0) Subpackages: kconf_update5 libKF5ConfigCore5 libKF5ConfigGui5 libKF5ConfigQml5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kconfigwidgets ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kcoreaddons ==== Version update (5.108.0 -> 5.109.0) Subpackages: libKF5CoreAddons5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * kurlmimedata: limit amount of in-flight FDs for portal submission (kde#472716) * Remove code variants for building with Qt 6 * kurlmimedata: don't portal symlinks (kde#464225) * KSignalHandler: possibility to register signal handler as early as possible * Add explicit moc includes to sources for moc-covered headers ==== kcrash ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * On windows, look for drkonqi.exe ==== kdbusaddons ==== Version update (5.108.0 -> 5.109.0) Subpackages: kdbusaddons-tools libKF5DBusAddons5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kdeclarative ==== Version update (5.108.0 -> 5.109.0) Subpackages: kdeclarative-components libKF5CalendarEvents5 libKF5Declarative5 libKF5QuickAddons5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Remove code variants for building with Qt 6 * Add explicit moc includes to sources for moc-covered headers ==== kded ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kdelibs4support ==== Version update (5.108.0 -> 5.109.0) Subpackages: libKF5KDELibs4Support5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kdesu ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * SuProcess: Disable echo in the PTY before starting sudo (kde#452532) * PtyProcess: Allow calling enableLocalEcho before PTY creation ==== kdnssd-framework ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kdoctools ==== Version update (5.108.0 -> 5.109.0) Subpackages: libKF5DocTools5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - No code change since 5.108.0 ==== kernel-firmware ==== Version update (20230724 -> 20230814) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20230814 (git commit 0e048b061bde): * amdgpu: DMCUB updates for various AMDGPU asics * Revert "amdgpu: partially revert firmware for GC 11.0.0 and GC 11.0.2" * amdgpu: partially revert firmware for GC 11.0.0 and GC 11.0.2 * cirrus: Add CS35L41 firmware for HP G11 models * linux-firmware: Update AMD cpu microcode * rtl_bt: Add firmware v2 file for RTL8852C * Revert "rtl_bt: Update RTL8852C BT USB firmware to 0x040D_7225" * amdgpu: DMCUB updates for various AMDGPU asics * cxgb4: Update firmware to revision 1.27.4.0 * Mellanox: Add new mlxsw_spectrum firmware xx.2012.1012 * linux-firmware: Add URL for latest FW binaries for NXP BT chipsets * rtw89: 8851b: update firmware to v0.29.41.1 * qcom: sdm845: add RB3 sensors DSP firmware - Drop the obsoleted patch amd-ucode-CVE-2023-20569.patch - Update AMD 19h ucode for "Inception" (bsc#1213287, CVE-2023-20569) amd-ucode-CVE-2023-20569.patch - Update to version 20230731 (git commit 253cc179d849): * amdgpu: Update DMCUB for DCN314 & Yellow Carp * ice: add LAG-supporting DDP package * i915: Update MTL DMC to v2.13 * i915: Update ADLP DMC to v2.20 * cirrus: Add CS35L41 firmware for Dell Oasis Models * copy-firmware: Fix linking directories when using compression * copy-firmware: Fix test: unexpected operator * qcom: sc8280xp: LENOVO: remove directory sym link * qcom: sc8280xp: LENOVO: Remove execute bits ==== kernel-source ==== Version update (6.4.6 -> 6.4.11) - Linux 6.4.11 (bsc#1012628). - tpm: Disable RNG for all AMD fTPMs (bsc#1012628). - tpm: Add a helper for checking hwrng enabled (bsc#1012628). - ksmbd: validate command request size (bsc#1012628). - ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() (bsc#1012628). - KVM: SEV: snapshot the GHCB before accessing it (bsc#1012628). - KVM: SEV: only access GHCB fields once (bsc#1012628). - wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems() (bsc#1012628). - wifi: rtw89: fix 8852AE disconnection caused by RX full flags (bsc#1012628). - selftests: forwarding: Set default IPv6 traceroute utility (bsc#1012628). - wireguard: allowedips: expand maximum node depth (bsc#1012628). - mmc: moxart: read scr register without changing byte order (bsc#1012628). - mmc: sdhci-f-sdh30: Replace with sdhci_pltfm (bsc#1012628). - ipv6: adjust ndisc_is_useropt() to also return true for PIO (bsc#1012628). - selftests: mptcp: join: fix 'delete and re-add' test (bsc#1012628). - selftests: mptcp: join: fix 'implicit EP' test (bsc#1012628). - mptcp: avoid bogus reset on fallback close (bsc#1012628). - mptcp: fix disconnect vs accept race (bsc#1012628). - dmaengine: pl330: Return DMA_PAUSED when transaction is paused (bsc#1012628). - dmaengine: xilinx: xdma: Fix interrupt vector setting (bsc#1012628). - net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1012628). - ACPI: resource: Add IRQ override quirk for PCSpecialist Elimina Pro 16 M (bsc#1012628). - zram: take device and not only bvec offset into account (bsc#1012628). - io_uring/parisc: Adjust pgoff in io_uring mmap() for parisc (bsc#1012628). - parisc: Fix lightweight spinlock checks to not break futexes (bsc#1012628). - riscv: Start of DRAM should at least be aligned on PMD size for the direct mapping (bsc#1012628). - riscv/kexec: load initrd high in available memory (bsc#1012628). - riscv,mmio: Fix readX()-to-delay() ordering (bsc#1012628). - riscv/kexec: handle R_RISCV_CALL_PLT relocation type (bsc#1012628). - riscv: mm: fix 2 instances of -Wmissing-variable-declarations (bsc#1012628). - nvme: fix possible hang when removing a controller during error recovery (bsc#1012628). - nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1012628). - nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1012628). - nvme-pci: add NVME_QUIRK_BOGUS_NID for Samsung PM9B1 256G and 512G (bsc#1012628). - drm/nouveau/gr: enable memory loads on helper invocation on all channels (bsc#1012628). - drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (bsc#1012628). - drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (bsc#1012628). - drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (bsc#1012628). - drm/amd/pm: correct the pcie width for smu 13.0.0 (bsc#1012628). - drm/amd/display: check attr flag before set cursor degamma on DCN3+ (bsc#1012628). - tpm: tpm_tis: Fix UPX-i11 DMI_MATCH condition (bsc#1012628). - cpuidle: dt_idle_genpd: Add helper function to remove genpd topology (bsc#1012628). - cpuidle: psci: Move enabling OSI mode after power domains creation (bsc#1012628). - io_uring: correct check for O_TMPFILE (bsc#1012628). - zsmalloc: fix races between modifications of fullness and isolated (bsc#1012628). - hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (bsc#1012628). - radix tree test suite: fix incorrect allocation size for pthreads (bsc#1012628). - cpufreq: amd-pstate: fix global sysfs attribute type (bsc#1012628). - fs/proc/kcore: reinstate bounce buffer for KCORE_TEXT regions (bsc#1012628). - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (bsc#1012628). - accel/ivpu: Add set_pages_array_wc/uc for internal buffers (bsc#1012628). - hugetlb: do not clear hugetlb dtor until allocating vmemmap (bsc#1012628). - mm/damon/core: initialize damo_filter->list from damos_new_filter() (bsc#1012628). - selftests: mm: ksm: fix incorrect evaluation of parameter (bsc#1012628). - mm: memory-failure: fix potential unexpected return value from unpoison_memory() (bsc#1012628). - mm: memory-failure: avoid false hwpoison page mapped error info (bsc#1012628). - drm/amd/pm: expose swctf threshold setting for legacy powerplay (bsc#1012628). - drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (bsc#1012628). ... changelog too long, skipping 1486 lines ... - commit 02597d2 ==== keylime ==== Version update (7.3.0 -> 7.4.0) Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python311-keylime - Add BSD-3-Clause license - Update to version v7.4.0 (CVE-2023-38200, bsc#1213310): * Monthly release (7.4.0) * codestyle: Fix tsa_rfc3161.py and have it pyright checked * installer.sh: support Anolis OS whose ID is anolis * tpm_util: Add the BSD license to the file due to functions from TPM 2 code * codestyle: Have pyright check keylime/da directory * docs: add missing options for verifier, remove vactivate * codestyle: Have pyright check mba/elchecking/ except for example.py * registrar_common: fix style complain * registrar_common: fix missing select and sock * Changes to script create_runtime_policy.sh, fixes #1426 * tenant: non-zero exit code in case of error * mba: making MBA policy parser and checker pluggable * create_runtime_policy: fix bash typo * Extend Registrar SSL socket to be non-blocking * Several improvements for the "create_runtime_policy.sh" script * tpm_util: Replace a logger.error with an Exception in case of invalid signature * tpm_util: Remove useless comparison of always identical hashes * tests: Disable Packit CI on Rawhide due to infra issues * adding kubectl to tenant docker image ==== kfilemetadata5 ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Remove awkward warning message also from Exiv2 autotests * Add explicit moc includes to sources for moc-covered headers ==== kglobalaccel ==== Version update (5.108.0 -> 5.109.0) Subpackages: kglobalaccel5 libKF5GlobalAccel5 libKF5GlobalAccelPrivate5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kguiaddons ==== Version update (5.108.0 -> 5.109.0) Subpackages: libKF5GuiAddons5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * fix google-maps-geo-handler * Add explicit moc includes to sources for moc-covered headers ==== kholidays ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Update Swedish holidays * Add explicit moc includes to sources for moc-covered headers ==== khtml ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== ki18n ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kiconthemes ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Do not automatically set breeze as the fallback theme on Android * Remove code variants for building with Qt 6 * Add explicit moc includes to sources for moc-covered headers ==== kidletime ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kimageformats ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * psd: Fix UB type punning (kde#471829) * Treat 3-channel MCH images as CMY