Packages changed: AppStream ImageMagick (7.1.1.8 -> 7.1.1.11) MozillaFirefox (112.0.2 -> 113.0.2) MozillaFirefox-branding-openSUSE NetworkManager NetworkManager-openconnect (1.2.8 -> 1.2.10) QGnomePlatform-qt5 (0.9.0 -> 0.9.1) apparmor (3.1.3 -> 3.1.4) at-spi2-core (2.48.0 -> 2.48.3) attica-qt5 (5.105.0 -> 5.106.0) autoyast2 (4.6.1 -> 4.6.2) baloo5 (5.105.0 -> 5.106.0) baloo5-widgets (23.04.0 -> 23.04.1) bind (9.18.14 -> 9.18.15) bluedevil5 (5.27.4 -> 5.27.5) bluez-qt (5.105.0 -> 5.106.0) breeze (5.27.4 -> 5.27.5) breeze-gtk (5.27.4 -> 5.27.5) breeze5-icons (5.105.0 -> 5.106.0) btrfsprogs (6.1.3 -> 6.3) c-ares (1.19.0 -> 1.19.1) checkmedia (6.1 -> 6.2) container-selinux (2.211.0 -> 2.215.0) containerd (1.6.20 -> 1.6.21) createrepo_c crypto-policies (20210917.c9d86d1 -> 20230420.3d08ae7) cups cups-filters curl (8.0.1 -> 8.1.2) dav1d (1.2.0 -> 1.2.1) diffutils (3.9 -> 3.10) discover (5.27.4 -> 5.27.5) dnsmasq docker (23.0.5_ce -> 23.0.6_ce) dolphin (23.04.0 -> 23.04.1) dos2unix (7.4.4 -> 7.5.0) drkonqi5 (5.27.4 -> 5.27.5) e2fsprogs (1.46.5 -> 1.47.0) elfutils ethtool (6.2 -> 6.3) evolution-data-server (3.48.1 -> 3.48.2) ffmpegthumbs (23.04.0 -> 23.04.1) filelight (23.04.0 -> 23.04.1) firewalld frameworkintegration (5.105.0 -> 5.106.0) freetype2 fuse3 gawk (5.2.1 -> 5.2.2) gcc13 (13.0.1+git7231 -> 13.1.1+git7364) gdb glib2 (2.76.2 -> 2.76.3) glibc glslang (12.1.0 -> 12.2.0) gnome-control-center (44.1 -> 44.2) gnome-session gnome-software (44.1 -> 44.2) gnutls grantlee5 grep (3.10 -> 3.11) grub2 gstreamer (1.22.2 -> 1.22.3) gstreamer-plugins-bad (1.22.2 -> 1.22.3) gstreamer-plugins-base (1.22.2 -> 1.22.3) gstreamer-plugins-good (1.22.2 -> 1.22.3) gtk3 (3.24.37+70 -> 3.24.38) gupnp-av harfbuzz (7.2.0 -> 7.3.0) health-checker (1.7 -> 1.8) highway hwdata (0.369 -> 0.370) icewm (3.3.2 -> 3.3.5) imlib2 (1.11.0 -> 1.11.1) installation-images-MicroOS (17.86 -> 17.87) inxi (3.3.23 -> 3.3.27) iso-codes (4.13.0 -> 4.15.0) iso_ent kaccounts-integration (23.04.0 -> 23.04.1) kaccounts-providers (23.04.0 -> 23.04.1) kactivities-stats (5.105.0 -> 5.106.0) kactivities5 (5.105.0 -> 5.106.0) kactivitymanagerd (5.27.4 -> 5.27.5) karchive (5.105.0 -> 5.106.0) kate (23.04.0 -> 23.04.1) kauth (5.105.0 -> 5.106.0) kbookmarks (5.105.0 -> 5.106.0) kcm_flatpak (5.27.4 -> 5.27.5) kcm_sddm (5.27.4 -> 5.27.5) kcmutils (5.105.0 -> 5.106.0) kcodecs (5.105.0 -> 5.106.0) kcompletion (5.105.0 -> 5.106.0) kconfig (5.105.0 -> 5.106.0) kconfigwidgets (5.105.0 -> 5.106.0) kcoreaddons (5.105.0 -> 5.106.0) kcrash (5.105.0 -> 5.106.0) kdbusaddons (5.105.0 -> 5.106.0) kde-cli-tools5 (5.27.4 -> 5.27.5) kde-gtk-config5 (5.27.4 -> 5.27.5) kde-print-manager (23.04.0 -> 23.04.1) kdeclarative (5.105.0 -> 5.106.0) kded (5.105.0 -> 5.106.0) kdegraphics-thumbnailers (23.04.0 -> 23.04.1) kdelibs4support (5.105.0 -> 5.106.0) kdenetwork-filesharing (23.04.0 -> 23.04.1) kdesu (5.105.0 -> 5.106.0) kdialog (23.04.0 -> 23.04.1) kdnssd-framework (5.105.0 -> 5.106.0) kdoctools (5.105.0 -> 5.106.0) kernel-firmware (20230427 -> 20230517) kernel-source (6.3.1 -> 6.3.4) keylime kfilemetadata5 (5.105.0 -> 5.106.0) kgamma5 (5.27.4 -> 5.27.5) kglobalaccel (5.105.0 -> 5.106.0) kguiaddons (5.105.0 -> 5.106.0) khelpcenter5 (23.04.0 -> 23.04.1) kholidays (5.105.0 -> 5.106.0) khotkeys5 (5.27.4 -> 5.27.5) khtml (5.105.0 -> 5.106.0) ki18n (5.105.0 -> 5.106.0) kiconthemes (5.105.0 -> 5.106.0) kidletime (5.105.0 -> 5.106.0) kimageformats (5.105.0 -> 5.106.0) kinfocenter5 (5.27.4 -> 5.27.5) kinit (5.105.0 -> 5.106.0) kio (5.105.0 -> 5.106.0) kio-extras5 (23.04.0 -> 23.04.1) kirigami2 (5.105.0 -> 5.106.0) kitemmodels (5.105.0 -> 5.106.0) kitemviews (5.105.0 -> 5.106.0) kjobwidgets (5.105.0 -> 5.106.0) kjs (5.105.0 -> 5.106.0) kmenuedit5 (5.27.4 -> 5.27.5) knewstuff (5.105.0 -> 5.106.0) knotifications (5.105.0 -> 5.106.0) knotifyconfig (5.105.0 -> 5.106.0) konsole (23.04.0 -> 23.04.1) kpackage (5.105.0 -> 5.106.0) kparts (5.105.0 -> 5.106.0) kpeople5 (5.105.0 -> 5.106.0) kpipewire (5.27.4 -> 5.27.5) kpty (5.105.0 -> 5.106.0) kquickcharts (5.105.0 -> 5.106.0) krunner (5.105.0 -> 5.106.0) kscreen5 (5.27.4 -> 5.27.5) kscreenlocker (5.27.4 -> 5.27.5) kservice (5.105.0 -> 5.106.0) ksshaskpass5 (5.27.4 -> 5.27.5) ksystemstats5 (5.27.4 -> 5.27.5) ktexteditor (5.105.0 -> 5.106.0) ktextwidgets (5.105.0 -> 5.106.0) kunitconversion (5.105.0 -> 5.106.0) kwallet (5.105.0 -> 5.106.0) kwalletmanager5 (23.04.0 -> 23.04.1) kwayland (5.105.0 -> 5.106.0) kwayland-integration (5.27.4 -> 5.27.5) kwidgetsaddons (5.105.0 -> 5.106.0) kwin5 (5.27.4 -> 5.27.5) kwindowsystem (5.105.0 -> 5.106.0) kwrited5 (5.27.4 -> 5.27.5) kxmlgui (5.105.0 -> 5.106.0) layer-shell-qt (5.27.4 -> 5.27.5) libKF5ModemManagerQt (5.105.0 -> 5.106.0) libKF5NetworkManagerQt (5.105.0 -> 5.106.0) libX11 (1.8.4 -> 1.8.5) libaom (3.6.0 -> 3.6.1) libapparmor (3.1.3 -> 3.1.4) libcap (2.68 -> 2.69) libcap-ng libcontainers-common libdnf (0.70.0 -> 0.70.1) libgcrypt libheif (1.16.1 -> 1.16.2) libkdcraw (23.04.0 -> 23.04.1) libkdecoration2 (5.27.4 -> 5.27.5) libkexiv2 (23.04.0 -> 23.04.1) libkscreen2 (5.27.4 -> 5.27.5) libksysguard5 (5.27.4 -> 5.27.5) libnettle (3.8.1 -> 3.9) libostree libpng16 libproxy libproxy-plugins libqt5-qtbase (5.15.9+kde151 -> 5.15.9+kde154) libqt5-qtdeclarative (5.15.9+kde23 -> 5.15.9+kde25) libqt5-qtsvg (5.15.9+kde7 -> 5.15.9+kde8) libqt5-qtwebengine (5.15.13 -> 5.15.14) librsvg (2.56.0 -> 2.56.1) libstorage-ng (4.5.101 -> 4.5.115) libxcrypt (4.4.33 -> 4.4.34) libxslt (1.1.37 -> 1.1.38) libyui (4.5.2 -> 4.6.0) libyui-ncurses (4.5.2 -> 4.6.0) libyui-ncurses-pkg (4.5.2 -> 4.6.0) libyui-qt (4.5.2 -> 4.6.0) libyui-qt-graph (4.5.2 -> 4.6.0) libyui-qt-pkg (4.5.2 -> 4.6.0) libyuv (20220920+f9fda6e -> 20230517+a377993) llvm16 (16.0.2 -> 16.0.4) lsof lua54 (5.4.4 -> 5.4.6) man-pages (6.02 -> 6.04) mdadm milou5 (5.27.4 -> 5.27.5) mobipocket (23.04.0 -> 23.04.1) mozilla-nss mozjs102 (102.10.0 -> 102.11.0) multipath-tools (0.9.4+86+suse.4d8901e -> 0.9.5+68+suse.d1b6a1c) mutter (44.1 -> 44.1+2) nautilus (44.1 -> 44.2) ncurses (6.4.20230429 -> 6.4.20230520) nghttp2 (1.52.0 -> 1.53.0) openSUSE-build-key openconnect (9.10 -> 9.12) openssl-3 (3.0.8 -> 3.1.1) openssl (3.0.8 -> 3.1.1) openvpn (2.6.3 -> 2.6.4) orca (44.0 -> 44.1) oxygen5-sounds (5.27.4 -> 5.27.5) pam (1.5.2.90 -> 1.5.3) pam-full-src (1.5.2.90 -> 1.5.3) pam_kwallet (5.27.4 -> 5.27.5) patterns-base patterns-microos pciutils (3.9.0 -> 3.10.0) perl-Bootloader (1.0 -> 1.2) perl-IO-Socket-SSL (2.081 -> 2.083) perl-libwww-perl (6.68 -> 6.70) permissions (1699_20230424 -> 1699_20230516) pipewire (0.3.69 -> 0.3.71) plasma-branding-MicroOS (20230420 -> 20230519) plasma-browser-integration (5.27.4 -> 5.27.5) plasma-framework (5.105.0 -> 5.106.0) plasma-nm5 (5.27.4 -> 5.27.5) plasma5-addons (5.27.4 -> 5.27.5) plasma5-desktop (5.27.4 -> 5.27.5) plasma5-disks (5.27.4 -> 5.27.5) plasma5-integration (5.27.4 -> 5.27.5) plasma5-openSUSE plasma5-pa (5.27.4 -> 5.27.5) plasma5-systemmonitor (5.27.4 -> 5.27.5) plasma5-thunderbolt (5.27.4 -> 5.27.5) plasma5-workspace (5.27.4.1 -> 5.27.5) plymouth podman (4.5.0 -> 4.5.1) policycoreutils polkit-default-privs (1550+20230307.7f42172 -> 1550+20230517.ab68b2d) polkit-kde-agent-5 (5.27.4 -> 5.27.5) poppler (23.04.0 -> 23.05.0) poppler-qt5 (23.04.0 -> 23.05.0) powerdevil5 (5.27.4 -> 5.27.5) prison-qt5 (5.105.0 -> 5.106.0) purpose (5.105.0 -> 5.106.0) python-PyJWT (2.6.0 -> 2.7.0) python-SQLAlchemy (2.0.12 -> 2.0.15) python-Twisted python-anyio python-attrs (22.2.0 -> 23.1.0) python-blinker (1.5 -> 1.6.2) python-gevent (22.10.1 -> 22.10.2) python-greenlet (1.1.3 -> 2.0.2) python-httpcore (0.16.3 -> 0.17.0) python-numpy python-pip (22.3.1 -> 23.1.2) python-pycryptodome (3.17.0 -> 3.18.0) python-pyzmq (24.0.1 -> 25.0.2) python-redis (4.5.4 -> 4.5.5) python-requests (2.28.2 -> 2.30.0) python-responses (0.21.0 -> 0.23.1) python-rich (13.3.5 -> 13.4.1) python-rpm python-setuptools (67.6.1 -> 67.7.2) python-tornado6 (6.2 -> 6.3.2) python-urllib3 (1.26.15 -> 2.0.2) python-zope.event python310 (3.10.10 -> 3.10.11) python310-core (3.10.10 -> 3.10.11) qemu (7.1.0 -> 8.0.2) qqc2-desktop-style (5.105.0 -> 5.106.0) raspberrypi-firmware-dt redis rpm ruby-common (3.2 -> 3.2.1) rubygem-gem2rpm rubygem-ruby-dbus (0.21.0 -> 0.22.1) setxkbmap (1.3.3 -> 1.3.4) shaderc (2023.2 -> 2023.4) shim signon-kwallet-extension (23.04.0 -> 23.04.1) solid (5.105.0 -> 5.106.0) sonnet (5.105.0 -> 5.106.0) spectacle (23.04.0 -> 23.04.1) sqlite3 (3.41.2 -> 3.42.0) sssd (2.8.2 -> 2.9.0) syndication (5.105.0 -> 5.106.0) syntax-highlighting (5.105.0 -> 5.106.0) systemd systemd-rpm-macros (20 -> 22) systemsettings5 (5.27.4 -> 5.27.5) sysvinit (3.00 -> 3.07) texlive threadweaver (5.105.0 -> 5.106.0) tnftp (20210827 -> 20230507) tpm2.0-abrmd tpm2.0-tools tracker (3.5.1 -> 3.5.3) tracker-miners (3.5.1 -> 3.5.2) transactional-update (4.1.5 -> 4.2.1) update-alternatives util-linux util-linux-systemd vim (9.0.1504 -> 9.0.1572) vte vulkan-loader (1.3.247 -> 1.3.250.0) vulkan-tools (1.3.247 -> 1.3.250.0) webkit2gtk3 (2.40.1 -> 2.40.2) webkit2gtk4 (2.40.1 -> 2.40.2) wget (1.21.3 -> 1.21.4) wireless-regdb (20230213 -> 20230503) wireplumber wpa_supplicant xdg-desktop-portal-kde (5.27.4 -> 5.27.5) xdm xfsprogs (6.2.0 -> 6.3.0) xrdb xterm (379 -> 380) yaml-cpp yast2-control-center (4.6.0 -> 4.6.1) yast2-installation (4.6.2 -> 4.6.3) yast2-network (4.6.2 -> 4.6.3) yast2-pkg-bindings (4.6.1 -> 4.6.2) yast2-services-manager (4.6.0 -> 4.6.1) yast2-storage-ng (4.6.5 -> 4.6.10) yast2-vm (4.6.0 -> 4.6.1) zisofs-tools zstd === Details === ==== AppStream ==== Subpackages: libAppStreamQt2 libappstream4 - refresh patch for new glib-2.76 from upstream ==== ImageMagick ==== Version update (7.1.1.8 -> 7.1.1.11) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.1.11 * upstream changelog: https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-11---2023-05-29 - version update to 7.1.1.10 * fixes CVE-2023-2157 [bsc#1211601] https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-10---2023-05-21 - update to 7.1.1.9: * support for Oklab https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-9---2023-05-14 ==== MozillaFirefox ==== Version update (112.0.2 -> 113.0.2) - Mozilla Firefox 113.0.2 (boo#1211696) * Fixed: Fixed a bug which could cause Firefox to freeze on some pages when loading them with the Developer Tools Web Console open (bmo#1828026) * Fixed: Fixed a bug which would cause the bookmarks and history sidebars to not properly react to the browser window being vertically resized (bmo#1831535) - Mozilla Firefox 113.0.1 * UI fixes for other platforms - upstream signing key updated - Mozilla Firefox 113.0 * https://www.mozilla.org/en-US/firefox/113.0/releasenotes MFSA 2023-16 (bsc#1211175) * CVE-2023-32205 (bmo#1753339, bmo#1753341) Browser prompts could have been obscured by popups * CVE-2023-32206 (bmo#1824892) Crash in RLBox Expat driver * CVE-2023-32207 (bmo#1826116) Potential permissions request bypass via clickjacking * CVE-2023-32208 (bmo#1646034) Leak of script base URL in service workers via import() * CVE-2023-32209 (bmo#1767194) Persistent DoS via favicon image * CVE-2023-32210 (bmo#1776755) Incorrect principal object ordering * CVE-2023-32211 (bmo#1823379) Content process crash due to invalid wasm code * CVE-2023-32212 (bmo#1826622) Potential spoof due to obscured address bar * CVE-2023-32213 (bmo#1826666) Potential memory corruption in FileReader::DoReadData() * MFSA-TMP-2023-0002 (bmo#1814560, bmo#1814790, bmo#1819796) Race condition in dav1d decoding * CVE-2023-32214 (bmo#1828716) Potential DoS via exposed protocol handlers * CVE-2023-32215 (bmo#1540883, bmo#1751943, bmo#1814856, bmo#1820210, bmo#1821480, bmo#1827019, bmo#1827024, bmo#1827144, bmo#1827359, bmo#1830186) Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 * CVE-2023-32216 (bmo#1746479, bmo#1806852, bmo#1815987, bmo#1820359, bmo#1823568, bmo#1824803, bmo#1824834, bmo#1825170, bmo#1827020, bmo#1828130) Memory safety bugs fixed in Firefox 113 - removed obsolete mozilla-bmo1568145.patch ==== MozillaFirefox-branding-openSUSE ==== - add