images * Add explicit moc includes to sources for moc-covered headers ==== kinit ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * This framework needs a new maintainer * Add explicit moc includes to sources for moc-covered headers ==== kio ==== Version update (5.108.0 -> 5.109.0) Subpackages: kio-core - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Use switcheroo-control to find discrete GPUs (kde#449106) * file: preserve mode on put (kde#471539) * KFileWidget: Use targetUrl to extract urls, better handle absolute urls cases (kde#459485) * Add explicit moc includes to sources for moc-covered headers * KFileWidget: better exclude string that may look like Urls (kde#473228) ==== kirigami2 ==== Version update (5.108.0 -> 5.109.0) Subpackages: libKF5Kirigami2-5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Change Instantiator to Repeater in NavigationTabBar * Avatar: Always use uppercase initials * Add explicit moc includes to sources for moc-covered headers ==== kitemmodels ==== Version update (5.108.0 -> 5.109.0) Subpackages: kitemmodels-imports libKF5ItemModels5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kitemviews ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kjobwidgets ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kjs ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * setitimer(, NULL, ) is not supported. glibc will immediately coredump. * Add explicit moc includes to sources for moc-covered headers ==== kmod ==== Subpackages: kmod-bash-completion libkmod2 - Remove compatibility patches, add README.usrmerge (boo#1212835). * Delete Provide-fallback-for-successfully-running-make-modules_install.patch * Delete compat-module_directory-module_prefix.patch ==== knewstuff ==== Version update (5.108.0 -> 5.109.0) Subpackages: knewstuff-imports libKF5NewStuff5 libKF5NewStuffCore5 libKF5NewStuffWidgets5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Remove code variants for building with Qt 6 * Add explicit moc includes to sources for moc-covered headers ==== knotifications ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== knotifyconfig ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kpackage ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * KPackageTool: Show deprecation warning when metadata.desktop file is used * Add explicit moc includes to sources for moc-covered headers ==== kparts ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kpeople5 ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * QML plugin: use KPeople namespace meta object, instead of duplicating * Add explicit moc includes to sources for moc-covered headers ==== kpty ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Remove code variants for building with Qt 6 * Add explicit moc includes to sources for moc-covered headers ==== kquickcharts ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== krunner ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * runnerpython cgit.kde.org does not exist * Add explicit moc includes to sources for moc-covered headers ==== kservice ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== ktexteditor ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Remove code variants for building with Qt 6 * completion: Fix only start chars of items are matched * Fix chaotic up/down cursor movement in Block Selection Mode * Fix backspace behavior for empty lines with cursor beyond line’s end (block selection mode) * Add explicit moc includes to sources for moc-covered headers ==== ktextwidgets ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kunitconversion ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kwallet ==== Version update (5.108.0 -> 5.109.0) Subpackages: kwallet-tools kwalletd5 libKF5Wallet5 libkwalletbackend5-5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kwayland ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers * Unbreak build where XLib's Bool definition harms moc generated code ==== kwidgetsaddons ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Remove code variants for building with Qt 6 * Add explicit moc includes to sources for moc-covered headers ==== kwindowsystem ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== kxmlgui ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== less ==== Version update (633 -> 643) - Update to 643: * Fix problem when a program piping into less reads from the tty, like sudo asking for password (github #368). * Fix search modifier ^E after ^W. * Fix bug using negated (^N) search (github #374). * Fix bug setting colors with -D on Windows build (github #386). * Fix reading special chars like PageDown on Windows (github #378). * Fix mouse wheel scrolling on Windows (github #379). * Fix erroneous EOF when terminal window size changes (github #372). * Fix compile error with some definitions of ECHONL (github #395). * Fix crash on Windows when writing logfile (github #405). * Fix regression in exit code when stdin is /dev/null and output is a file (github #373). * Add lesstest test suite to production release (github #344). * Change lesstest output to conform with automake Simple Test Format (github #399). ==== libKF5ModemManagerQt ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== libKF5NetworkManagerQt ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== libadwaita ==== Version update (1.3.3 -> 1.3.4) Subpackages: libadwaita-1-0 typelib-1_0-Adw-1 - Update to version 1.3.4: + AdwAboutWindow: Fix :translator-credits property + AdwComboRow: Fix accessible role on the dropdown arrow + AdwEntryRow: Fix accessibility + AdwLeaflet: Fix back/forward mouse button handling + AdwTabBar: Fix accessibility + AdwTabThumbnail: - Fix duplicate thumbnail during transitions - Fix the transition curve + AdwViewSwitcher: Set correct accessible role for icons + AdwWindowTitle: Fix initial title visibility + Stylesheet: - Fix .card buttons within .osd - Fix single-item menu height ==== libcloudproviders ==== Version update (0.3.1 -> 0.3.2) - Update to version 0.3.2: + No upstream changes provided. ==== libcontainers-common ==== Version update (20230214 -> 20230814) Subpackages: libcontainers-default-policy - New release 20230814 - bump c/storage to 1.48.0 * Bump to v1.47.0 * Fix error if continueWrite/continueRead pipe open fails * pkg/regexp: make sure that &Regexp implements the interfaces * Remove use of fillGo18FileTypeBits - bump c/image to 5.27.0 * fix(deps): update module github.com/docker/docker to v23.0.3+incompatible * fix(deps): update module golang.org/x/term to v0.7.0 * fix(deps): update module github.com/klauspost/compress to v1.16.4 * fix(deps): update module github.com/sigstore/sigstore to v1.6.1 * chore(deps): update dependency containers/automation_images to v20230405 * fix(deps): update module golang.org/x/crypto to v0.8.0 * fix(deps): update module golang.org/x/oauth2 to v0.7.0 * fix(deps): update module github.com/containers/storage to v1.46.1 * fix(deps): update module github.com/sigstore/sigstore to v1.6.2 * Don't completely silently ignore non-OCI manifests in OCI layouts * fix(deps): update module github.com/klauspost/compress to v1.16.5 * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.4.0 * fix(deps): update module github.com/docker/docker to v23.0.4+incompatible - bump c/common to 0.55.3 * Change default image volume mode to "nullfs" on FreeBSD * [v0.55][CI-DOCS] remove zstd:chunked from docs * libimage: harden lookup by digest * libimage: HasDifferentDigest: add InsecureSkipTLSVerify option ==== libdnf ==== Version update (0.70.1 -> 0.70.2) Subpackages: libdnf-repo-config-zypp libdnf2 - Update to 0.70.2: * Support "proxy=none" in main config (RhBug:2155713) * Fix #1558: Don't assume inclusion of cstdint * Disconnect monitors in dnf_repo_loader_finalize() (RhBug:2070153) ==== libgweather4 ==== Version update (4.2.0 -> 4.3.2) Subpackages: gweather4-data libgweather-4-0 typelib-1_0-GWeather-4_0 - Update to version 4.3.2: + Fix fallback metric unit detection logic + Documentation fixes + Performance improvements for nearest location lookups + Location database changes + Updated translations. ==== libimobiledevice ==== Version update (1.3.0+179git.20230430 -> 1.3.0+190git.20230705) - Update to version 1.3.0+190git.20230705: * tools/idevicecrashreport: Silence compiler warning * Silence (v)asprintf related compiler warnings * Updated OpenSSL-specific code to use OpenSSL 3.0+ API * 3rd_party/libsrp6a-sha512: Updated to work with OpenSSL 3.0+ API * 3rd_party/libsrp6a-sha512: Update function definitions to modern style * 3rd_party/ed25519: Silence compiler warning about missing return value for fread * tools/idevicedebug: Add missing default case for switch statement * tools/idevicedevmodectl: Add missing include * idevice: Add missing include for Windows * idevice: Fix network address handling in other code paths too * idevice: Use network addresses as is from what we get from (lib)usbmuxd - restrict to Cython < 3 ==== liblc3 ==== Version update (1.0.3 -> 1.0.4) - Update to version 1.0.4: + Enhancement: Add fuzzing test harness. + Fixes: Gain adjustment during second quantization phase can exceed minimum gain (introduce distortion at high bitrate). ==== libpaper ==== Version update (2.1.0 -> 2.1.1) Subpackages: libpaper-tools libpaper2 - Update to 2.1.1: * This release fixes the -N flag of paperconf. ==== libplacebo ==== Version update (6.292.0 -> 6.292.1) - Update libplacebo to version 6.292.1. See details in: https://code.videolan.org/videolan/libplacebo/-/tags/v6.292.1 ==== libselinux ==== Subpackages: libselinux1 selinux-tools - Do not BuildRequire swig and ruby-devel in the main build phase: those are only needed for the bindings. - (bsc#1212618) Divide libselinux and libselinux-bindings again. libselinux itself is in Ring0 so it has to have absolutely minimal dependencies, so it is better to separate libselinux-bindings into a separate pacakge. - Fix python packaging by setting the name to a fixed value - Remove separate libselinux-bindings SPEC file (bsc#1212618). - Add explicit BuildRequires for python3-pip and python3-wheel on 15.5, currently the macros don't do the right thing - allow building this with different python versions, to make this usable for the new sle15 macro (using python3.11) - Add python-wheel build dependency to build correctly with latest python-pip version. ==== libsemanage ==== Subpackages: libsemanage-conf libsemanage2 - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. - Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because of LTO - Enable LTO now (boo#1138812). ==== libsoup2 ==== - Add upstream bug fixes: + 4d12c3e5.patch: lib: Add g_task_set_source_tag() everywhere + 48b3b611.patch: lib: Add names to various GSources - Drop no longer valid translation-update-upstream BuildRequires and macro. - Use ldconfig_scriptlets macro for post(un) handling. ==== libssh ==== Subpackages: libssh-config libssh4 - Add fix to spec file for the incorrect include path as a result of the default openSSH move to /usr/etc, (boo#1211718). ==== libstorage-ng ==== Version update (4.5.133 -> 4.5.136) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Indonesian) (bsc#1149754) - 4.5.136 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.135 - Translated using Weblate (Catalan) (bsc#1149754) - 4.5.134 ==== libxmlb ==== Version update (0.3.11 -> 0.3.13) - Update to 0.3.13: * Use indexes when binding value * Correctly tokenize when using a bound text value * Ensure tokens are all NULL when using xb_opcode_init() * Avoid building errors and debug strings when possible to make XbQuery faster * Fix content type detection on macOS * Inline a number of machine internals to make queries faster * Make zstd support optional * Setup various release build options ==== libzypp ==== Version update (17.31.17 -> 17.31.19) - Fix zypp-tui/output/Out.h to build with clang. - Fix zypp/Arch.h for clang (fixes #478) Clang seems to have issues with picking the overload in std::men_fn if there is a static overload of a member function. We need to explicitely specify the correct type of the function pointer. To make sure this would not break compiling a application with clang that builds against libzypp this patch works around the problem. - version 17.31.19 (22) - SINGLE_RPMTRANS: Respect ZYPP_READONLY_HACK when checking the zypp-rpm lock (fixes openSUSE/openSUSE-repos#29) - version 17.31.18 (22) ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) + bug-1214071-blkdeactivate_calls_wrong_mountpoint.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) + bug-1214071-blkdeactivate_calls_wrong_mountpoint.patch ==== man ==== Version update (2.10.2 -> 2.11.2) - Update to 2.11.2: * Fix compile and test failures when `troff` is not `groff`. * Fix segfault in typical uses of `man` when `nroff` is not installed. * Fix crash in `mandb` when processing stray cats. * SECURITY: Replace `$` characters in page names with `?` when constructing `less` prompts. * Silence error message when processing an empty manual page hierarchy with a nonexistent cache directory. * `man(1)` now sorts whatis references below real pages, even if the whatis references are from a section with higher priority. * `mandb` now correctly records filters in the database if it uses cached whatis information. * Upgrade Gnulib, fixing syntax error on glibc systems with GCC 11. * The `CATWIDTH` configuration file directive now overrides `MINCATWIDTH` and `MAXCATWIDTH`. * Database entries for links were often incorrectly stored as if they were entries for the ultimate source of the page. They are now stored with the correct type. * Store links in the database using the section and extension of the link rather than of the ultimate source file. * Consider pages for adding to the database even if they seem to already exist; this performance optimization is no longer needed due to caching, and it produced inconsistent results in some unusual cases. * `man` now runs any required preprocessors in the same order that `groff` does, rather than trusting the order of filters in a page's preprocessor string. * Fix building on MinGW. (I haven't been able to test this; help from MinGW experts would be welcome.) Improvements: * Check for stray cats even if no manual pages in a given manpath were changed. * Add section `3type` to the default section list just after `2`. This is used by the Linux man-pages package. * Recognize more Hungarian translations of the `NAME` section. * Add more recognized case variants for localized versions of the `NAME` section. * Maintain multi keys in sorted order, improving database reproducibility. * Pick a more consistent name for the target of a whatis entry in the database. * Extend rules for when to replace one database entry with another, producing more stable behaviour. * Fully reorganize databases after writing them, allowing the reproduction of bitwise-identical databases regardless of scan order (at least with GDBM). - Port patches * man-db-2.6.3-chinese.dif * man-db-2.6.3-listall.dif * man-db-2.7.1-zio.dif * man-db-2.9.4-alternitive.dif * man-db-2.9.4-no-chown.patch * man-db-2.9.4.patch * man-propose-online.patch ==== mokutil ==== - Remove modhash (bsc#1214358) + The modhash script is rarely used and it's impractical to block a kernel module with the hash. ==== mozjs102 ==== Version update (102.12.0 -> 102.14.0) - Update to version 102.14.0: + Various security fixes and other quality improvements. + CVE-2023-4045: Offscreen Canvas could have bypassed cross-origin restrictions. + CVE-2023-4046: Incorrect value used during WASM compilation. + CVE-2023-4047: Potential permissions request bypass via clickjacking. + CVE-2023-4048: Crash in DOMParser due to out-of-memory conditions. + CVE-2023-4049: Fix potential race conditions when releasing platform objects. + CVE-2023-4050: Stack buffer overflow in StorageManager. + CVE-2023-4054: Lack of warning when opening appref-ms files. + CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar state. + CVE-2023-4056: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14. - Changes from version 102.13.0: + Various security fixes and other quality improvements. + CVE-2023-37201: Use-after-free in WebRTC certificate generation + CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey + CVE-2023-37207: Fullscreen notification obscured + CVE-2023-37208: Lack of warning when opening Diagcab files + CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 ==== mutter ==== - Add mutter-revert-window_draw_issues.patch: Revert commit 43cee4b6: Do clipped redraws when drawing offscreen (boo#1210744, glgo#GNOME/mutter#2771). - Disable %autopatch on SLE which has not the macro ready. - Rebase mutter-SLE-bsc984738-grab-display.patch. - Drop mutter-Lower-HIDPI_LIMIT-to-144.patch (fate#326682, bsc#112546). The upstream has reworked the logic of scale factor selection based on actual screen size, see: https://gitlab.gnome.org/GNOME/mutter/-/commit/2f1dd049bfbbb60e0b3c2351e9ba1d014205551f ==== ncurses ==== Version update (6.4.20230715 -> 6.4.20230812) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20230812 + add/use putty+cursor to reflect amending of modified cursor-keys in 2021 -TD + add ecma+strikeout to putty -TD + add functions to query tty-flags in SCREEN (request by Bill Gray). - Add ncurses patch 20230805 + fix a few manpages needing tbl marker, seen by lintian warning. + fixes for compiler-warnings. + minor grammatical fix for manpages (Branden Robinson). - Add ncurses patch 20230729 + improve manpages for wgetnstr() and wget_wnstr(). + modify MinGW configuration to provide for running in MSYS/MSYS2 shells, assuming ConPTY support (patch by Pavel Fedin). + add assignment in CF_MAN_PAGES to fill in value for TERMINFO_DIRS in ncurses, terminfo and tic manpages (patch by Sven Joachim). - Add ncurses patch 20230722 + add "auto" default for --with-xterm-kbs configure option. ==== openssl-3 ==== Version update (3.1.1 -> 3.1.2) Subpackages: libopenssl3 - Update to 3.1.2: * Fix excessive time spent checking DH q parameter value (bsc#1213853, CVE-2023-3817). The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. If DH_check() is called with such q parameter value, DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally intensive checks are skipped. * Fix DH_check() excessive time with over sized modulus (bsc#1213487, CVE-2023-3446). The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ("p" parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. A new limit has been added to DH_check of 32,768 bits. Supplying a key/parameters with a modulus over this size will simply cause DH_check() to fail. * Do not ignore empty associated data entries with AES-SIV (bsc#1213383, CVE-2023-2975). The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. The fix changes the authentication tag value and the ciphertext for applications that use empty associated data entries with AES-SIV. To decrypt data encrypted with previous versions of OpenSSL the application has to skip calls to EVP_DecryptUpdate() for empty associated data entries. * When building with the enable-fips option and using the resulting FIPS provider, TLS 1.2 will, by default, mandate the use of an extended master secret (FIPS 140-3 IG G.Q) and the Hash and HMAC DRBGs will not operate with truncated digests (FIPS 140-3 IG G.R). * Update openssl.keyring with the OTC members that sign releases * Remove openssl-z16-s390x.patch fixed upstream in https://github.com/openssl/openssl/pull/21284 * Remove security patches fixed upstream: - openssl-CVE-2023-2975.patch - openssl-CVE-2023-3446.patch - openssl-CVE-2023-3446-test.patch ==== openssl ==== Version update (3.1.1 -> 3.1.2) - Update to 3.1.2 ==== opensuse-welcome ==== Version update (0.1.9+git.0.66be0d8 -> 0.1.9+git.35.4b9444a) - Update to version 0.1.9+git.35.4b9444a: * panellayouter: use QTemporaryFile for applyLayout() (bsc#1213708, CVE-2023-32184). * Translation updates. ==== openvpn ==== Version update (2.6.5 -> 2.6.6) Subpackages: openvpn-auth-pam-plugin - update to 2.6.6: * configure.ac: fix typ0 in LIBCAPNG_CFALGS * Avoid unused function warning/error on FreeBSD (and potientially others) * fix warning with gcc 12.2.0 (compiler bug?) * Fix CR_RESPONSE mangaement message using wrong key_id * Print a more user-friendly error when tls-crypt-v2 client auth fails * Ignore Ipv6 route delete request on Android and set ipv4 verbosity to 7 * Revert commit 423ced962d * Implement using --peer-fingerprint without CA certificates * show extra info for OpenSSL errors * dist: add