sle_version 150500 check - add some useful links about openSUSE in the about:newtab page - add sle_version 150300 and 150400 check ==== NetworkManager ==== Subpackages: NetworkManager-bluetooth NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Add nm-runstatedir.patch: to correct rundir from /var/run to /run for systemd FHS compatibility ==== NetworkManager-openconnect ==== Version update (1.2.8 -> 1.2.10) Subpackages: NetworkManager-openconnect-gnome - Update to version 1.2.10: + Improved cancellation handling. + Support SAML/SSO authentication for some VPN protocols. + Allow useragent override. + Support webkit2gtk-4.1. + Allow choosing certificates/keys from PKCS#11 tokens. + Allow custom interface name. + Allow UDP connectivity to be disabled. + Support multi-certificate authentication for AnyConnect. + Fix hangs with external browsers which spam stdout. + Updated translations. - Drop dbus-location.patch: Fixed upstream. - Add pkgconfig(webkit2gtk-4.1) BuildRequires: New dependency. ==== QGnomePlatform-qt5 ==== Version update (0.9.0 -> 0.9.1) - Update to version 0.9.1: + Changes: - Thinner border between window and decorations - Added support for KColorScheme using Adwaita-like color schemes - Added integration for QtQuick Controls2 applications - Added support for color-scheme in GSettings backend - Implemented reasonable icon fallback - depends on Qt change 476542 - Qt6: implemented support for QPlatformTheme::MouseCursorSize and QPlatformTheme::MouseCursorTheme + Fixes: - Do not crash when GSettings shema is not found - Respect QT_STYLE_OVERRIDE env variable - Fixed titlebar dimming on Wayland - Fixed regression in rendering titlebar on vanilla Qt - Drop 0001-fix-qt-6.5-compilation.patch as it is included in version 0.9.1 - Adjust fix-XSetTransientForHint.patch for version 0.9.1 - Split QGnomePlatform's new color schemes into a new package called "QGnomePlatform-colorschemes" ==== apparmor ==== Version update (3.1.3 -> 3.1.4) Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - update to AppArmor 3.1.4 - parser: fix mount rules encoding (CVE-2016-1585) - aa-logprof: fix error when choosing named exec with plain profile names - aa-status: fix json output - several fixes for profiles and abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4 for the full upstream changelog ==== at-spi2-core ==== Version update (2.48.0 -> 2.48.3) Subpackages: libatk-1_0-0 libatk-bridge-2_0-0 libatspi0 typelib-1_0-Atk-1_0 typelib-1_0-Atspi-2_0 - Update to version 2.48.3: + Fix the build when dbus-broker is not set to be used by default. + Fix a couple of use after frees when finalizing devices. + atk-adaptor: Fix handling of sockets in impl_GetChildren. - Update to version 2.48.2: + Fixed a regression in 2.48.1 where the bus launcher would fail if dbus-broker was configured at build time but not installed on the system. - Update to version 2.48.1: + Fixes for atk-only builds under Windows. + meson: Avoid requiring libsystemd when configured to use dbus-daemon. + Fix crash when a bad index is passed to atspi_accessible_get_child_at_index. + Fix possible infinite recursion in atspi_accessible_clear_cache. - Add or dbus-broker to existing dbus-1 Requires: we already pass dbus_broker=/usr/bin/dbus-broker-launch and default_bus=dbus-broker to meson during build. ==== attica-qt5 ==== Version update (5.105.0 -> 5.106.0) Subpackages: libKF5Attica5 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== autoyast2 ==== Version update (4.6.1 -> 4.6.2) - Properly install the selected products, do not lose them after resetting the package manager internally (bsc#1202234) - 4.6.2 ==== baloo5 ==== Version update (5.105.0 -> 5.106.0) Subpackages: baloo5-file baloo5-file-lang baloo5-imports baloo5-kioslaves baloo5-kioslaves-lang baloo5-tools baloo5-tools-lang libKF5Baloo5 libKF5BalooEngine5 libKF5BalooEngine5-lang - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * baloosearch: Inform the user when the specified dir is not canonical * aggressively resource constrain baloo_file ==== baloo5-widgets ==== Version update (23.04.0 -> 23.04.1) - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - No code change since 23.04.0 ==== bind ==== Version update (9.18.14 -> 9.18.15) - Update to release 9.18.15 Bug Fixes: * The max-transfer-time-in and max-transfer-idle-in statements have not had any effect since the BIND 9 networking stack was refactored in version 9.16. The missing functionality has been re-implemented and incoming zone transfers now time out properly when not progressing. * The read timeout in rndc is now 60 seconds, matching the behavior in BIND 9.16 and earlier. It had previously been lowered to 30 seconds by mistake. * When the ISC_R_INVALIDPROTO (ENOPROTOOPT, EPROTONOSUPPORT) error code is returned by libuv, it is now treated as a network failure: the server for which that error code is returned gets marked as broken and is not contacted again during a given resolution process. * When removing delegations from an opt-out range, empty-non-terminal NSEC3 records generated by those delegations were not cleaned up. This has been fixed. * Log file rotation code did not clean up older versions of log files when the logging channel had an absolute path configured as a file destination. This has been fixed. Known Issues: * Sending NOTIFY messages silently fails when the source port specified in the notify-source statement is already in use. This can happen e.g. when multiple servers are configured as NOTIFY targets for a zone and some of them are unresponsive. This issue can be worked around by not specifying the source port for NOTIFY messages in the notify-source statement; note that source port configuration is already deprecated and will be removed altogether in a future release. ==== bluedevil5 ==== Version update (5.27.4 -> 5.27.5) Subpackages: bluedevil5-lang - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * applet: introduce a brief animation for section height estimates (kde#438610) * applet: Fix Toolbar padding in RTL mode ==== bluez-qt ==== Version update (5.105.0 -> 5.106.0) Subpackages: bluez-qt-imports bluez-qt-udev libKF5BluezQt6 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== breeze ==== Version update (5.27.4 -> 5.27.5) Subpackages: breeze5-cursors breeze5-decoration breeze5-style breeze5-style-lang breeze5-wallpapers libbreezecommon5-5 - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * ProgressBar: Stop emitting polish requests when item becomes invisible (kde#468903) * ToolButton: Fix subcontrol menu buttons outline in RTL mode * Remove unused methods * ToolButton: Fix text & icon position in textUnderIcon RTL mode - Drop patches, now upstream: * 0001-ProgressBar-Stop-emitting-polish-requests-when-item-.patch ==== breeze-gtk ==== Version update (5.27.4 -> 5.27.5) Subpackages: gtk2-metatheme-breeze gtk3-metatheme-breeze gtk4-metatheme-breeze metatheme-breeze-common - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * 🍒gtk3/titlebutton: reduce right margin of {max/minimize} button * gtk4/windowcontrols: use updated SVG assets * assets: resize viewports of titlebutton SVGs * gtk3: restore old icon size for titlebutton (kde#468203) * gtk3: remove invalid icon size property - Drop patches, now upstream: * 0001-gtk3-restore-old-icon-size-for-titlebutton.patch ==== breeze5-icons ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Make monochrome MS-DOS executable icons respect the color scheme * Increase moon size for redshift-status-on icon * Add mimetype icons for alembic files * Add new Partition Manager app icon * Make media-flash icon actually look like a typical flash memory card (kde#468006) * Add new icons for the pixelate and blur tools in Spectacle ==== btrfsprogs ==== Version update (6.1.3 -> 6.3) Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1 - qgroup show: fix formatting of limit values in json output (bsc#1206960, bsc#1209136) - Added patch: btrfs-progs-qgroup-show-fix-formatting-of-limit-valu.patch - update to 6.3 * mkfs: option -R deprecated, options unified in -O (-R still works) * mkfs: fix potential race with udev leading to EBUSY due to repeatedly opened file descriptors * block-group-tree is out of experimental mode * available as 'mkfs.btrfs -O block-group-tree' * btrfstune can do in-place conversion to/from (use with care) * balance: fix recognizing old and new syntax * subvol snapshot: specific error if a failure is caused by an active swapfile * tree-stats: rephrase warning when run on a mounted filesystem * completion: 'filesystem du' also completes files * check: fix docs, help text and warning that --force + --repair works on a mounted filesystem * build: fix static build when static libudev is available * documentation: * more updates from wiki, developer docs, changelogs * reformatting * updates and fixes * other: * test updates and fixes * CI cleanups and old files removed * integration with Github actions - Use pre-generated documentation from tarball, fixes build on SLE targets where sphinx might not be available - update to 6.2.2 * fix build on old x86 architectures with builtin crypto * device stats: fix printing wrong values in tabular output * qgroup show: fix qgroup id formatting in json output * restore: fix restoring xattrs on directories * restore: don't modify metadata in dry-run mode * balance: fix some cases wrongly parsed as old syntax * balance: warn when deprecated syntax is used * seeding: fall back to old way if sysfs device fsid is not available * convert: handle orphan file ext4 feature * other: * sync ioctl definitions * enable github CI * update documentation - update to 6.2.1 * fix build with crypto libraries * CI images updated, build tests extended - update to 6.2: * receive: fix a corruption when decompressing zstd extents * subvol sync: print total number and deletion progress * accelerated hash algorithm implementations in fallback mode on x86_64 * fi mkswapfile: new option --uuid * new global option --log=level to set the verbosity level directly * other: * experimental: update checksum conversion (not usable yet) * build actually requires -std=gnu11 * refactor help option formatting, auto wrap long lines ==== c-ares ==== Version update (1.19.0 -> 1.19.1) - Update to version 1.19.1 Security: * CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service (bsc#1211604) * CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS query IDs (bsc#1211605) * CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) * CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) Bug fixes: * Fix uninitialized memory warning in test * ares_getaddrinfo() should allow a port of 0 * Fix memory leak in ares_send() on error * Fix comment style in ares_data.h * Fix typo in ares_init_options.3 * Sync ax_pthread.m4 with upstream * Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support ==== checkmedia ==== Version update (6.1 -> 6.2) Subpackages: libmediacheck6 - merge gh#openSUSE/checkmedia#17 - do not select EFI System Partition for digest calculation (bsc#1211953) - use default for SKIPSECTORS only for RH media - add man pages for checkmedia and tagmedia - add spec file for OBS - 6.2 ==== container-selinux ==== Version update (2.211.0 -> 2.215.0) - Update to version 2.215.0: * Add some MLS rules to policy * Allow container runtime to dyntransition to spc_t * Tighten controls on confined users * Add labels for /var/lib/shared * Cleanup entrypoint definitions * Allow container_device_plugin_t access to debugfs * Allow containers which use devices to map them ==== containerd ==== Version update (1.6.20 -> 1.6.21) - Update to containerd v1.6.21 for Docker v23.0.6-ce. Upstream release notes: bsc#1211578 - Require a minimum Go version explicitly rather than using golang(API). Fixes the change for bsc#1210298. [ This was only released in SLE. ] - unversion to golang requires to always use the current default go. (bsc#1210298) ==== createrepo_c ==== Subpackages: libcreaterepo_c0 python3-createrepo_c - disable DeltaRPM for ALP ==== crypto-policies ==== Version