more missing files only used in the MSVC build * dist: Include all documentation in distribution * unit_tests: Add missing cert_data.h to source list for unit tests * test_tls_crypt: Improve mock() usage to be more portable * Remove old Travis CI related files * options: Do not hide variables from parent scope * pkcs11_openssl: Disable unused code * route: Fix overriding return value of add_route3 ==== osinfo-db ==== Version update (20230518 -> 20230719) - Update to database version 20230719 osinfo-db-20230719.tar.xz - Add support for SLE 15-SP6 add-sle15sp6-support.patch - Add support for SLE Micro 5.5 add-slem5.5-support.patch - Drop patches contained in new tarball add-opensuse-leap-15.5-support.patch add-sle15sp5-support.patch add-slem5.3-support.patch add-slem5.4-support.patch ==== pam ==== - pam_access backports from upstream: - pam_access-doc-IPv6-link-local.patch: Document only partial supported IPv6 link local addresses - pam_access-hostname-debug.patch: Don't print error if we cannot resolve a hostname, does not need to be a hostname - pam_shells-fix-econf-memory-leak.patch: Free econf keys variable - disable-examples.patch: Don't build examples ==== pam-full-src ==== - pam_access backports from upstream: - pam_access-doc-IPv6-link-local.patch: Document only partial supported IPv6 link local addresses - pam_access-hostname-debug.patch: Don't print error if we cannot resolve a hostname, does not need to be a hostname - pam_shells-fix-econf-memory-leak.patch: Free econf keys variable - disable-examples.patch: Don't build examples ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-documentation patterns-base-enhanced_base patterns-base-minimal_base patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced - move udev-configure-printer from enhanced_base to x11_enhanced Currently it pulls in Cups and Mesa dependencies the first is probably not really needed by default on servers and the second is certainly not desired there. Originally it was included for livecd's ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Add ucode-{amd,intel} to the hardware pattern ==== perl ==== Version update (5.36.1 -> 5.38.0) Subpackages: perl-base - Update to perl 5.38.0 * new "class" feature * support for unicode 15.0 * defined-or and logical-or assignment default expressions in signatures * optimistic eval in patterns * readline() no longer clears the stream error and eof flags * "INIT" blocks no longer run after an "exit()" in "BEGIN" * utf8::upgrade() keeps the undef value * deprecation of ' as package name separator * deprecation of the smart match operator * PERL_USE_SAFE_PUTENV is now the default - Rebase perl-5.36.0.diff to perl-5.38.0.diff - Refresh perl_skip_flaky_tests_powerpc.patch ==== perl-LWP-Protocol-https ==== Version update (6.10 -> 6.110.0) - Remove CVE-2014-3230.patch, upstream was fixed. CVE-2014-3230, Debian #746576 - Update LWP-Protocol-https-6.09-systemca.diff - updated to 6.11 see /usr/share/doc/packages/perl-LWP-Protocol-https/Changes 6.11 2023-07-09 15:10:30Z - Remove Authority section from dist.ini (GH#64) (Olaf Alders) - Add very basic diagnostic information via test (GH#73) (Olaf Alders) - CVE-2014-3230 - don't disable verification if only hostnames should not (GH#14) (Steffen Ullrich) - Make explicit requirement of Mozilla::CA obsolete (GH#72) (Steffen Ullrich and Olaf Alders) - Remove _in_san and _cn_match. Empty out the _check_sock hook (GH#71) (Chase Whitener) - Use warnings (GH#69) (Pete Houston) ==== pipewire ==== Version update (0.3.76 -> 0.3.77) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Fix from upstream to ensure effect and sink nodes are set to running: * 0001-context-Dont-stop-setting-runnable-when-meeting-the-driving.patch - Fix from upstream to prevent a crash when stopping a device provider: * 0001-gst-Prevent-a-crash-when-stopping-device-provider.patch - Fix from upstream to fix a regression that makes plugins/effects disappear in Carla Patchbay when there's no playback: * 0001-jack-ports-become-visible-when-the-registration-is-queued.patch * 0002-jack-handle-node.always-process-=-false-jack-nodes.patch - Fix from upstream to fix pavucontrol and plasma-pa showing duplicated sinks after resume or switching audio device profiles (boo#1214374): * 0001-pulse-server-set-all-change_mask-flags-when-removing.patch - Update to version 0.3.77: * Highlights - Fix a bug in ALSA source where the available number of samples was miscaluclated and resulted in xruns in some cases. - A new L permission was added to make it possible to force a link between nodes even when the nodes can't see eachother. - The VBAN module now supports midi send and receive as well. - Many cleanups and small fixes. * PipeWire - Global objects now only show permissions that apply to them. The permissions required to perform various API calls are documented. - A new L permission was added to make it possible to force a link between nodes even when the nodes can't see eachother. - Config files need to end with .conf. - The client.api is added the to global properties of a node. * modules - The VBAN module now supports midi send and receive as well. - Fix module-profiler alignment and make sure we don't overrun our buffers with many nodes. - Protect libcanberra calls with a mutex because it is not thread safe. * SPA - Support older compilers for spa_clear_ptr(). - Fix a bug in ALSA source where the available number of samples was miscaluclated and resulted in xruns. - Don't set inotify on /dev but on the videoX devices directly. Setting inotify on /dev would cause a lot of spurious wakeups and lock contention in the fsnotify subsystem on some benchmarks. - Audioconvert now rate limits the warnings when it runs out of buffers. * pulse-server - Some bugs and inconsistencies were fixed in device lookup. - Improve subscribe event emission, detect changes to the sink or the monitor and send the right sink/source event. * JACK - The libjack.so now has a minor version of 3 and a micro version of the pipewire version. - JACK clients will now see portregistration from other jack clients when they activate/deactivate like real JACK. * bluetooth - Use some more autoptr cleanups, fix some leaks. ==== plasma-framework ==== Version update (5.108.0 -> 5.109.0) Subpackages: libKF5Plasma5 plasma-framework-components - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * dataengine: do not emit removal signals while iterators are open (kde#446531) * Add explicit moc includes to sources for moc-covered headers ==== plasma5-desktop ==== Version update (5.27.7 -> 5.27.7.1) Subpackages: plasma5-desktop-emojier - Update to 5.27.7.1: * Panel: fix applet not returning focus after pressing applet shortcut (kde#472909) * Migrate missing key handling/accessibility features from default CompactRepresentation ==== plasma5-workspace ==== Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-libs xembedsniproxy - Add patch to fix crash when opening windows (kde#473432) * 0001-TriangleMouseFilter-check-intercepted-item-still-exi.patch * 0002-TriangleMouseFilter-also-check-optional-position-has.patch - Add patch to fix crash when closing popup on Wayland (kde#473054) * 0001-shell-avoid-potential-crash-when-previous-window-is-.patch ==== plymouth ==== Subpackages: libply-splash-core5 libply-splash-graphics5 libply5 plymouth-dracut plymouth-lang plymouth-plugin-label plymouth-plugin-two-step plymouth-scripts plymouth-theme-bgrt plymouth-theme-spinner - Remove plymouth-runstatedir-revert.patch: Tumbleweed following upstream, which already support "--runstatedir", don't need this modification anymore(jsc#PED-5841). - Add plymouth-runstatedir-revert.patch: For plymouth update successfully build in SLE-15-SP6:GA. The current edition of autoconf on SLE-15-SP6:GA don't support "--runstatedir" yet, so reverse plymouth compile option to the old "--withruntimedir" (jsc#PED-5841). ==== podman ==== Version update (4.6.0 -> 4.6.1) - Fix build error on SLE due to dangling files clause on a discarded file, README.SLE.SUSE - Fix unexpanded RPM macro error - Update to version 4.6.1: * Bump to v4.6.1 * Release notes for v4.6.1 * Vendor buildah v1.31.2 * [4.6] vendor c/common v0.55.3 * [v4.6] Remove zstd:chunked reference * [v4.6] bump golang.org/x/net to v0.13.0 * do not redefine gobuild for eln * [CI:BUILD] RPM: define gobuild macro for rhel/centos stream * [v4.6] [CI:BUILD] RPM: separate out gvproxy for copr and fedora >= 38 * System tests: add test tags * API: kill: return 409 on invalid state * Mention TimeoutStartSec in quadlet man page * If quadlets have same name, only use first * Bump to v4.6.1-dev - Discard outdated README.SUSE.SLES - Recommend gvisor-tap-vsock, required for `podmand machine` ==== prison-qt5 ==== Version update (5.108.0 -> 5.109.0) Subpackages: libKF5Prison5 prison-qt5-imports - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Remove code variants for building with Qt 6 * Add explicit moc includes to sources for moc-covered headers ==== procmail ==== Version update (3.22 -> 3.24) - Update to procmail 3.24 (New Upstream) - Don't coredump in comsat code if interrupted early - Correctly handle COMSAT=on - Once used, the 'H' and 'r' flags would never be cleared - Fix possible buffer overflow in variable-capture actions - Fix up the parsing of variable-capture actions - LMTP code assumed sizeof(long)==sizeof(int) - SHELL is now always preset to /bin/sh. USER_SHELL contains the shell from the user's passwd entry - When HOST is mismatched, reset it for the next rcfile - Always read in a new, global rcfile (/etc/procmail.conf) to allow runtime configuration of variables like DEFAULT. This rcfile cannot deliver or filter messages - Mismatched HOST in /etc/procmailrc didn't discard the message - backquote expansion in a condition disabled header concatenation for that condition - LMTP didn't correctly handle quoted localparts - Removed SIZE extension from LMTP (unsupportable semantics) - Don't coredump if unable to exec /bin/sh - Enable "+detail" processing in LMTP mode by passing the delimiter (e.g., "+") as an optional argument after -z - In LMTP mode, save the domain of the recipient in PROCMAIL_DOMAIN - Set PROCMAIL_MODE to one of "d", "m", "z", or "" to reflect the mode option it was invoked with, if any - Fixed all bugs collected by Debian and others during the past 21 years. See the git commit history for detailed descriptions. - Port patches * procmail-3.22-autoconf.dif * procmail-3.22-headerconcat.dif * procmail-3.22-ipv6.patch * procmail-3.22-mailstat.patch * procmail-3.22-owl-truncate.dif * procmail-3.22.dif * procmail-cflags.dif - Remove former Debian and SUSE patches from procmail-3.22-patches.tar.bz2 * 04 * 06 * 10 * 11 * 12 * 13 * 14 * 15 * 16 * 17 * 18 * 19 * 22 * 23 * 24 * 25 * 26 * 27 * 28 * 29 * 30 - Collect and port our patches from old procmail-3.22-patches.tar.bz2 into new procmail-3.24-patches.tar.bz2 * 01 * 02 * 03 * 05 * 07 * 08 * 09 * 20 * 21 ==== procps4 ==== Subpackages: libproc2-0 - Modify patch procps-ng-3.3.9-w-notruncate.diff to real to not truncate output of w with option -n - procps-ng-4.0.3-logind.patch: Backport from 4.x git, prefer logind over utmp (jsc#PED-3144) - procps-ng-3.3.9-w-notruncate.diff: Rebase - Add patch CVE-2023-4016.patch * CVE-2023-4016: ps buffer overflow (bsc#1214290) ==== purpose ==== Version update (5.108.0 -> 5.109.0) Subpackages: libKF5Purpose5 libKF5PurposeWidgets5 - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Remove code variants for building with Qt 6 * Add explicit moc includes to sources for moc-covered headers ==== python-M2Crypto ==== - Make tests running again. ==== python-PyYAML ==== Version update (6.0 -> 6.0.1) - update to 6.0.1: * pin Cython to < 3.0 ==== python-Pygments ==== Version update (2.15.1 -> 2.16.1) - update to version 2.16.1: * Fix native style missing from style list (#2484) - additional changes from version 2.16.0: * New lexers: + ASN.1 (#2462) + Blueprint (#2434) + BQN (#2472) + DNS zone files (#2464) + GraphQL (#2428) + Linux desktop files (following the specification of the Freedesktop group, formerly known as XDG) (#2470) + NVIDIA PTX (#2432) + OpenSCAD (#2449) + systemd (#2470) + TLS presentation language (#2455) + Verifpal (#2430) + YARA (#2453) * Updated lexers: + ASC: Add application/pem-certificate-chain mimetype (#2471) + C/C++: Refine keyword lists (#2421, #2422) + Carbon: Fix long processing times on invalid input, fix number lexing (#2454, #2456) + Elpi: Handle quotations (#2419) + Go: Support additional built-ins (#2481) + HTTP: Support empty headers (#2461), support more general methods (#2460), also recognize responses in analyse_text implementation (#2460), and highlight URL encoded data (#2465, #1620) + Igor Pro: Update to Igor Pro 9 (#2482) + lean: Recognize expressions nested within attributes (#1817) + Macaulay2: Update builtins (#2457) + Markdown: Allow extra characters after language name in code blocks (#2437) + NestedText: Update to version 3 (#2459) + scdoc: Improve language guessing implementation (#2402) + Spice: Update to latest version (#2476) + Transact SQL: Add Pre-sorted Group keyword (#2417) + Uxntal: Update for current runes (#2424) + Wikitext: Fix templates in wiki links; fix a language converter false positive; add bold italic markup (#2447) * Add Generic.EmphStrong token for bold italic markup (#2444) * Add Lightbulb style (#2474) * Improve contrast in Monokai style (#2448) * Add documentation how to create terminal code highlighting commands (#2131, #2425) * Add support for loading TrueType fonts to the ImageFormatter (#1960) ==== python-SQLAlchemy ==== - use generic Cython >= 3 buildrequires ==== python-alembic ==== Version update (1.10.4 -> 1.11.2) - update to 1.11.2: * Added typing to the default script mako templates. * Added support in autogenerate for NULLS NOT DISTINCT in * the PostgreSQL dialect. * Fixed format string logged when running a post write hook * Added parameters if_exists and if_not_exists for index operations. - update to 1.11.1: * As Alembic 1.11.0 is considered a major release (Alembic does not use semver, nor does its parent project SQLAlchemy; this has been `clarified ` in the documentation), * :ticket:`1130` modified calling signatures for most operations to consider all optional keyword parameters to be keyword-only arguments, to match what was always documented and generated by autogenerate. However, two of these changes were identified as possibly problematic without a more formal deprecation warning being emitted which were the ``table_name`` parameter to :meth:`.Operations.drop_index`, which was generated positionally by autogenerate prior to version 0.6.3 released in 2014, and ``type_`` in :meth:`.Operations.drop_constraint` and :meth:`.BatchOperations.drop_constraint`, which was documented positionally in one example in the batch documentation. * Fixed typing use of :class:`~sqlalchemy.schema.Column` and other generic SQLAlchemy classes. * Restored the output type of :meth:`.Config.get_section` to include ``Dict[str, str]`` as a potential return type, which had been changed to immutable ``Mapping[str, str]``. When a section is returned and the default is not used, a mutable dictionary is returned. * Added placeholder classes for :class:`~.sqla.Computed` and * :class:`~.sqla.Identity` when older 1.x SQLAlchemy versions are in use, namely prior to SQLAlchemy 1.3.11 when the :class:`~.sqla.Computed` construct was introduced. Previously these were set to None, however this could cause issues with certain codepaths that were using ``isinstance()`` such as one within "batch mode". * Correctly pass previously ignored arguments ``insert_before`` and ``insert_after`` in ``batch_alter_column`` * Argument signatures of Alembic operations now enforce keyword-only arguments as passed as keyword and not positionally, such as Operations.create_table.schema .Operations.add_column.type_, etc. * Fix autogenerate issue with PostgreSQL :class:`.ExcludeConstraint` that included sqlalchemy functions. The function text was previously rendered as a plain string without surrounding with ``text()``. * Fixed regression caused by :ticket:`1166` released in version 1.10.0 which caused MySQL unique constraints with multiple columns to not compare correctly within autogenerate, due to different sorting rules on unique constraints vs. indexes, which in MySQL are shared constructs. * Repaired the return signatures for :class:`.Operations` that mostly return ``None``, and were erroneously referring to ``Optional[Table]`` in many cases. * Modified the autogenerate implementation for comparing "server default" values from user-defined metadata to not apply any quoting to the value before comparing it to the server-reported default, except for within dialect-specific routines as needed. This change will affect the format of the server default as passed to the :paramref:`.EnvironmentContext.configure.compare_server_defau lt` hook, as well as for third party dialects that implement a custom ``compare_server_default`` hook in their alembic impl, to be passed "as is" and not including additional quoting. Custom implementations which rely on this quoting should adjust their approach based on observed formatting. * allow running async functions in the ``upgrade`` or ``downgrade`` migration function when running alembic using an async dialect. This function will receive as first argument an :class:`~sqlalchemy.ext.asyncio.AsyncConnection` sharing the transaction used in the migration context. ==== python-blinker ==== - Remove no-stdpy-pyc.patch - Call directly to the sphinx module with the specific python interpreter to avoid the usage of default python, bsc#1213698. ==== python-certifi ==== Version update (2023.5.7 -> 2023.7.22) - update to 2023.7.22: Added certs: [#] CN=Sectigo Public Server Authentication Root E46 O=Sectigo Limited [#] CN=Sectigo Public Server Authentication Root R46 O=Sectigo Limited [#] CN=SSL.com TLS RSA Root CA 2022 O=SSL Corporation [#] CN=SSL.com TLS ECC Root CA 2022 O=SSL Corporation [#] CN=Atos TrustedRoot Root CA ECC TLS 2021 O=Atos [#] CN=Atos TrustedRoot Root CA RSA TLS 2021 O=Atos Removed certs: [#] CN=Hongkong Post Root CA 1 O=Hongkong Post [#] CN=E-Tugra Certification Authority O=E-Tu\u011fra EBG Bili\u015fim Teknolojileri ve Hizmetleri A.\u015e. OU=E-Tugra Sertifikasyon Merkezi [#] CN=E-Tugra Global Root CA RSA v3 O=E-Tugra EBG A.S. OU=E-Tugra Trust Center [#] CN=E-Tugra Global Root CA ECC v3 O=E-Tugra EBG A.S. OU=E-Tugra Trust Center ==== python-click ==== Version update (8.1.3 -> 8.1.6) - Update to 8.1.6 * Replace all typing.Dict occurrences to typing.MutableMapping for parameter hints. #2255 * Improve type hinting for decorators and give all generic types parameters. * Fix return value and type signature of shell_completion.add_completion_class function. #2421 * Bash version detection doesn’t fail on Windows. #2461 * Completion works if there is a dot (.) in the program name. #2166 * Improve type annotations for pyright type checker. #2268 * Improve responsiveness of click.clear(). #2284 * Improve command name detection when using Shiv or PEX. #2332 * Avoid showing empty lines if command help text is empty. #2368 * ZSH completion script works when loaded from fpath. #2344. * EOFError and KeyboardInterrupt tracebacks are not suppressed when standalone_mode is disabled. #2380 * @group.command does not fail if the group was created with a custom command_class. #2416 * multiple=True is allowed for flag options again and does not require setting default=(). #2246, #2292, #2295 * Make the decorators returned by @argument() and @option() reusable when the cls parameter is used. #2294 * Don’t fail when writing filenames to streams with strict errors. Replace invalid bytes with the replacement character (�). #2395 * Remove unnecessary attempt to detect MSYS2 environment. #2355 * Remove outdated and unnecessary detection of App Engine environment. #2554 * echo() does not fail when no streams are attached, such as with pythonw on Windows. #2415 * Argument with expose_value=False do not cause completion to fail. #2336 * Fix an issue with type hints for @click.command(), @click.option(), and other decorators. Introduce typing tests. #2558 * Fix an issue with type hints for @click.group(). #2558 - Drop fix-tests.patch ==== python-cryptography ==== Version update (41.0.2 -> 41.0.3) - update to 41.0.3: * Fixed performance regression loading DH public keys. * Fixed a memory leak when using * :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20 