update (20210917.c9d86d1 -> 20230420.3d08ae7) Subpackages: crypto-policies-scripts - FIPS: Enable to set the kernel FIPS mode with fips-mode-setup and fips-finish-install commands, add also the man pages. The required FIPS modules are left to be installed by the user. * Rebase crypto-policies-FIPS.patch - Revert a breaking change that introduces the config option rh-allow-sha1-signatures that is unkown to OpenSSL and fails on startup. We will consider adding this option to openssl. * https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/commit/97fe4494 * Add crypto-policies-revert-rh-allow-sha1-signatures.patch - Update the update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. [bsc#1209998] * Add crypto-policies-supported.patch - Update to version 20230420.3d08ae7: * openssl, alg_lists: add brainpool support * openssl: set Groups explicitly * codespell: ignore aNULL * rpm-sequoia: allow 1024 bit DSA and SHA-1 per FeSCO decision 2960 * sequoia: add separate rpm-sequoia backend * crypto-policies.7: state upfront that FUTURE is not so interoperable * Makefile: update for asciidoc 10 * Skip not needed LibreswanGenerator and SequoiaGenerator: - Add crypto-policies-policygenerators.patch * Remove crypto-policies-test_supported_modules_only.patch * Rebase crypto-policies-no-build-manpages.patch - Update to version 20221214.a4c31a3: * bind: expand the list of disableable algorithms * libssh: Add support for openssh fido keys * .gitlab-ci.yml: install krb5-devel for krb5-config * sequoia: check using sequoia-policy-config-check * sequoia: introduce new back-end * Makefile: support overriding asciidoc executable name * openssh: make none and auto explicit and different * openssh: autodetect and allow forcing RequiredRSASize presence/name * openssh: remove _pre_8_5_ssh * pylintrc: update * Revert "disable SHA-1 further for a Fedora 38 Rawhide "jump scare"..." * disable SHA-1 further for a Fedora 38 Rawhide "jump scare"... * Makefile: exclude built manpages from codespell * add openssh HostbasedAcceptedAlgorithms * openssh: add RSAMinSize option following min_rsa_size * Revert ".gitlab-ci.yml: skip pylint (bz2069837)" * docs: add customization recommendation * tests/java: fix java.security.disableSystemPropertiesFile=true * policies: add FEDORA38 and TEST-FEDORA39 * bind: control ED25519/ED448 * openssl: disable SHA-1 signatures in FUTURE/NO-SHA1 * .gitlab-ci.yml: skip pylint (bz2069837) * openssh: add support for sntrup761x25519-sha512@openssh.com * fips-mode-setup: fix one unrelated check to intended state * fips-mode-setup, fips-finish-install: abandon /etc/system-fips * Makefile: fix alt-policy test of LEGACY:AD-SUPPORT * fips-mode-setup: catch more inconsistencies, clarify --check * fips-mode-setup: improve handling FIPS plus subpolicies * .gitlab-ci.yml: use rawhide so that we get gnutls 3.7.3 * gnutls: enable SHAKE, needed for Ed448 * gnutls: use allowlisting * openssl: add newlines at the end of the output * FIPS:OSPP: relax -ECDSA-SHA2-512, -FFDHE-* * fips-mode-setup, fips-finish-install: call zipl more often * Add crypto-policies-rpmlintrc file to avoid files-duplicate, zero-length and non-conffile-in-etc warnings. * Rebase patches: - crypto-policies-FIPS.patch - crypto-policies-no-build-manpages.patch * Update README.SUSE ==== cups ==== Subpackages: cups-client cups-config libcups2 libcupsimage2 - cups-2.4.2-CVE-2023-32324.patch fixes CVE-2023-32324 "Heap buffer overflow in cupsd" https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 bsc#1211643 ==== cups-filters ==== - cups-filters-1.28.15-0001-beh-backend-Use-execv-instead-of-system-CVE-2023-24805.patch cups-filters-1.28.15-0002-beh-backend-Extra-checks-against-odd-forged-input-CVE-2023-24805.patch cups-filters-1.28.15-0003-beh-backend-Further-improvements-CVE-2023-24805.patch are the upstream 0001-beh-backend-Use-execv-instead-of-system-CVE-2023-24805.patch 0002-beh-backend-Extra-checks-against-odd-forged-input-CVE-2023-24805.patch 0003-beh-backend-Further-improvements-CVE-2023-24805.patch backported to cups-filters-1.28.15 to fix CVE-2023-24805: RCE in cups-filters, beh CUPS backend (bsc#1211340) and https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65 ==== curl ==== Version update (8.0.1 -> 8.1.2) Subpackages: libcurl4 - Update to 8.1.2: * Bugfixes: - configure: quote the assignments for run-compiler - configure: without pkg-config and no custom path, use -lnghttp2 - curl: cache the --trace-time value for a second - http2: fix EOF handling on uploads with auth negotiation - http3: send EOF indicator early as possible - lib1560: verify more scheme guessing - lib: remove unused functions, make single-use static - libcurl.m4: remove trailing 'dnl' that causes this to break autoconf - libssh: when keyboard-interactive auth fails, try password - misc: fix spelling mistakes - page-header: mention curl version and how to figure out current release - page-header: minor wording polish in the URL segment - scripts/singleuse.pl: add more API calls - urlapi: remove superfluous host name check - Update to 8.1.1: * Bugfixes: - cf-socket: completely remove the disabled USE_RECV_BEFORE_SEND_WORKAROUND - checksrc: disallow spaces before labels - curl_easy_getinfo: clarify on return data types - docs: document that curl_url_cleanup(NULL) is a safe no-op - hostip: move easy_lock.h include above curl_memory.h - http2: double http request parser max line length - http2: increase stream window size to 10 MB - lib: rename struct 'http_req' to 'httpreq' - ngtcp2: proper handling of uint64_t when adjusting send buffer - sectransp.c: make the code c89 compatible - select: avoid returning an error on EINTR from select() or poll() - url: provide better error message when URLs fail to parse - urlapi: allow numerical parts in the host name - Update to 8.1.0: * Security fixes: - UAF in SSH sha256 fingerprint [bsc#1211230, CVE-2023-28319] - siglongjmp race condition [bsc#1211231, CVE-2023-28320] - IDN wildcard match [bsc#1211232, CVE-2023-28321] - POST-after-PUT confusion [bsc#1211233, CVE-2023-28322] - See also: https://curl.se/docs/security.html * Changes: - curl: add --proxy-http2 - CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2 - hostip: refuse to resolve the .onion TLD - tool_writeout: add URL component variables * Bugfixes: - See full changelog here: https://curl.se/changes.html#8_1_0 ==== dav1d ==== Version update (1.2.0 -> 1.2.1) - Update to version 1.2.1 * Fix a threading race on task_thread.init_done * NEON z2 8bpc and high bit-depth optimizations * SSSE3 z2 high bit-depth optimziations * Fix a desynced luma/chroma planes issue with Film Grain * Reduce memory consumption * Improve dav1d_parse_sequence_header() speed * OBU: Improve header parsing and fix potential overflows * OBU: Improve ITU-T T.35 parsing speed * Misc buildsystems, CI and headers fixes - Add to description some performance mentions that set it apart from other packages e.g. gav1. ==== diffutils ==== Version update (3.9 -> 3.10) - diffutils 3.10: * cmp/diff can again work with file dates past Y2K38 * diff -D no longer fails to output #ifndef lines ==== discover ==== Version update (5.27.4 -> 5.27.5) Subpackages: discover-backend-flatpak discover-backend-fwupd discover-backend-packagekit discover-lang discover-notifier - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * Fix margins around distro upgrade message (kde#469163) * rpm-ostree: Do not offer resources when the search doesn't pertain (kde#468162) * Updates page: fix missing clip causing items to paint over logging scrollview * updates ui: Simplify bottom toolbar logic (kde#468459) * flatpak: Do not crash if for any reason we lack a ref's source (kde#467827) * PackageKitNotifier: Do not refresh database if update is in progress * fwupd: Set user agent, and allow following redirects * Allow building against libmarkdown3 * Always clear offline updates file after a repair operation (kde#451753,kde#450973) * ApplicationPage: Fix layout for content rating dialog (kde#466815) * flatpak: Report latest available version (kde#465864,kde#448521) ==== dnsmasq ==== - Correct rundir from /var/run to /run for pid file ==== docker ==== Version update (23.0.5_ce -> 23.0.6_ce) Subpackages: docker-bash-completion - Update to Docker 23.0.6-ce. See upstream changelog online at . bsc#1211578 - Rebase patches: * cli-0001-docs-include-required-tools-in-source-tree.patch - Re-unify packaging for SLE-12 and SLE-15. - Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers (the uapi headers in SLE-12 are too old). + 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch - Re-numbered patches: - 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch + 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch` ==== dolphin ==== Version update (23.04.0 -> 23.04.1) Subpackages: dolphin-part libdolphinvcs5 - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - Changes since 23.04.0: * Fix build without KF5Activities * Fix activating the Selection Mode with a keyboard shortcut (kde#465489) * Restrict attaching instances to those on the same activity or same virtual desktop ==== dos2unix ==== Version update (7.4.4 -> 7.5.0) - update to 7.5.0: * New option -e, --add-eol to add a line break to the last line if the isn't one * New option -O, --to-stdout to write to standard output ==== drkonqi5 ==== Version update (5.27.4 -> 5.27.5) Subpackages: drkonqi5-lang - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== e2fsprogs ==== Version update (1.46.5 -> 1.47.0) Subpackages: libcom_err2 libext2fs2 - Update to 1.47.0: * Add support for the orphan_file feature, which speeds up workloads that are deleting or truncating a large number files in parallel. This compat feature was first supported in the v5.15 Linux kernel. * The mke2fs program (via the mke2fs.conf file) now enables the metadata_csum_seed and orphan_file features by default. The metadata_csum_seed feature is an incompat feature which is first supported in the Linux kernel starting in the 4.4 kernel. * Mke2fs now supports the extended option "assume_storage_prezeroed" which causes mke2fs to skip zeroing the journal and inode tables and to mark the inode tables as zeroed. * Add support to tune2fs and e2label to set the label and UUID for a mounted file system using a ioctl, which is more reliable than modifying the superblock via writing to the block device. The kernel support for setting the label landed in v5.17, while the support for adding the UUID landed in v6.0. If the ioctls are not supported, tune2fs and e2label will fall back old strategy of directly modifying the superblock. * Allow tune2fs to disable the casefold feature after scanning all of the directories do not have the Casefold flag set. ==== elfutils ==== Subpackages: libasm1 libdw1 libelf1 - Add _multibuild to define 2nd spec file as additional flavor. Eliminates the need for source package links in OBS. ==== ethtool ==== Version update (6.2 -> 6.3) Subpackages: ethtool-bash-completion - update to upstream release 6.3 * Feature: PLCA support (--[gs]et-plca-cfg, --get-plca-status) * Feature: MAC Merge layer support (--show-mm, --set-mm) * Feature: pass source of statistics for port stats * Feature: get/set rx push in ringparams (-g and -G) * Feature: coalesce tx aggregation parameters (-c and -C) * Feature: PSE and PD devices (--show-pse, --set-pse) * Fix: minor fixes of help text (--help) * Fix: fix build on systems with older system headers * Fix: fix netlink support when PLCA is not present (no option) * Fix: fixes for issues found with gcc13 -fanalyzer * Fix: fix return code in rxclass_rule_ins (-N) * Fix: more robust argc/argv handling ==== evolution-data-server ==== Version update (3.48.1 -> 3.48.2) Subpackages: libcamel-1_2-64 libebackend-1_2-11 libebook-1_2-21 libebook-contacts-1_2-4 libecal-2_0-2 libedata-book-1_2-27 libedata-cal-2_0-2 libedataserver-1_2-27 libedataserverui-1_2-4 - Update to version 3.48.2: + Bug Fixed: - Camel: Set proper S/MIME signature verification status. - IMAP: Cannot remove labels added in