Poly1305`. ==== python-gevent ==== Version update (22.10.2 -> 23.7.0) - update to 23.7.0: * Add preliminary support for Python 3.12, using greenlet 3.0a1. * Update the bundled c-ares version to 1.19.1. * Fix an edge case connecting a non-blocking ``SSLSocket`` that could result in an AttributeError. In a change to match the standard library, calling ``sock.connect_ex()`` on a subclass of ``socket`` no longer calls the subclass's ``connect`` method. * Make gevent's ``FileObjectThread`` (mostly used on Windows) implement ``readinto`` cooperatively. * Work around an ``AttributeError`` during cyclic garbage collection when Python finalizers (``__del__`` and the like) attempt to use gevent APIs. This is not a recommended practice, and it is unclear if catching this ``AttributeError`` will fix any problems or just shift them. * Remove support for obsolete Python versions. This is everything prior to 3.8. * Stop using ``pkg_resources`` to find entry points (plugins). Instead, use ``importlib.metadata``. * Honor ``sys.unraisablehook`` when a callback function produces an exception, and handling the exception in the hub * also* produces an exception. - drop skip-tests-in-leap.patch handle-python-ssl-changes.patch (obsolete) ==== python-jsonschema ==== Version update (4.18.4 -> 4.18.6) - update to 4.18.6: * Set a jsonschema specific user agent when automatically retrieving remote references (which is deprecated). - update to 4.18.5: * Declare support for Py3.12 ==== python-numpy ==== Version update (1.24.2 -> 1.25.2) - Use %pyproject_wheel and %pyproject_install macros - Disable broken tests in armv7l (bsc#1212710) - limit to Cython < 3 - update to 1.25.2: * Upgrade various build dependencies. * use ``-ftrapping-math`` with Clang on macOS * properly handle negative indexes in ufunc_at fast path * PyObject_IsTrue and PyObject_Not error handling in setflags * histogram small range robust * Update meson.build files from main branch * exclude min, max and round from ``np.__all__`` * Dependabot updates * Fix the signature for np.array_api.take * update OpenBLAS to an intermeidate commit * Fix reference count leak in str(scalar). * fix invalid function pointer conversion error * Factor out slow ``getenv`` call used for memory policy warning * correct URL in cirrus.star [skip cirrus] * Fix C types in scalartypes * do not modify the input to ufunc_at * Further fixes to indexing loop and added tests - Update to 1.25.1: * NumPy 1.25.1 is a maintenance release that fixes bugs and regressions discovered after the 1.25.0 release. The Python versions supported by this release are 3.9-3.11. * #23968: MAINT: prepare 1.25.x for further development * #24036: BLD: Port long double identification to C for meson * #24037: BUG: Fix reduction return NULL to be goto fail * #24038: BUG: Avoid undefined behavior in array.astype() * #24039: BUG: Ensure __array_ufunc__ works without any kwargs passed * #24117: MAINT: Pin urllib3 to avoid anaconda-client bug. * #24118: TST: Pin pydantic<2 in Pyodide workflow * #24119: MAINT: Bump pypa/cibuildwheel from 2.13.0 to 2.13.1 * #24120: MAINT: Bump actions/checkout from 3.5.2 to 3.5.3 * #24122: BUG: Multiply or Divides using SIMD without a full vector can... * #24127: MAINT: testing for IS_MUSL closes #24074 * #24128: BUG: Only replace dtype temporarily if dimensions changed * #24129: MAINT: Bump actions/setup-node from 3.6.0 to 3.7.0 * #24134: BUG: Fix private procedures in f2py modules - Skipped 1.25.0: * The NumPy 1.25.0 release continues the ongoing work to improve the handling and promotion of dtypes, increase the execution speed, and clarify the documentation. There has also been work to prepare for the future NumPy 2.0.0 release, resulting in a large number of new and expired deprecation. Highlights are: - Support for MUSL, there are now MUSL wheels. - Support the Fujitsu C/C++ compiler. - Object arrays are now supported in einsum - Support for inplace matrix multiplication (@=). * Full changelog: https://github.com/numpy/numpy/releases/tag/v1.25.0 The Python versions supported in this release are 3.9-3.11. - Remove upstream patch: * remove-deprecated-hypothesis-funcs.patch ==== python-pexpect ==== - add 31fab7b0edbe9b3401507b5dfa4db6aaf3fabca5.patch dae602d37493bae239e0e8db5b3dabafebfd59db.patch: python 3.12 compat - Fix failing test when no alias in bash is defined * add fix-fail-no-alias.patch ==== python-psutil ==== - Add logind_y2038.patch to use logind if systemd >= 254 is used, to fix the issue of ut_tv.tv_sec and the Y2038 problem. ==== python-pycups ==== - build as wheel ==== python-pyzmq ==== Version update (25.0.2 -> 25.1.1) - update to version 25.1.1: * Changes: + Allow Cython 0.29.35 to build Python 3.12 wheels (no longer require Cython 3) * Bugs fixed: + Fix builds on Solaris by including generated platform.hpp + Cleanup futures in Socket.poll() that are cancelled and never return + Fix builds with -j when numpy is present in the build env - update to version 25.1.0: * Enhancements: + Include address in error message when bind/connect fail. * Packaging changes: + Fix inclusion of some test files in source distributions. + Add Cython as a build-time dependency in build-system.requires metadata, following current recommendations of the Cython maintainers. We still ship generated Cython sources in source distributions, so it is not a strict dependency for packagers using --no-build-isolation, but pip will install Cython as part of building pyzmq from source. This makes it more likely that past pyzmq releases will install on future Python releases, which often require an update to Cython but not pyzmq itself. For Python 3.12, Cython >=3.0.0b3 is required. ==== python-referencing ==== Version update (0.30.0 -> 0.30.2) - Update to version 0.30.2: * Document why a number of private objects are documented. * Build docs with 3.11 in ReadTheDocs - Update to version 0.30.1: * Ensure submodules are checked out when building a release. * Enable another ruff ruleset. * One fewer thing in the README (which is likely less confusing). * Bump suite from `6e126a9` to `b094fe5` * [pre-commit.ci] pre-commit autoupdate * Add a few additional interlinks to the JSON Schema specification. * Make the noxfile support passing a less temporary directory for building docs. * Update requirements. * More correct listing of nox envs for the GitHub actions workflow * [pre-commit.ci] pre-commit autoupdate ==== python-semanage ==== - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. - Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because of LTO - Enable LTO now (boo#1138812). ==== python-typing_extensions ==== Version update (4.5.0 -> 4.7.1) - update to version 4.7.1: - Fix support for `TypedDict`, `NamedTuple` and `is_protocol` on PyPy-3.7 and PyPy-3.8. Patch by Alex Waygood. Note that PyPy-3.7 and PyPy-3.8 are unsupported by the PyPy project. The next feature release of typing-extensions will drop support for PyPy-3.7 and may also drop support for PyPy-3.8. - update to version 4.7.0: - This is expected to be the last feature release supporting Python 3.7, which reaches its end of life on June 27, 2023. Version 4.8.0 will support only Python 3.8.0 and up. - Fix bug where a `typing_extensions.Protocol` class that had one or more non-callable members would raise `TypeError` when `issubclass()` was called against it, even if it defined a custom `__subclasshook__` method. The correct behaviour -- which has now been restored -- is not to raise `TypeError` in these situations if a custom `__subclasshook__` method is defined. Patch by Alex Waygood (backporting https://github.com/python/cpython/pull/105976). - update to version 4.7.0rc1: - Add `typing_extensions.get_protocol_members` and `typing_extensions.is_protocol` (backport of CPython PR #104878). Patch by Jelle Zijlstra. - `typing_extensions` now re-exports all names in the standard library's `typing` module, except the deprecated `ByteString`. Patch by Jelle Zijlstra. - Due to changes in the implementation of `typing_extensions.Protocol`, `typing.runtime_checkable` can now be used on `typing_extensions.Protocol` (previously, users had to use `typing_extensions.runtime_checkable` if they were using `typing_extensions.Protocol`). - Align the implementation of `TypedDict` with the implementation in the standard library on Python 3.9 and higher. `typing_extensions.TypedDict` is now a function instead of a class. The private functions `_check_fails`, `_dict_new`, and `_typeddict_new` have been removed. `is_typeddict` now returns `False` when called with `TypedDict` itself as the argument. Patch by Jelle Zijlstra. - Declare support for Python 3.12. Patch by Jelle Zijlstra. - Fix tests on Python 3.13, which removes support for creating `TypedDict` classes through the keyword-argument syntax. Patch by Jelle Zijlstra. - Fix a regression introduced in v4.6.3 that meant that ``issubclass(object, typing_extensions.Protocol)`` would erroneously raise ``TypeError``. Patch by Alex Waygood (backporting the CPython PR https://github.com/python/cpython/pull/105239). - Allow `Protocol` classes to inherit from `typing_extensions.Buffer` or `collections.abc.Buffer`. Patch by Alex Waygood (backporting https://github.com/python/cpython/pull/104827, by Jelle Zijlstra). - Allow classes to inherit from both `typing.Protocol` and `typing_extensions.Protocol` simultaneously. Since v4.6.0, this caused `TypeError` to be raised due to a metaclass conflict. Patch by Alex Waygood. - Backport several deprecations from CPython relating to unusual ways to create `TypedDict`s and `NamedTuple`s. CPython PRs #105609 and #105780 by Alex Waygood; `typing_extensions` backport by Jelle Zijlstra. - Creating a `NamedTuple` using the functional syntax with keyword arguments (`NT = NamedTuple("NT", a=int)`) is now deprecated. - Creating a `NamedTuple` with zero fields using the syntax `NT = NamedTuple("NT")` or `NT = NamedTuple("NT", None)` is now deprecated. - Creating a `TypedDict` with zero fields using the syntax `TD = TypedDict("TD")` or `TD = TypedDict("TD", None)` is now deprecated. - Fix bug on Python 3.7 where a protocol `X` that had a member `a` would not be considered an implicit subclass of an unrelated protocol `Y` that only has