Thunderbird. - WebDAV: Fails to discover iCloud address book. - Wrong S/MIME certificate selection for encrypted email. ==== ffmpegthumbs ==== Version update (23.04.0 -> 23.04.1) - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - No code change since 23.04.0 ==== filelight ==== Version update (23.04.0 -> 23.04.1) - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - Changes since 23.04.0: * disable qml disk cache (kde#466415) * use the default loading text for polish (kde#468395) ==== firewalld ==== Subpackages: firewalld-bash-completion python3-firewall - Add firewalld-runstatedir.patch: change pid file location from /var/run to /run ==== frameworkintegration ==== Version update (5.105.0 -> 5.106.0) Subpackages: frameworkintegration-plugin libKF5Style5 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== freetype2 ==== - Do not limit ftdump conflict to < version-release, but only to version. Ftdump is built in a second build flavor and as such the release counters are not guaranteed to be in sync. ==== fuse3 ==== Subpackages: libfuse3-3 - update the license tag matching the code (LGPL-2.1-only and GPL-2.0-only) ==== gawk ==== Version update (5.2.1 -> 5.2.2) - enable profiling - Update to gawk 5.2.2 * will now diagnose if a heap file was created with a different setting of -M/--bignum than in the current invocation and exit with a fatal message if so. * no longer "leaks" its free list of NODEs in the heap file, resulting in much more efficient usage of persistent storage * PROCINFO["pma"] exists if the PMA allocator is compiled into gawk. Its value is the PMA version. * The time extension is no longer deprecated. The strptime() function from gawkextlib's timex extension has been added to it. * Better information is passed to input parsers for when they want to decide whether or not to take control of a file. * The various PNG files are now installed for Info and HTML * Bug fixes and developer visible fixes ==== gcc13 ==== Version update (13.0.1+git7231 -> 13.1.1+git7364) Subpackages: cpp13 libgcc_s1 libgfortran5 libgomp1 libobjc4 libstdc++6 libstdc++6-pp libubsan1 - Bump to dd36656ada05731c069ecd5b1878380294fb1f3e, git7364. * Includes the RISC-V atomic changes - Remove riscv-atomic.patch and riscv-pthread.patch now included - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Bump to 910735c5d7ce7607384fc1eec4189e90c8ae5c84, git7256. * Includes GCC 13.1 release and first bugfixes - Update riscv-atomic.patch from the version committed upstream. ==== gdb ==== - disable werror as a workaround for deprecation warnings with python 3.11 (bsc#1211052) - Revert to singlespec multibuild. ==== glib2 ==== Version update (2.76.2 -> 2.76.3) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.76.3: + Bugs fixed: glgo#GNOME/GLib#1264, glgo#GNOME/GLib!3402, glgo#GNOME/GLib!3403, glgo#GNOME/GLib!3427, glgo#GNOME/GLib!3428, glgo#GNOME/GLib!3434. + Updated translations. ==== glibc ==== Subpackages: glibc-extra glibc-locale glibc-locale-base nscd - ulp-prologue-into-asm-functions.patch: Add support for livepatches in ASM written functions (bsc#1210777) ==== glslang ==== Version update (12.1.0 -> 12.2.0) - Update to release 12.2.0 * Support GLSL_EXT_shader_tile_image, GL_EXT_ray_tracing_position_fetch, and custom include callbacks via the C API * Add preamble-text command-line option * Accept variables as parameters of spirv_decorate_id ==== gnome-control-center ==== Version update (44.1 -> 44.2) Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces - Update to version 44.2: + Various small accessibility fixes. + Fixes in Gtk template usage that causes crashes on some systems. + Appearance: Clear dconf when resetting to defaults. + Mouse: Hide entire "Touchpad" row when touchpad cannot be disabled. + Network: Fix racy radio buttons in connection editor. + Users: Remove autologin row tooltip when unlocked. + Updated translations. ==== gnome-session ==== Subpackages: gnome-session-core gnome-session-default-session gnome-session-wayland - Drop pkgconfig(dbus-glib-1) BuildRequires: Only needed when building with consolekit support, and we do not do that anymore. - Replace dbus-1-x11 with explicit /usr/bin/dbus-launch Requires, as that is what is really needed. ==== gnome-software ==== Version update (44.1 -> 44.2) Subpackages: gnome-software-plugin-packagekit - Update to version 44.2: + Fix subsequent checking for updates if the first check after login fails. + Fix checking for updates when automatic updates are disabled. + Fix rare stall when many background jobs are running. + Don’t download rpm-ostree updates when only checking if updates are available. + Fix bug with listing flatpak addons when multiple flathub remotes are enabled. + Fix duplicated sources in app details page when using an appstream URL. + Reduce background resource consumption when idle. + Updated translations. ==== gnutls ==== - FIPS: Fix baselibs.conf to mention libgnutls30-hmac [bsc#1211476] Extend also the checks in gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch - FIPS: Skip the fixed HMAC verification for nettle, hogweed and gmp libraries. These calculated HMACs change for every build of each of these packages, we only have to verify that for gnutls. * Add gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch [bsc#1211476] - FIPS: Merge libgnutls30-hmac package into the library [bsc#1185116] - Disable GNULIB's year2038 also for 32-bit arm - boo#1211394 ==== grantlee5 ==== - Add patch to fix test failures on Leap 15: * 0001-Add-a-call-to-registerComparators-in-testbuiltins.patch ==== grep ==== Version update (3.10 -> 3.11) - update to 3.11: * With -P, patterns like [\d] now work again. Fixing this has caused grep to revert to the behavior of grep 3.8, in that patterns like \w and ^H go back to using ASCII rather than Unicode interpretations. However, future versions of GNU grep and/or PCRE2 are likely to fix this and change the behavior of \w and ^H back to Unicode again, without breaking [\d] as 3.10 did. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - add 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch, 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch: * support more featureful extX filesystems (backport from upstream git) - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) ==== gstreamer ==== Version update (1.22.2 -> 1.22.3) Subpackages: libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.22.3: + Highlighted bugfixes: - avdec: fix occasional video decoder deadlock on seeking with FFmpeg 6.0. - decodebin3: fix regression handling input streams without CAPS or TIME segment such as e.g. udpsrc or `pushfilesrc. - bluez: a2dpsink: fix Bluetooth SIG Certification test failures. - osxvideosink: fix deadlock upon closing output window. - qtdemux: fix edit list handling regression and AV1 codec box parsing. - qtmux: fix extraction of CEA608 closed caption data from S334-1A packets. - rtspsrc: Fix handling of * control path. - splitmux: timestamp handling improvements. - v4l2videodec: Rework dynamic resolution change handling (needed for IMX6 mainline codec). - videoflip: fix regression with automatically rotating video based on tags. - d3d11: many d3d11videosink and d3d11compositor fixes. - webrtc, rtp: numerous data race fixes and stability fixes. - various bug fixes, memory leak fixes, and other stability and reliability improvements. + gstreamer: - tracing: Initialize tracing infrastructure even if the debug system is not compiled in. - parse-launch: fix missing unref of looked-up child element. - gstutils: Add category and object to most logging messages. - Rebase reduce-required-meson.patch. ==== gstreamer-plugins-bad ==== Version update (1.22.2 -> 1.22.3) Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.22.3: + a2dpsink: Fails many tests in Bluetooth SIG Certification. + avdtputil: Use int instead of int range for fixed bitpool values. + ccconverter: - reintroduce frame count reset on cycle completion - integer overflow & crashing + codectimestamper: remove PC file generation from plugin's own meson.build. + cudamemory: Fix for semi planar YUV memory size decision. + d3d11compositor: - Reconfigure resource only when output caps is changed. - Skip zero alpha input. + d3d11convert: Fix for runtime property update. + d3d11memory: Don't clear wrapped texture memory. + d3d11videosink: - Fix for ignored initial render rectangle. - Fix race condition in window unprepare. - Enhancement for initial window size decision. - Don't clear prepared buffer on unlock_stop(). + dashdemux: mpdclient: fix divide by 0 if segment has no duration. + dtlstransport: Keep strong ref of dtls encoder/decoder. + GstPlay: - Avoid getting property of playbin2 if subtitle_sid is null. - Fix critical log when using playbin3. + h264decoder: Drop nonexisting picture silently without error. + dtmf: element classification improvements. + mfvideoenc: Allow only even resolution numbers. + sctpenc: - Fix potential shutdown deadlock. - Fix "srtp-key" check. + tests: disable dtls test if openssl is not present. + tsdemux: Set number of channels to 2 for dual mono Opus. + va: Various fixes for defects found with MSVC. + wasapi2: Allows process loopback capture on Windows 10. + webrtcdatachannel: Bind to parent webrtcbin using a weak reference. + webrtcbin: Fix potential deadlock when closing before any data was sent. + webrtc: - Plug leaks of resolved ICE addresses. - Do not tear down data channel before data is flushed. - Rebase reduce-required-meson.patch. - use additional codecs on ALP ==== gstreamer-plugins-base ==== Version update (1.22.2 -> 1.22.3) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstTag-1_0 - Update to version 1.22.3: + allocators: Fix fdmem unit test with recent GLib versions. + audiotestsrc: Initialize all samples in wave=ticks mode. + decodebin3: - Handle input streams without CAPS or TIME segment such as e.g. udpsrc or pushfilesrc. - Fix regression handling streams without caps. - Fix random hang when remove failing stream. + uridecodebin3: Ensure atomic urisourcebin state change. + glvideoflip: fix leaked caps. + glcontext_wgl: fix missing unref. + playsink: Fix volume leak. - Rebase reduce-required-meson.patch. ==== gstreamer-plugins-good ==== Version update (1.22.2 -> 1.22.3) Subpackages: gstreamer-plugins-good-gtk - Update to version 1.22.3: + adaptivedemux2: fix critical when using an unsupported URI. + dashdemux2: mpdclient: fix divide by 0 if segment has no duration. + imagesequencesrc: Properly set default location. + multifile: error out if no filename was set. + osxvideosink: fix deadlock upon closing output window. + rtpmanager: rtpsession: - Data race leading to critical warnings. - Race conditions leading to critical warnings. + rtspsrc: Fix handling of * control path. + splitmuxsink: Catch invalid DTS to avoid running into problems later. + splitmuxsrc: Make PTS contiguous by preference. + qtdemux: emit no-more-pads after pruning old pads. + Revert "qtdemux: fix conditions for end of segment in reverse playback" to fix edit list regression. + qtdemux: Fix av1C parsing. + qtmux: Fix extraction of CEA608 data from S334-1A packets. + qtwindow: unref caps in destructor. + v4l2: - device provider: Fix GMainLoop leak. - videodec: Rework dynamic resolution change handling. - videodec: Prefer acquired caps over anything downstream. + videoflip: - Fix setting of method property at construction time. - Videoflip 1.22.2 not rotating video when extracting frames. - Rebase reduce-required-meson.patch. ==== gtk3 ==== Version update (3.24.37+70 -> 3.24.38) Subpackages: gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-tigrigna gtk3-immodule-vietnamese gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Update to version 3.24.38: + GtkFileChooser: Avoid warnings with GLib 2.76. + Theme: Set caret color in the dark theme. + Windows: Fix running under GLES. + Wayland: - Notify on initial setting changes. - Don't crash on 0 size cursors. - Don't crash if xdg_activation_v1 is missing. + Debugging: Show more information