a member `a`. Where the members of `X` are a superset of the members of `Y`, `X` should always be considered a subclass of `Y` iff `Y` is a runtime-checkable protocol that only has callable members. Patch by Alex Waygood (backporting CPython PR https://github.com/python/cpython/pull/105835). - update to version 4.6.3 (June 1, 2023) - Fix a regression introduced in v4.6.0 in the implementation of runtime-checkable protocols. The regression meant that doing `class Foo(X, typing_extensions.Protocol)`, where `X` was a class that had `abc.ABCMeta` as its metaclass, would then cause subsequent `isinstance(1, X)` calls to erroneously raise `TypeError`. Patch by Alex Waygood (backporting the CPython PR https://github.com/python/cpython/pull/105152). - Sync the repository's LICENSE file with that of CPython. `typing_extensions` is distributed under the same license as CPython itself. - Skip a problematic test on Python 3.12.0b1. The test fails on 3.12.0b1 due to a bug in CPython, which will be fixed in 3.12.0b2. The `typing_extensions` test suite now passes on 3.12.0b1. - update to version 4.6.2: - Fix use of `@deprecated` on classes with `__new__` but no `__init__`. Patch by Jelle Zijlstra. - Fix regression in version 4.6.1 where comparing a generic class against a runtime-checkable protocol using `isinstance()` would cause `AttributeError` to be raised if using Python 3.7. - update to version 4.6.1: - Change deprecated `@runtime` to formal API `@runtime_checkable` in the error message. Patch by Xuehai Pan. - Fix regression in 4.6.0 where attempting to define a `Protocol` that was generic over a `ParamSpec` or a `TypeVarTuple` would cause `TypeError` to be raised. Patch by Alex Waygood. - update to version 4.6.0: - `typing_extensions` is now documented at https://typing-extensions.readthedocs.io/en/latest/. Patch by Jelle Zijlstra. - Add `typing_extensions.Buffer`, a marker class for buffer types, as proposed by PEP 688. Equivalent to `collections.abc.Buffer` in Python 3.12. Patch by Jelle Zijlstra. - Backport two CPython PRs fixing various issues with `typing.Literal`: https://github.com/python/cpython/pull/23294 and https://github.com/python/cpython/pull/23383. Both CPython PRs were originally by Yurii Karabas, and both were backported to Python >=3.9.1, but ... changelog too long, skipping 69 lines ... https://github.com/python/cpython/pull/104048). Patch by Alex Waygood. ==== python311 ==== Subpackages: python311-curses python311-dbm - restrict PEP668 to ALP/Tumbleweed - add externally_managed.in to label this build as PEP-668 managed - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). (The patch is faulty, gh#python/cpython#106669, but upstream decided not to just revert it). ==== python311-core ==== Subpackages: libpython3_11-1_0 python311-base - restrict PEP668 to ALP/Tumbleweed - add externally_managed.in to label this build as PEP-668 managed - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). (The patch is faulty, gh#python/cpython#106669, but upstream decided not to just revert it). ==== qemu ==== Version update (8.0.3 -> 8.0.4) - perl-Text-Markdown is not available in all distros and for all arch-es. Use discount instead - Patches added: * [openSUSE][spec] Use discount instead of perl-Text-Markdown - Update to version 8.0.4: * Official changelog not released on the mailing list yet * Security issues fixed: - bsc#1212850 (CVE-2023-3354) - bsc#1213001 (CVE-2023-3255) - bsc#1213925 (CVE-2023-3180) - bsc#1207205 (CVE-2023-0330) ==== qqc2-desktop-style ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Don't create Sonnet.Settings if not needed * Add explicit moc includes to sources for moc-covered headers ==== rebootmgr ==== Version update (2.0 -> 2.1) - Update to version 2.1 - Support systemctl soft-reboot (systemd >= v254) - Typo fix in spec description ==== rpm ==== Subpackages: librpmbuild9 - add remove-awk-dependency.patch to be able to drop awk dependency from containers ==== setools ==== Version update (4.4.2 -> 4.4.3) Subpackages: python311-setools setools-console - Update to version 4.4.3: * Fix compilation with Cython 3.0.0. * Improve man pages. * Remove neverallow options in sediff. * Add -r option to seinfoflow to get flows into the source type. * Reject a rule with no permissions as invalid policy. ==== shadow ==== Version update (4.13 -> 4.14.0) Subpackages: libsubid4 login_defs - Remove dependency on libbsd: On Tumbleweed we have glibc 2.38 already thus string functions like strlcpy will be present and won't be needed from libbsd. `readpassphrase()` is then the only function from libbsd not present. Upstream shadow has an in tree copy of it, that is used when the `--without-libbsd` flag is passed along. By relying on glibc 2.38 we don't need to add libbsd and libmd to our ring0 but can't easily upgrade on SLE. - Update to 4.14.0: * configure: add with-libbsd option * Code cleanup * Replace utmp interface #757 * new option enable-logind #674 * shadow userdel: add the adaptation to the busybox ps in 01-kill_user_procs.sh * chsh: warn if root sets a shell not listed in /etc/shells #535 * newgrp: fix potential string injection * lastlog: fix alignment of Latest header * Fix yescrypt support #748 * chgpasswd: Fix segfault in command-line options * gpasswd: Fix password leak * Add --prefix to passwd, chpasswd and chage #714 (bsc#1206627) * usermod: fix off-by-one issues #701 * ch(g)passwd: Check selinux permissions upon startup #675 * sub_[ug]id_{add,remove}: fix return values * chsh: Verify that login shell path is absolute #730 * process_prefix_flag: Drop privileges * run_parts for groupadd and groupdel #706 * newgrp/useradd: always set SIGCHLD to default * useradd/usermod: add --selinux-range argument #698 * sssd: skip flushing if executable does not exist #699 * semanage: Do not set default SELinux range #676 * Add control character check #687 * usermod: respect --prefix for --gid option * Fix null dereference in basename * newuidmap and newgidmap: support passing pid as fd * Prevent out of boundary access #633 * Explicitly override only newlines #633 * Correctly handle illegal system file in tz #633 * Supporting vendor given -shells- configuration file #599 * Warn if failed to read existing /etc/nsswitch.conf * chfn: new_fields: fix wrong fields printed * Allow supplementary groups to be added via config file #586 * useradd: check if subid range exists for user #592 (rh#2012929) - Refresh useradd-default.patch - Remove upstreamed patches: * useradd-userkeleton.patch * shadow-audit-no-id.patch * shadow-fix-print-login-timeout.patch * shadow-CVE-2023-29383.patch - Dont build lastlog (lastlog.legacy) anymore since we use lastlog2 by default now. - This release depends either on libbsd or on glibc >= 2.38 which only recently got released. libbsd (and libmd) would be new packages in our ring0 ==== signon ==== Version update (8.60 -> 8.61) Subpackages: libsignon-qt5-1 signon-plugins signond signond-libs - Update to 8.61 * Port away from QHash::unite * Don't emit QObject::destroyed() within Identity::destroy() * Build: remove unnecessary qmake options * Don't use -fno-rtti * Run test script with Busybox compatible mktemp * Fix typos in logs * Tests: add missing parameter to mkdir command * Fix deprecation warning * signond: register the adaptors in SignonDaemonAdaptor * signond: get appId of peer in SignonIdentityAdapter * signond: add Error class * signond: add ErrorAdaptor class * signond: use ErrorAdaptor in SignonSessionCore * signond: reduce usage of D-Bus in SignonIdentity class * signond: introduce PeerContext class * signond: reduce D-Bus usage in SignonAuthSession * signond: register the adaptors, not the object itself * signond: destroy adapter when Identity gets unregistered * Fix Unicode $HOME dir - Drop patch, merged upstream: * 0001-Don-t-use-fno-rtti.patch - Drop the unneeded baselibs.conf ==== slirp4netns ==== Version update (1.2.0 -> 1.2.1) - Update to version 1.2.1: * sandbox: Add support for escaping resolv.conf symlinks (#318) * parson: update to v1.5.2 (#320) ==== smartmontools ==== Version update (7.3 -> 7.4) - Update to version 7.4: * See NEWS and ChangeLog files for full details - Drop smartmontools-smartctl-NVMe-big-endian.patch (upstreamed) - Refresh smartmontools-suse-default.patch ==== solid ==== Version update (5.108.0 -> 5.109.0) Subpackages: libKF5Solid5 solid-imports solid-tools - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== sonnet ==== Version update (5.108.0 -> 5.109.0) Subpackages: libKF5SonnetCore5 libKF5SonnetUi5 sonnet-imports - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== speech-dispatcher ==== Version update (0.11.4 -> 0.11.5) Subpackages: libspeechd2 python3-speechd - Update to version 0.11.5: * Update CLDR to version 43 and symbols from NVDA. * Fix parsing and emitting space character. * Reduce espeak buffer size to avoid ssml issues. * Add --disable-doc. * Fix spd-conf not being able to set the default module. * Fix pausing without index. ==== srt ==== Version update (1.5.1 -> 1.5.2) - Update to 1.5.2: * API - 41c4b1f Fixed #ifdef ENABLE_AEAD_API_PREVIEW (#2603). - b3a21e1 SRT version raised to 1.5.2. - c0d9fcd Restored resetlogfa(..) in udt.h. Reverting #2558, although udt.h is not the official SRT API. - 87de405 Added ENABLE_AEAD_API_PREVIEW build option to enable AEAD API. - 60d1237 Crypto mode 'auto' implemented for listener (#2574). - 27e7d8d Socket Options: do not allow AES GCM if TSBPD is disabled. - 3e4561e Add GCM to the SRT API. * Core Functionality - 3cefede Correct remaining endianness issues - 30e7ccd Minor fix of variable shadowing. - 6fcff6d Fixed various compiler warnings on various platforms (#2679). - 59cde53 Fixed FEC Emergency resize crash (#2717). - 2fcd3d4 Fix crypto mode auto for listener sender (#2711). - b010763 Fixed typos in MBedTLS where it referred to GnuTLS (#2699). - a991767 Fix peer filter config being rejected because of endianness - 1cffd2f Added rejection handshake sent to the peer in rendezvous mode (#2667). - f57ba89 Added missing thread watchdog ticks in 3 thread loop (#2669). - e8d0533 Fixed old ENABLE_AEAD_PREVIEW. - 599c1fb Reworked the CRcvBuffer::dropMessage(..) function (#2661). - 7948772 Removed duplicate lines (#2660). - 3ffc93f Fixed CRcvBuffer::dropMessage (#2657). - e9a3955 Fixed guard for rcv-rexmit fields (#1859). - 22e97f8 Fixed warnings and removed redundant includes (#2658). - c83c31b Reduce frequency of the decryption failure log (#2602). - 21b55a2 Disabled warnings various platforms and fixed C++20 Windows build (#2411). - 65bef37 Set CLOSING state when closing a socket (#2643). - 02cba9e Drop undecrypted packet based on sequence number (#2654). - 6d774dd Fixed invalid ASSERT checking outdated object in haicrypt (#2652). - 8db35de Refaxed and fixed multiplexer reusage (#2608). - 6c92a13 Fix crash when enable heavy log and socket id less than 10 (#2619). - 64dedef CodeQL: operation requires 22 bytes. - 0c583f8 CodeQL warning: checking NULL after new. - b8962b4 Fixed PKTINFO case that was failing for IPv4+IPv6 bound sockets (#2630). - a42a39f Fixed wrong null-safety condition check in haicrypt (#2616). - 30f6f6b Removed extra redundant condition checks (#2615). - 5f02310 Fix negative id when wrap around - f533716 Fixed reject reason by a caller if connection is UNSECURE (#2622). - 04e8dbc Fixed default reject reason for a listener callback (#2605). - 0b9d583 AEAD: don't break a connection on decrypt failure. - 6db28dc RCV Buffer Refax: added some utils and simplifications (#2522). - 5889a2c AES-GCM payload length check (#2591). - 45232ad Allow fileCC in group mode - 98b1b00 Added extraction of IP_PKTINFO when reading (#456). - de9fc45 Fix CRcvBuffer last position in getTimespan_ms (#2579). - 38b4211 Remove use variable length array (#2279). - 78dd987 Fixed missing DROPREQ for LOSSREPORT that partially predates ACK (#2498). - 4090b25 Reject caller to caller connection (#2562). - 0a835ea Refax: moved removal of one seq from fresh loss list to a separate function (#2521). - 19af5d1 Obtain ConnectionLock while sending crypto keys. - 3d517cf Fixed a warning: member referenced before initialized (#2433). - fc82eac Refax: remove usage of LOGF/HLOGF (#2566). - 637d439 Refax: removed m_iRcvLastSkipAck and its dependencies (#2546). - 6c52f2d Pass std::string by const ref where possible. - 6d62096 Applied clang-format on md5.cpp and md5.h. - 2c48cba MD5: Removed null pointer subtraction (may have undefined behavior). - ae39052 Fixed rendezvous connection in the Non Blocking Mode (#2548). - 0138898 Fixed cloning the RX crypto context (AEAD) - be1ccf5 Moved KM refresh in packUniqueData() (#2541). - f864cec Fixed TARGET_OS_MAC not defined. Wrong include order. - 432f2d8 fix CSndBuffer parameter incorrect in AES GCM mode - cbfa812 Refax/postfix: further fixes after last refax changes (#2528) - e082f30 Fixed validation of input parameters in srt_connect (#2520). - 932e5bd Cleanup of bonding conditionals and unused code (#2525). - f477b51 Fixed connected peer address recording (#2526) - b76c8b2 Fixed CRcvBuffer::getAvailSize() may jump around. (#2490) - 71c3e40 Refax: safety improvements for RCV loss list and closing state (#2517) - 491e6e8 Extract RCV buffer insertion handling to a separate function (#2500). - 258a858 Refax: added size cache to the group container (#2510). - 2fd1363 Refax: improve logging and code readability around specific logging (#2511). - f7a024a Refax: removed the synconmsg property and its handling in the group (#2509) - 53735e1 Don't consider tool old ACK as IPE, it' may caused by network. - d26bbf7 Fixed a false alarm: ACK ERROR...(diff -1) - 0f6e7c7 Fixed the inconsistency between getFirstLostSeq() and ackDataUpTo() (#2488) - ea86302 Reduced calls to steady_clock::now() from two to one. - 8e9958a Reject if SRT_MAGIC_CODE is not set in the HS induction response. - 8e67aa7 Tune logs of group members adding and removing. - c01c646 Fixed AES-GCM support check. ==== suse-module-tools ==== Version update (16.0.32 -> 16.0.33) Subpackages: suse-module-tools-scriptlets - Update to version 16.0.33: * change wording in filesystem blacklist files (gh#openSUSE/suse-module-tools#71) * rpm-script: update bootloader after creating initramfs (boo#1213822) * usrmerge: Drop support for non-usrmerged (boo#1206798) ==== syndication ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== syntax-highlighting ==== Version update (5.108.0 -> 5.109.0) Subpackages: libKF5SyntaxHighlighting5 syntax-highlighting-imports - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Hare language syntax highlighting * Add explicit moc includes to sources for moc-covered headers ==== system-config-printer ==== Subpackages: python3-cupshelpers system-config-printer-common system-config-printer-dbus-service udev-configure-printer - Explicitly use --with-cups-serverbin-dir to find SERVERBIN when cups.pc is not provided by older cups (boo#1213883). ==== systemd ==== Version update (253.7 -> 253.8) Subpackages: libsystemd0 libudev1 systemd-coredump systemd-doc udev - Import commit fcdb2dd2c921db3c6b7c28465dbda314f4469d17 (merge of v253.8) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/2dac0aff9ced1eca0cd11c24e264b33095ee5a5e...fcdb2dd2c921db3c6b7c28465dbda314f4469d17 ==== sysvinit ==== Version update (3.07 -> 3.08) - Update to sysvinit 3.08 * For OpenSUSE only cosmetic change which is support of kexec for SysVinit reboot (not installed at all) ==== tar ==== Subpackages: tar-rmt - Run testsuite also on qemu build ==== telepathy-logger ==== Subpackages: libtelepathy-logger3 typelib-1_0-TelepathyLogger-0_2 - Split the gsettings schema to a separate package + The telepathy-logger library has an hard dependency on the schema, and if it's missing (before this change it has been part of the telepathy-logger daemon) it will cause the loading application to crash. + The library does now require the schema package - Drop dangling %glib2_gsettings_schema_requires macro. ==== threadweaver ==== Version update (5.108.0 -> 5.109.0) - Update to 5.109.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.109.0 - Changes since 5.108.0: * Add explicit moc includes to sources for moc-covered headers ==== tracker-miners ==== Subpackages: tracker-miner-files - Update + Fix the tracker miner spec file to build for SLE_15 + Rebase patch: tracker-miners-drop-syscalls-in-seccomp.patch ==== upower ==== Version update (1.90.1 -> 1.90.2) Subpackages: libupower-glib3 typelib-1_0-UpowerGlib-1_0 - update to 1.90.2: * Note that this is the last release of UPower with lid handling. OS components that rely on the lid status should get it from logind instead. * Fix wireless devices not disappearing from Settings when disconnected * Require a newer libgudev to avoid bugs related to newline stripping when reading sysfs attributes * Add installed-tests files for use with gnome-desktop-testing * Fix integration test to work with system installed upower binary and under jhbuild - add skip-tests-install.patch to skip installation of test-only assets ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Re-add util-linux-fix-tests-with-64k-pagesize.patch because it is not in 2.39.1 - Disable last and lastb for ALP, too. ==== util-linux-systemd ==== - Re-add util-linux-fix-tests-with-64k-pagesize.patch because it is not in 2.39.1 - Disable last and lastb for ALP, too. ==== webkit2gtk3 ==== Version update (2.40.4 -> 2.40.5) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.40.5 (boo#1213905): + Fix several crashes and rendering issues. + Security fixes: CVE-2023-38133, CVE-2023-38572, CVE-2023-38592, CVE-2023-38594, CVE-2023-38595, CVE-2023-38597,, CVE-2023-38599,, CVE-2023-38600, CVE-2023-38611. ==== webkit2gtk4 ==== Version update (2.40.4 -> 2.40.5) Subpackages: libjavascriptcoregtk6_0-1 libwebkitgtk6_0-4 webkitgtk-6_0-injected-bundles - Update to version 2.40.5 (boo#1213905): + Fix several crashes and rendering issues. + Security fixes: CVE-2023-38133, CVE-2023-38572, CVE-2023-38592, CVE-2023-38594, CVE-2023-38595, CVE-2023-38597,, CVE-2023-38599,, CVE-2023-38600, CVE-2023-38611. ==== wpebackend-fdo ==== Version update (1.14.0 -> 1.14.2) - Update to version 1.14.2 + Reverted a change introduced in 1.14.1 which introduced crashes both with WebKitGTK and WPE running under Wayland in some configurations. + Fix a crash caused by wrong assertion, which was typically triggered in debug builds when using the NVidia drivers. - Update to version 1.14.1: + Fix WebKit no longer repainting after provisional navigation wit PSON enabled. + Fix graphics buffer leaks by always freeing them in buffer destroy listener callbacks. ==== wtmpdb ==== Version update (0.7.1 -> 0.9.1) Subpackages: libwtmpdb0 - Fix last.1 manual page reference - Update to version 0.9.1 - Fix printf format specifier on 32bit - Update to version 0.9.0 - Try to detect systemctl soft-reboot - Many conversation warning/error fixes - Update to version 0.8.0 - wtmpdb boottime: print boot time ==== xdg-desktop-portal-gnome ==== Version update (44.1 -> 44.2) - Update to version 44.2: + Expose settings backend when running outside of GNOME. + Updated translations. ==== xmlsec1 ==== Subpackages: libxmlsec1-1 libxmlsec1-openssl1 - Added patch: * xmlsec1-ui_null.patch + fix build with older versions of openssl that don't have UI_null() method ==== xz ==== Version update (5.4.3 -> 5.4.4) Subpackages: liblzma5 - xznew: Remove bashsism. - build: pass CONFIG_SHELL=/bin/sh to configure: the posix tools are setting the current SHELL as the shebang, which is overkill: any posix compliant shell, aka /bin/sh, is sufficient. - Update to version 5.4.4: * liblzma and xzdec can now build against WASI SDK when threading support is disabled. xz and tests don't build yet. * documentation update * translations update ==== yast2-country ==== Version update (4.6.2 -> 4.6.3) Subpackages: yast2-country-data - Allow changing date to a later year than 2032 (bsc#1214144) - 4.6.3 ==== yast2-installation ==== Version update (4.6.5 -> 4.6.7) - Require awk for use in startup scripts (bsc#1214277) - 4.6.7 - bsc#1213959 - Change status label properly when toggling status in the "Previousy used repositories" dialog. - 4.6.6 ==== yast2-packager ==== Version update (4.6.1 -> 4.6.2) - Move loading the Pkg module to fix a failing unit test (bsc#1214069) - 4.6.2 ==== zxing-cpp ==== - Restore support for building on SLE12 - Build with gcc7-c++ or gcc-c++ >= 7 because of C++17 requirements - Added patch: * cmake.patch + allow building with cmake 3.5 on SLE12SP5