in the inspector. + Updated translations. ==== gupnp-av ==== Subpackages: libgupnp-av-1_0-3 - Add upstream patch fix: 767388bc.patch: build: Fix Requires: line of pkg-config file. ==== harfbuzz ==== Version update (7.2.0 -> 7.3.0) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - update to version 7.3.0: + Speedup applying glyph variation in VarComposites fonts (over 40% speedup) + Speedup instancing some fonts (over 20% speedup in instancing RobotoFlex) + Speedup shaping some fonts (over 30% speedup in shaping Roboto + Support subsetting VarComposites and beyond-64k fonts + New configuration macro HB_MINIMIZE_MEMORY_USAGE to favor optimizing memory usage over speed + Supporting setting the mapping between old and new glyph indices during subsetting + Various fixes and improvements ==== health-checker ==== Version update (1.7 -> 1.8) Subpackages: health-checker-plugins-MicroOS - Update to version 1.8 * Don't rely on t-u's good states in GRUB With the introduction of the "apply" command in transactional-update the snapshots don't require a reboot any more to be registered as a "good" snapshot. Due to [boo#1048088] the GRUB part of health-checker was using the t-u file as a workaround which cannot be done any more now, so store the last good snapshot path from a health-checker perspective independently now. ==== highway ==== - Update memory limiter from 900 to 1400/process. - Add memory-constraints to build - Add no-forced-inline.diff [boo#1211093] ==== hwdata ==== Version update (0.369 -> 0.370) - update to 0.370: * Update pci, usb and vendor ids ==== icewm ==== Version update (3.3.2 -> 3.3.5) Subpackages: icewm-config-upstream icewm-default icewm-lang - Update to 3.3.5: * Lookup icons in more context directories for issue ice-wm/icewm#132. * An Escape key release event must match the key press event for #726. * Report when icon could not be found for issue ice-wm/icewm#133. * Use "firefox" instead of "mozilla" as Firefox icon for ice-wm/icewm#132. * Rescale workspace buttons when taskbar is rather high. * Temporarily hide the taskbar collapse button when collapsing or expanding. * Compute the ultimate workspace button height, before creating them. * Limit the resource string of an unresponsive client for issue #729. * Check for TaskBarDoubleHeight when computing workspace button height. * Also focus last window when hiding and Click-to-focus for issue #727. * Let icesh exit with zero if the last action was a successful manager action. - Update to 3.3.4: * Fix compile error for yximage.cc. * Deprecate XRRDisable. * Fix corrupted text if built without i18n for issue ice-wm/icewm#131. * When internationalization is disabled, unset LIBICONV. * Improve the quality of drawing gradients for the Imlib2 renderer. * Improve arrow navigation in the system dialog. * Let icesh also pick icewm internal and override redirect windows. * Improve the quality of drawing gradients for the GdkPixbuf renderer. * Cache workspace button backgrounds for faster redrawing. * Guard against workspace button gradient being undefined. * Cache toolbar button gradients to speedup drawing. Eliminate half of the button drawings on startup. * Let icesh report up to 1024 bytes of a property in "prop". * Support icesh "focusmodel" for client windows without a WM_HINTS property. * When managing a new client, postpone sending a Configure event until the final position is known, for issue #720. ==== imlib2 ==== Version update (1.11.0 -> 1.11.1) Subpackages: imlib2-loaders libImlib2-1 - update to 1.11.1: * imlib2: added loader for y4m files (uses liby4m and libyuv) * imlib2: add y4m test examples * Y4M loader: Various minor changes * autofoo: Tweak PACKAGE_DATA_DIR definition * XPM loader: Add rgb.txt * loaders: Fix loaders potentially being loaded more than once * loaders: Change method used to not unload loaders * Add JXL saver * loaders: Cosmetics ==== installation-images-MicroOS ==== Version update (17.86 -> 17.87) - merge gh#openSUSE/installation-images#646 - etc: update module.config to match 6.4 - 17.87 ==== inxi ==== Version update (3.3.23 -> 3.3.27) - Update to version 3.3.27: + /usr/share/doc/packages/inxi/inxi.changelog. ==== iso-codes ==== Version update (4.13.0 -> 4.15.0) Subpackages: iso-codes-lang - update to 4.15.0: + Updated translation for ISO 3166-1, ISO 3166-3, ISO 639-2, ISO 3166-1, ISO 3166-2, ISO 3166-3, ISO 639-2, ISO 639-3, ISO 639-5, ISO 4217, and ISO 15924. + ISO 3166-2: Fix wrong Spanish translation. ==== iso_ent ==== - Modernise spec file ==== kaccounts-integration ==== Version update (23.04.0 -> 23.04.1) Subpackages: libkaccounts2 - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - No code change since 23.04.0 ==== kaccounts-providers ==== Version update (23.04.0 -> 23.04.1) - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - No code change since 23.04.0 ==== kactivities-stats ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kactivities5 ==== Version update (5.105.0 -> 5.106.0) Subpackages: kactivities5-imports libKF5Activities5 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kactivitymanagerd ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== karchive ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * karchiveentry.h: add missing KArchive forward declaration ==== kate ==== Version update (23.04.0 -> 23.04.1) Subpackages: kate-plugins - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - Changes since 23.04.0: * ensure sidebars are properly collapsed (kde#460160) ==== kauth ==== Version update (5.105.0 -> 5.106.0) Subpackages: libKF5Auth5 libKF5Auth5-lang libKF5AuthCore5 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kbookmarks ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kcm_flatpak ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Too many changes to list here ==== kcm_sddm ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * Sync cursor size too (kde#467326) ==== kcmutils ==== Version update (5.105.0 -> 5.106.0) Subpackages: kcmutils-imports libKF5KCMUtils5 libKF5KCMUtilsCore5 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * KCModuleQml: Set and inherit LayoutMirroring on an off-screen window ==== kcodecs ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kcompletion ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kconfig ==== Version update (5.105.0 -> 5.106.0) Subpackages: kconf_update5 libKF5ConfigCore5 libKF5ConfigGui5 libKF5ConfigQml5 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Add workaround to support config name with minus sign ==== kconfigwidgets ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kcoreaddons ==== Version update (5.105.0 -> 5.106.0) Subpackages: libKF5CoreAddons5 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * exportUrlsToPortal: let it work in a non-KDE session (kde#458643) * exportUrlsToPortal: don't export when there are non-sendable non-local files * KDirWatch: Don't append fileName to fileName in Delete event (kde#467095) ==== kcrash ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kdbusaddons ==== Version update (5.105.0 -> 5.106.0) Subpackages: kdbusaddons-tools libKF5DBusAddons5 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kde-cli-tools5 ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * add kinfo (kde#403077) - Add patch to fix kinfo (sigh): * 0001-kinfo-Use-kcmshell5-with-Plasma-5.patch ==== kde-gtk-config5 ==== Version update (5.27.4 -> 5.27.5) Subpackages: kde-gtk-config5-gtk3 - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * kded: add explicit waiting time before setting colors * kded: don't update text scale on kdeglobals change events ==== kde-print-manager ==== Version update (23.04.0 -> 23.04.1) - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - No code change since 23.04.0 ==== kdeclarative ==== Version update (5.105.0 -> 5.106.0) Subpackages: kdeclarative-components libKF5CalendarEvents5 libKF5Declarative5 libKF5QuickAddons5 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Guard nullable property access, and bind instead of assigning once * CalendarEventsPlugin: fix wrong deprecation for signal alternateDateReady ==== kded ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kdegraphics-thumbnailers ==== Version update (23.04.0 -> 23.04.1) - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - No code change since 23.04.0 ==== kdelibs4support ==== Version update (5.105.0 -> 5.106.0) Subpackages: libKF5KDELibs4Support5 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kdenetwork-filesharing ==== Version update (23.04.0 -> 23.04.1) - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - No code change since 23.04.0 ==== kdesu ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kdialog ==== Version update (23.04.0 -> 23.04.1) - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - No code change since 23.04.0 ==== kdnssd-framework ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kdoctools ==== Version update (5.105.0 -> 5.106.0) Subpackages: libKF5DocTools5 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kernel-firmware ==== Version update (20230427 -> 20230517) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20230517 (git commit 08b854f02066): * rtlwifi: Add firmware v6.0 for RTL8192FU * rtlwifi: Update firmware for RTL8188EU to v28.0 * cirrus: Add firmware and tuning files for HP G10 series laptops * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * WHENCE: Cleanup Realtek BT firmware provenance * linux-firmware: update firmware for MT7922 WiFi device * cnm: update chips&media wave521c firmware. * cirrus: Add firmware and tuning files for Lenovo ThinkPad P1 Gen 6 * check_whence: error on directory listed as File * check_whence: error on duplicate file entries * WHENCE: comment out duplicate MediaTek firmware * i915: Add GuC v70.6.6 for MTL * amdgpu: update DCN 3.1.6 DMCUB firmware * rtl_bt: Update RTL8852B BT USB firmware to 0xDBC6_B20F * rtl_bt: Update RTL8761B BT USB firmware to 0xDFC6_D922 * rtl_bt: Update RTL8761B BT UART firmware to 0x9DC6_D922 - Update aliases from 6.4-rc3 ==== kernel-source ==== Version update (6.3.1 -> 6.3.4) - xfs: fix livelock in delayed allocation at ENOSPC (brc#2208553 xfs-issue). - commit 2c66b1f - Linux 6.3.4 (bsc#1012628). - drm/fbdev-generic: prohibit potential out-of-bounds access (bsc#1012628). - drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values (bsc#1012628). - drm/nouveau/disp: More DP_RECEIVER_CAP_SIZE array fixes (bsc#1012628). - drm/mipi-dsi: Set the fwnode for mipi_dsi_device (bsc#1012628). - ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (bsc#1012628). - net: skb_partial_csum_set() fix against transport header magic value (bsc#1012628). - net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (bsc#1012628). - perf/core: Fix perf_sample_data not properly initialized for different swevents in perf_tp_event() (bsc#1012628). - scsi: ufs: core: Fix I/O hang that occurs when BKOPS fails in W-LUN suspend (bsc#1012628). - tick/broadcast: Make broadcast device replacement work correctly (bsc#1012628). - linux/dim: Do nothing if no time delta between samples (bsc#1012628). - net: stmmac: Initialize MAC_ONEUS_TIC_COUNTER register (bsc#1012628). - net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs() (bsc#1012628). - net: phy: bcm7xx: Correct read from expansion register (bsc#1012628). - netfilter: nf_tables: always release netdev hooks from notifier (bsc#1012628). - netfilter: conntrack: fix possible bug_on with enable_hooks=1 (bsc#1012628). - bonding: fix send_peer_notif overflow (bsc#1012628). - netlink: annotate accesses to nlk->cb_running (bsc#1012628). - net: annotate sk->sk_err write from do_recvmmsg() (bsc#1012628). - net: deal with most data-races in sk_wait_event() (bsc#1012628). - net: add vlan_get_protocol_and_depth() helper (bsc#1012628). - tcp: add annotations around sk->sk_shutdown accesses (bsc#1012628). - gve: Remove the code of clearing PBA bit (bsc#1012628). - ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1012628). - net: mscc: ocelot: fix stat counter register values (bsc#1012628). - drm/sched: Check scheduler work queue before calling timeout handling (bsc#1012628). - net: datagram: fix data-races in datagram_poll() (bsc#1012628). - af_unix: Fix a data race of sk->sk_receive_queue->qlen (bsc#1012628). - af_unix: Fix data races around sk->sk_shutdown (bsc#1012628). - drm/i915/guc: Don't capture Gen8 regs on Xe devices (bsc#1012628). - drm/i915: Fix NULL ptr deref by checking new_crtc_state (bsc#1012628). - drm/i915/dp: prevent potential div-by-zero (bsc#1012628). - drm/i915: taint kernel when force probing unsupported devices (bsc#1012628). - fbdev: arcfb: Fix error handling in arcfb_probe() (bsc#1012628). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1012628). - ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled (bsc#1012628). - ext4: allow to find by goal if EXT4_MB_HINT_GOAL_ONLY is set (bsc#1012628). - ext4: allow ext4_get_group_info() to fail (bsc#1012628). - refscale: Move shutdown from wait_event() to wait_event_idle() (bsc#1012628). - selftests: cgroup: Add 'malloc' failures checks in test_memcontrol (bsc#1012628). - rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access (bsc#1012628). - open: return EINVAL for O_DIRECTORY | O_CREAT (bsc#1012628). - fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (bsc#1012628). - drm/displayid: add displayid_get_header() and check bounds better (bsc#1012628). - drm/amd/display: populate subvp cmd info only for the top pipe (bsc#1012628). - drm/amd/display: Correct DML calculation to align HW formula (bsc#1012628). - drm/amd/display: enable DPG when disabling plane for phantom pipe (bsc#1012628). - platform/x86: x86-android-tablets: Add Acer Iconia One 7 B1-750 data (bsc#1012628). - drm/amd/display: Enable HostVM based on rIOMMU active (bsc#1012628). - drm/amd/display: Use DC_LOG_DC in the trasform pixel function (bsc#1012628). - regmap: cache: Return error in cache sync operations for REGCACHE_NONE (bsc#1012628). - remoteproc: imx_dsp_rproc: Add custom memory copy implementation for i.MX DSP Cores (bsc#1012628). - arm64: dts: qcom: msm8996: Add missing DWC3 quirks (bsc#1012628). - accel/habanalabs: postpone mem_mgr IDR destruction to hpriv_release() (bsc#1012628). - drm/amd/display: reallocate DET for dual displays with high ... changelog too long, skipping 2170 lines ... - commit d6c8c20 ==== keylime ==== Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python310-keylime - Add missing jsonschema dependecy ==== kfilemetadata5 ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Test HEIF in Exiv2Extractor * Test JXL in Exiv2Extractor, extend JPEG coverage * Move static private helper out of Exiv2ExtractorTest class * Clean up Exiv2/C++14 warning message * Remove usage of deprecated MP4::ItemListMap in taglib extractor * Disable external extractor/writer test on Windows * Modernize and extend CMake check for Python3 * Extend dignostics for taglib autotests * Make fb2 extractor compilation dependent on KF5Archive ==== kgamma5 ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== kglobalaccel ==== Version update (5.105.0 -> 5.106.0) Subpackages: kglobalaccel5 libKF5GlobalAccel5 libKF5GlobalAccelPrivate5 - Fix systemd_user_preun/postun calls: all systemd_user macros take service names as parameter. - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kguiaddons ==== Version update (5.105.0 -> 5.106.0) Subpackages: libKF5GuiAddons5 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== khelpcenter5 ==== Version update (23.04.0 -> 23.04.1) - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - No code change since 23.04.0 ==== kholidays ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== khotkeys5 ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== khtml ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== ki18n ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kiconthemes ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kidletime ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kimageformats ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Fix wrong alpha conversion (kde#468288) ==== kinfocenter5 ==== Version update (5.27.4 -> 5.27.5) Subpackages: kinfocenter5-lang - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * about-distro: add a dump mode to print to cli (kde#403077) * nics: reset model on update (kde#468026) ==== kinit ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kio ==== Version update (5.105.0 -> 5.106.0) Subpackages: kio-core - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * ApplicationLauncherJob: find mimetype before showing open with dialog * KPropertiesDialog: Don't quote the path unnecessarily (kde#467369) * KEncodingFileDialog: Sort the list of encodings by name * WidgetsAskUserActionHandler: make sure all dialogs are created in the main thread (kde#458709) * WidgetsAskUserActionHandler: create message dialog in the main thread (kde#465454) * file: make sure to cancel reading if the worker was aborted (kde#358231) * autotests: Fix Qt 6.5 compatibility * KFileItemActions: don't add service submenus that don't have active actions * Improve grammar, wording, add a test check * KCoreDirLister: AutoUpdate wasn't incremented when a new lister opened an already listed dir * SlaveInterface: Set button icon for "Continue Loading" * Set ExitType when running applications as transient systemd services ==== kio-extras5 ==== Version update (23.04.0 -> 23.04.1) Subpackages: libkioarchive5 - Add some missing BuildRequires (boo#1211933) - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - No code change since 23.04.0 ==== kirigami2 ==== Version update (5.105.0 -> 5.106.0) Subpackages: libKF5Kirigami2-5 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Fix spacing issue in OverlaySheet * GlobalToolBar: Fix enabled state of the BackButton in RTL mode * CardsGridView: improve columns property codeblock * SelectableLabel: Prevent it from participating in Tab chain * Tutorials: docs/use with docs/getting-started * Update Mainpage.dox KF5 * Fix disabled text color in Material style with dark color scheme * ActionButton: Fix reference to a tooltip attached property * BreadcrumbControl: Fix wrong heading offset in RTL layout direction * Documentation refresh/fixups * Port actionsMenu manual test away from manual header management * ContextDrawer: Remove top padding as well * BreadcrumbControl: Fix errors from wrong indexing * Fix accessibility of back and forward button * toolbarlayout: addAction(): return early if action is empty * Don't use id in background item * private/ActionsMenu: Remove empty unused component * fix dragging from toolbar (kde#467857) * SwipeListItem: Fix for QT_QUICK_CONTROLS_MOBILE (kde#467884) * OverlayDrawer: Fix z value being too high for OverlaySheets (kde#466219) * Added keyboard search icon to SearchField ==== kitemmodels ==== Version update (5.105.0 -> 5.106.0) Subpackages: kitemmodels-imports libKF5ItemModels5 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kitemviews ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kjobwidgets ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kjs ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kmenuedit5 ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== knewstuff ==== Version update (5.105.0 -> 5.106.0) Subpackages: knewstuff-imports libKF5NewStuff5 libKF5NewStuffCore5 libKF5NewStuffWidgets5 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Remove unused dependencies ==== knotifications ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== knotifyconfig ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== konsole ==== Version update (23.04.0 -> 23.04.1) Subpackages: konsole-part konsole-part-lang - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - Changes since 23.04.0: * Invalidate selection reference points on resize (kde#464040) * Fix kglobalaccel integration * Draw selected background for right half of double width char if selected (kde#468465) ==== kpackage ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Deprecate KPackage::Package::name, add default for parameters ==== kparts ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kpeople5 ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kpipewire ==== Version update (5.27.4 -> 5.27.5) Subpackages: kpipewire-imports libKPipeWire5 libKPipeWireDmaBuf5 libKPipeWireRecord5 - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * Item: hide the cursor when we start getting null positions * Item: Make sure we have a texture at all times * Do not process corrupt frames * Record: Do not crash when closing while recording (kde#467593) * Expose the stream size in PipewireSourceItem ==== kpty ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kquickcharts ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== krunner ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Backport new API for RunnerSyntax, deprecated old API * Repair binary compatibility for RunnerSyntax ==== kscreen5 ==== Version update (5.27.4 -> 5.27.5) Subpackages: kscreen5-plasmoid - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * yet more QRect right() fixes (kde#455394) * don't stumble over nullptrs if outputs changed during saving (kde#466960) * kcm: notify changes in kcmfonts when global scale changes ==== kscreenlocker ==== Version update (5.27.4 -> 5.27.5) Subpackages: kscreenlocker-lang libKScreenLocker5 - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * greeter: track various properties persistently (kde#456210) ==== kservice ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Fix querying actions for service of a service action * Parse actions last when creating a service ==== ksshaskpass5 ==== Version update (5.27.4 -> 5.27.5) Subpackages: ksshaskpass5-lang - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== ksystemstats5 ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== ktexteditor ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Fix Save Copy As.. not working anymore (kde#468672) * Fix indenting removes characters if line has tabs at start (kde#468495) * Printer: AlignVCenter line numbers * Dont ignore folding when printing code (kde#417138) * Use m_fontAscent instead of fm.ascent() * Draw caret ourselves (kde#172630) * Fix selection highlight for RTL text with custom line height (kde#464087) * Include range.js when initializing the engine (kde#456701) * Fix RTL text with format incorrectly shaped (kde#438755) * xml-indent: Optimize getCode ==== ktextwidgets ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kunitconversion ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Add "kph" as a unit synonym for Kilometers per Hour ==== kwallet ==== Version update (5.105.0 -> 5.106.0) Subpackages: kwallet-tools kwalletd5 libKF5Wallet5 libkwalletbackend5-5 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kwalletmanager5 ==== Version update (23.04.0 -> 23.04.1) - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - Changes since 23.04.0: * Fix import menu actions status Disable import/export menu items when starting kwalletmanager and wallet is closed (kde#373753) ==== kwayland ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kwayland-integration ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== kwidgetsaddons ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kwin5 ==== Version update (5.27.4 -> 5.27.5) - Add patch to fix pointer constraint region handling (kde#469555): * revert-avoid-pointer-warp.patch - Add patch to fix a rounding error with scaling (kde#459373): * 0001-xcbutils-fix-nativeFloor.patch - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * wayland: Avoid pointer warp if constraint region is invalid (kde#457021) * cmake: Correct gbm version check * kwineffects: Initialize m_reason * screencast: Disable screencasting when a window closes (kde#469055) * screencast: Do not push frames when not in a streaming state * Use non-rotated physical size of an output when required * ci: Pass --repeat until-pass to ctest * platformsupport/scenes/opengl: filter out external formats properly * effects/screenshot: Fix potentially leaking screenshot fds to child processes * backends/drm: fix buffer orientation check for direct scanout * plugins/screencast: Provide absolute timestamps * Don't create Plasma activation feedback if StartupNotify is false * effects/screenshot: Provide screenshot scale information * effects/screenshot: Provide information about captured window or screen * effects/screenshot: Introduce CaptureWorkspace * screencast: Base the frame skippin on max_framerate * screencast: Ensure we respect the negotiated framerate * screencast: Offer the real framerate range we have available * Blacklist Spectacle for all window open/close effects (kde#467890,kde#463105) * backends/drm: set the scaling mode to none (kde#468235) * screencast: Still set the size to 0 for cursor-only frames * screencast: Improve how we communicate that a frame has just cursor info * kcms/rules: fix invalid tooltip visible condition in rule items - Drop patches, now upstream: * 0001-backends-drm-set-the-scaling-mode-to-none.patch ==== kwindowsystem ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== kwrited5 ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== kxmlgui ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Take two: Cherry-pick KMainWindow documentation fixes to KF5 * Take two: Cherry-pick KXmlGuiWindow documentation fixes to KF5 * kcheckaccelerators: Don't blindly cast to QWidget (kde#468576) * Fix Qt 6.5 compatibility ==== layer-shell-qt ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== libKF5ModemManagerQt ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== libKF5NetworkManagerQt ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Add Q_ENUM to VPN Connection enums ==== libX11 ==== Version update (1.8.4 -> 1.8.5) Subpackages: libX11-6 libX11-data libX11-xcb1 - Update to version 1.8.5 * gitlab CI: Add libtool to required packages * configure: raise minimum autoconf requirement to 2.70 * configure: replace deprecated AC_HELP_STRING with AS_HELP_STRING * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * gitlab CI: add workflow rules * nls: delete compose sequences that pointlessly mix upper and lower case * nls: remove four hundred and sixty untypable Greek compose sequences * nls: remove twenty two untypable Greek compose sequences * XSetScreenSaver.man: restore the part that was accidentally snipped * nls: make the Amharic compose sequences use the dead-vowel symbols * nls: sort three sequences alphabetically in their group, like all others * nls: delete six compose sequences that cannot be typed * nls: use a slash instead of a combining solidus in compose sequences * NLS: move long S compositions to respective blocks * NLS: implement the expansion of the six Breton N-graph keysyms * NLS: move dead-caron subscript compositions to the relevant Unicode block * NLS: Remove strange dead_cedilla cedi sign sequences * nls: add compose sequence for capital schwa, and delete a deviant one - Users of the Amharic (am_ET.UTF-8) compose key sequences provided by libX11 will also want to upgrade to xkeyboard-config 2.39 (releasing soon), in order to keep those sequeunces working with this release. ==== libaom ==== Version update (3.6.0 -> 3.6.1) - Update to version 3.6.1: * aomedia:2871: Guard the support of the 7.x and 8.x levels for AV1 under the CONFIG_CWG_C013 config flag, and only output the 7.x and 8.x levels when explicitly requested. * aomedia:3382: Choose sb_size by ppi instead of svc. * aomedia:3384: Fix fullpel search limits. * aomedia:3388: Replace left shift of xq_active by multiplication. * aomedia:3389: Fix MV clamping in av1_mv_pred. * aomedia:3390: set_ld_layer_depth: cap max_layer_depth to MAX_ARF_LAYERS. * aomedia:3418: Fix MV clamping in av1_int_pro_motion_estimation. * aomedia:3429: Move lpf thread data init to lpf_pipeline_mt_init(). * b:266719111: Fix undefined behavior in Arm Neon code. * b:269840681: nonrd_opt: align scan tables. * rtc: Fix is_key_frame setting in variance partition. * Build: Fix build with clang-cl and Visual Studio. ==== libapparmor ==== Version update (3.1.3 -> 3.1.4) - update to AppArmor 3.1.4 - parser: fix mount rules encoding (CVE-2016-1585) - aa-logprof: fix error when choosing named exec with plain profile names - aa-status: fix json output - several fixes for profiles and abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4 for the full upstream changelog ==== libcap ==== Version update (2.68 -> 2.69) - updated to 2.69 - An audit was performed on libcap and friends by https://x41-dsec.de/ (blog) . The audit (final report, 2023-05-10) was sponsored by the the Open Source Technology Improvement Fund, https://ostif.org/ (blog). Five issues were found. Four of them are addressed in this release. Each issue was labeled in the audit results as follows: - LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir (bsc#1211418) - LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger (bsc#1211419) - LCAP-CR-23-100 (SEVERITY) NONE - LCAP-CR-23-101 (SEVERITY) NONE - LCAP-CR-23-102 (SEVERITY) NONE - Man page style improvement from Emanuele Torre ==== libcap-ng ==== - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. ==== libcontainers-common ==== - Introduce new subpackage that adds SLE-specific mounts only on SLE systems (if sles-release) hence avoiding superfluous warnings on non-SLE systems while running podman commands. (bsc#1211124) ==== libdnf ==== Version update (0.70.0 -> 0.70.1) Subpackages: libdnf-repo-config-zypp libdnf2 - update to 0.70.1: * Add repoid to solver errors for RPMs (RhBug:2179413) * Avoid using obsolete RPM API and drop redundant calls * Remove DNF from list of protected packages - avoid bashism ==== libgcrypt ==== - FIPS: Merge the libgcrypt20-hmac package into the library and remove the "module is complete" trigger file .fips [bsc#1185116] * Remove libgcrypt-1.10.0-use-fipscheck.patch ==== libheif ==== Version update (1.16.1 -> 1.16.2) Subpackages: gdk-pixbuf-loader-libheif libheif-rav1e libheif1 - update to 1.16.2: * adds an option to heif-convert to set the PNG compression level * fixes a few build issues with some compilers * fixes the --encoder option in heif-enc * fixes heif_item_get_properties_of_type and heif_item_get_transformation_properties ==== libkdcraw ==== Version update (23.04.0 -> 23.04.1) - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - No code change since 23.04.0 ==== libkdecoration2 ==== Version update (5.27.4 -> 5.27.5) Subpackages: libkdecorations2-5 libkdecorations2-5-lang libkdecorations2private10 - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== libkexiv2 ==== Version update (23.04.0 -> 23.04.1) - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - No code change since 23.04.0 ==== libkscreen2 ==== Version update (5.27.4 -> 5.27.5) Subpackages: libKF5Screen8 libKF5ScreenDpms8 libkscreen2-plugin - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * xrandr: always try to update primary * Cleanup dpms object in destructor * Update edid when plugging a monitor ==== libksysguard5 ==== Version update (5.27.4 -> 5.27.5) Subpackages: ksysguardsystemstats-data libKSysGuardSystemStats1 libksysguard5-imports libksysguard5-plugins - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * Formatter: Don't try to prefix units that we don't have a prefixed version of * Formatter: Format UnitWattHour in formatValue ==== libnettle ==== Version update (3.8.1 -> 3.9) Subpackages: libhogweed6 libnettle8 - update to 3.9 * rewrite of the C and plain x86_64 assembly implementations of GHASH to use precomputed tables in a different way, with tables always accessed in the same sequential manner. This should make Nettle's GHASH implementation side-channel silent on all platforms, but considerably slower on platforms without carry- less mul instructions. E.g., benchmarks of the C implementation on x86_64 showed a slowdown of 3 times. * Fix bug in ecdsa and gostdsa signature verify operation, for the unlikely corner case that point addition really is point duplication. * Fix for chacha on Power7, nettle's assembly used an instruction only available on later processors * Add support for the SM4 block cipher * Add support for the Balloon password hash * Add support for SIV-GCM authenticated encryption mode * Add support for OCB authenticated encryption mode. * New exported functions md5_compress, sha1_compress, sha256_compress, sha512_compress * multiple performance optimizations * Delete all arcfour assembly code. Affects 32-bit x86, 32-bit and 64-bit sparc ==== libostree ==== Subpackages: libostree-1-1 - Make gjs BuildRequires conditional if tests are built and used. ==== libpng16 ==== - do not use NEON instructions [bsc#1211176] ==== libproxy ==== - Only build mono support on openSUSE, not SLE nor SUSE ALP. ==== libproxy-plugins ==== Subpackages: libproxy1-config-gnome3 libproxy1-config-kde libproxy1-networkmanager libproxy1-pacrunner-duktape - Only build mono support on openSUSE, not SLE nor SUSE ALP. ==== libqt5-qtbase ==== Version update (5.15.9+kde151 -> 5.15.9+kde154) Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3 - Update to version 5.15.9+kde154: * Hsts: match header names case insensitively (CVE-2023-32762) * Fix specific overflow in qtextlayout (CVE-2023-32763) * QDnsLookup/Unix: make sure we don't overflow the buffer - Amend patch to fix mouse grabbing as well (bsc#1211024): * big-endian-scroll.patch ==== libqt5-qtdeclarative ==== Version update (5.15.9+kde23 -> 5.15.9+kde25) - Update to version 5.15.9+kde25: * Accessibility: respect value in attached Accessible in controls * Revert "QQuickItem: Fix effective visibility for items without parent" (boo#1210980) ==== libqt5-qtsvg ==== Version update (5.15.9+kde7 -> 5.15.9+kde8) - Update to version 5.15.9+kde8: * QSvgFont: Initialize used member, remove unused (boo#1211298, CVE-2023-32573) ==== libqt5-qtwebengine ==== Version update (5.15.13 -> 5.15.14) - Update to version 5.15.14: * Blacklist TouchInputTest::touchTap for sles 15.4 * Blacklist tst_QWebEnginePage::mouseMovementProperties for SLES-15 * Do not allow universal with debug builds * Enable accessibility by default on Linux * Fix blacklisting of mouseMovementProperties for sles 15.4 * Fix build with GCC 13 * Fix initialization of QWebEngineDownloadItem::totalBytes for Widgets * Fix memory management in QPdfDocument functions * Update Chromium: * Fixes for building with GCC-13 * [Backport] CVE-2023-1215: Type Confusion in CSS * [Backport] CVE-2023-1217: Stack buffer overflow in Crash reporting * [Backport] CVE-2023-1219: Heap buffer overflow in Metrics * [Backport] CVE-2023-1220: Heap buffer overflow in UMA * [Backport] CVE-2023-1222: Heap buffer overflow in Web Audio API * [Backport] CVE-2023-1529: Out of bounds memory access in WebHID * [Backport] CVE-2023-1530: Use after free in PDF * [Backport] CVE-2023-1531: Use after free in ANGLE * [Backport] CVE-2023-1534: Out of bounds read in ANGLE * [Backport] CVE-2023-1810: Heap buffer overflow in Visuals * [Backport] CVE-2023-1811: Use after free in Frames * [Backport] CVE-2023-2033: Type Confusion in V8 * [Backport] CVE-2023-2137: Heap buffer overflow in sqlite * [Backport] CVE-2023-29469 / Security bug 1433328 * [Backport] Security bug 1337747 * [Backport] Security bug 1417585 * [Backport] Security bug 1418734 * [Backport] Security bug 1423360 * [Backport] Security bug 1427388 - Drop patch, merged upstream: * 0001-Fixes-for-building-with-GCC-13.patch ==== librsvg ==== Version update (2.56.0 -> 2.56.1) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Update to version 2.56.1: + The minimum supported Rust version (MSRV) is 1.65. Unfortunately the assert_cmd crate, used in the test suite, bumped its MSRV and is forcing us to do the same. + Shrink the shared library by telling the linker to omit unused code. + Updates to dependencies. ==== libstorage-ng ==== Version update (4.5.101 -> 4.5.115) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.115 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.114 - Translated using Weblate (Indonesian) (bsc#1149754) - 4.5.113 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.112 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.111 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.110 - merge gh#openSUSE/libstorage-ng#933 - provide functions to query category of partition id (bsc#1211107) - added unit tests - 4.5.109 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.108 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.107 - merge gh#openSUSE/libstorage-ng#932 - check for more aliases when looking up udev info - 4.5.106 - merge gh#openSUSE/libstorage-ng#931 - added test programs for nvme list and list-subsys - 4.5.105 - merge gh#openSUSE/libstorage-ng#930 - avoid to handle some fstab entries twice - 4.5.104 - Translated using Weblate (German) (bsc#1149754) - 4.5.103 - merge gh#openSUSE/libstorage-ng#929 - check for aliases when looking up blk devices - check for aliases when looking up udev info - remove now unneeded mockups - speed up probing - 4.5.102 ==== libxcrypt ==== Version update (4.4.33 -> 4.4.34) - Update to 4.4.34 * Optimize some cast operation for performance in lib/alg-yescrypt-platform.c. * Add SHA-2 Maj() optimization proposed by Wei Dai in lib/alg-sha512.c. * Explicitly clean the stack and context state after computation in lib/alg-gost3411-2012-hmac.c, lib/alg-hmac-sha1.c, and lib/alg-sha256.c (issue #168). ==== libxslt ==== Version update (1.1.37 -> 1.1.38) Subpackages: libexslt0 libxslt-tools libxslt1 - Removed patch 0009-Make-generate-id-deterministic.patch as it's already fixed upstream. - Update to version 1.1.38: * Major changes: - About 40 memory errors in code paths handling malloc failures have been fixed. - While these issues shouldn't impact security, this improves robustness under memory pressure. - The result of generate-id() is now deterministic across multiple transformations fixing many issues with reproducible builds. - Most of the test suite has been ported to C. * Bug fixes: - Fix memory errors in code handling malloc failures - imports: Fix import/include cycle check - xsltlocale: Fix xsltNewLocale on macOS - Make xsl:sort thread-safe - Make generate-id() deterministic * Improvements - Stop using xmlStringCurrentChar - attributes.h needs to include xsltInternals.h (David Kilzer) - transform: Avoid null deref on documents without root node - numbers: Fix floating point overflows - date: Fix integer overflow in exsltDateFormatDuration - numbers: Fix harmless integer sign change - date: Add more overflow checks to formatting code (David Kilzer) - date: Fix rounding to make Windows tests pass - date: Rewrite duration and seconds formatting - xsltlocale: Make API platform-independent - Also accept application/xslt+xml media type in stylesheet PIs - warnings: Fix strict prototypes warning - xsltEvalUserParams() and xsltQuoteUserParams() are susceptible to integer overflow when iterating through const char** array (David Kilzer) - xslt: Return NULL stylesheet on attribute set errors - xsltproc: Fix unused variable warning - xslt: Remove declaration for old libxml2 - Fix various compiler warnings - Fix compiler warnings in xsltGenerateIdFunction - Disable Python bindings for debugger - Don't declare disabled functions - Migrate from PyEval_ to PyObject_ ==== libyui ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong ==== libyui-ncurses ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong ==== libyui-ncurses-pkg ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong ==== libyui-qt ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong ==== libyui-qt-graph ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong ==== libyui-qt-pkg ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong ==== libyuv ==== Version update (20220920+f9fda6e -> 20230517+a377993) - Trim redundancies and compact descriptions. - Update to snapshot 20230517+a377993: * ARGBToI420Alpha function to convert ARGB to I420 with Alpha * Enable I{422,444}AlphaToARGBRow_RVV & ARGBAttentuateRow_RVV * Bump version and apply clang format * Enable ARGBToYMatrixRow_RVV/RGBAToYMatrixRow_RVV/RGBToYMatrixRow_RVV * Enable RVV if qemu is detected * Add ARGBToRAWRow_RVV, ARGBToRGB24Row_RVV, RGB24ToARGBRow_RVV * YUY2ToNV12 using YUY2ToY and YUY2ToNVUV * Remove old cipd clobber gclient hook. * Roll chromium_revision 004bde16df..28dca358ed (1051775:1052960) * Roll chromium_revision 7d683aeda8..004bde16df (1050091:1051775) * [code-health] Migrate presubmit to python3 * Enable unlimited data for YUV to RGB * Roll chromium_revision 829c6df33d..7d683aeda8 (945687:1050098th - Add libyuv-tools package - Run test suite in %check - drop Don-t-install-conversion-tool.patch - add Install-missing-yuvconstants-binary.patch - add cmake-minimum-required.patch - drop Link-main-library-against-libjpeg.patch applied upstream - add convert_test-little-endian.patch ==== llvm16 ==== Version update (16.0.2 -> 16.0.4) - Update to version 16.0.4. * This release contains bug-fixes for the LLVM 16.0.0 release. This release is API and ABI compatible with 16.0.0. - Rebase patches: * llvm-do-not-install-static-libraries.patch * llvm-remove-clang-only-flags.patch - Update to version 16.0.3. * This release contains bug-fixes for the LLVM 16.0.0 release. This release is API and ABI compatible with 16.0.0. - Rebase llvm-do-not-install-static-libraries.patch. ==== lsof ==== - Repacked tarball to remove proprietary code in dialects/uw/uw7/sys/fs ==== lua54 ==== Version update (5.4.4 -> 5.4.6) - Library is always liblua5_4-5: due to SOVERSION leading digit being 5 - Final release of 5.4.6. No change in the changelog. - Experimenting with lua 5.4.6-rc1 (release 5.4.5 has been effectively withdrawn). - Update to 5.4.5: - this is a bug-fix release. - Lua 5.4.5 also contains several internal improvements and includes a revised reference manual - Remove upstreamed patches: - luabugs1.patch - luabugs10.patch - luabugs11.patch - luabugs2.patch - luabugs3.patch - luabugs4.patch - luabugs5.patch - luabugs6.patch - luabugs7.patch - luabugs8.patch - luabugs9.patch ==== man-pages ==== Version update (6.02 -> 6.04) - update to 6.04: * Newly documented interfaces in existing pages * proc.5 KPF_PGTABLE (Linux 4.18) * landlock.7 LANDLOCK_ACCESS_FS_REFER (Linux 5.19) * udp.7 UDP_GRO (Linux 5.0) UDP_SEGMENT (Linux 4.18) * Changes to individual pages ==== mdadm ==== - Grow: fix possible memory leak (bsc#1208618) 0060-Grow-fix-possible-memory-leak.patch - Grow: fix can't change bitmap type from none to clustered (bsc#1208618) 0061-Grow-fix-can-t-change-bitmap-type-from-none-to-clustered.patch - Use source code mdadm-4.2.tar.xz from kernel.org version for checksum - mdadm-4.2.tar.xz ==== milou5 ==== Version update (5.27.4 -> 5.27.5) Subpackages: milou5-lang - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== mobipocket ==== Version update (23.04.0 -> 23.04.1) - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - No code change since 23.04.0 ==== mozilla-nss ==== Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs - Move testsuite to %check-section and move env-variables to files for easier chroot-debugging ==== mozjs102 ==== Version update (102.10.0 -> 102.11.0) - Update to version 102.11.0: + Various security fixes. + CVE-2023-32205: Browser prompts could have been obscured by popups + CVE-2023-32206: Crash in RLBox Expat driver + CVE-2023-32207: Potential permissions request bypass via clickjacking + CVE-2023-32211: Content process crash due to invalid wasm code + CVE-2023-32212: Potential spoof due to obscured address bar + CVE-2023-32213: Potential memory corruption in FileReader::DoReadData() + CVE-2023-32214: Potential DoS via exposed protocol handlers + CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 ==== multipath-tools ==== Version update (0.9.4+86+suse.4d8901e -> 0.9.5+68+suse.d1b6a1c) Subpackages: kpartx libmpath0 - Update to version 0.9.5+68+suse.d1b6a1c: Upstream bugfixes: * libmultipath: use directio checker for LIO targets (gh#opensvc/multipath-tools#54) * multipathd.service: remove "Also=multipathd.socket" (gh#opensvc/multipath-tools#65) * libmultipathd: Avoid parsing errors due to unsupported designators ==== mutter ==== Version update (44.1 -> 44.1+2) - Add mutter-do-not-unminimize-windows-with-initial-iconic.patch: mutter used to unminimize windows with initial IconicState, which is a workaround for some old wine games, it breaks apps like xterm starts with -iconic, this patch revert it (bsc#1193190, glgo#GNOME/mutter!3001). - Add mutter-fix-wacom-tablet-crash.patch: Use clutter error trap to fix x11 error of some input device configuration like wacom tablet (bsc#1211413, glgo#GNOME/mutter#2796). - Update to version 44.1+2: + screen-cast/src: Never dequeue pw_buffer's we refuse to record to. + frames: Disable XDND support on the frame window. ==== nautilus ==== Version update (44.1 -> 44.2) Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension4 - Update to version 44.2: + Fix crashes with expandable folders and on Other Locations. + Avoid inconsistent search states. + Prevent lingering tracker cursors. + Fix rubberband range behavior on list view. + Updated translations. - Drop 0e5b4c34.patch and 6e37d15f.patch: Fixed upstream. - Drop mount-archive.desktop. This was a feature based on FATE#308344 and bgo#602147. However, the provided functionality of mounting archives through gvfsd-archive has been broken for a long time due to the Exec line pointing to a non-existent path (/usr/lib/gvfs/gvfsd-archive, rather than /usr/libexec/...). Besides, there is a similar functionality which allow users to see the content of archives, without extracting them, through File Roller that serves as a replacement. - Add upstream bug fix patches: + 0e5b4c34.patch general: Use GtkSwitch active property consistently. app-chooser sets the state instead of active property. Similar to d7af60161d30c885ebab69c58b346896f1565387, we really meant to set active (whether the switch is toggled) and not the state (i.e. the color of the switch). Use gtk_switch_set_active(). In properties we've already fixed this, but there's a lingering call to gtk_switch_get_state(). This is probably fine because state is in sync with active when the default handler is used, but let's get :active, to be consistent and safe. + 6e37d15f.patch window-slot: Manage search props set with action. Manages search property change through "search-visible" action. The action triggers other related functions that if not executed will causes buggy behavior. Fixes https://gitlab.gnome.org/GNOME/nautilus/-/issues/2875 ==== ncurses ==== Version update (6.4.20230429 -> 6.4.20230520) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20230520 + fixes for compiler warnings in MinGW environments. - Add ncurses patch 20230514 + modify test-package "ncurses6-doc" to use manpage-aliases, which in turn required a change to the configure script to factor in the extra-suffix option when deriving alias names. + add mode 1004 to xterm+sm+1006 from xterm #380 -TD - Port and correct offsets of patch ncurses-6.4.dif - Add ncurses patch 20230506 > build-fixes related to configure-options and/or platform: + fix for --enable-fvisibility + fix for unusual values of --with-rel-version + fix for unusual values of --with-abi-version + fix for --disable-tcap-names + fix for termcap in nc_access.h (report by Werner Fink). - Delete patch ncurses-6.4-makeuseof_secure_open.dif as now upstream ==== nghttp2 ==== Version update (1.52.0 -> 1.53.0) - Update to version 1.53.0: * https://nghttp2.org/blog/2023/05/10/nghttp2-v1-53-0/ ==== openSUSE-build-key ==== - Added a new 4096 openSUSE container key - build-container-202304-d684afec-64390cff.asc - build-container-202304-d684afec-64390cff.pem - Removed and obsoleted old 2048 build key of Tumbleweed - gpg-pubkey-3dbdc284-53674dd4.asc ==== openconnect ==== Version update (9.10 -> 9.12) Subpackages: libopenconnect5 openconnect-bash-completion - Update to release 9.12: * Explicitly reject overly long tun device names. * Increase maximum input size from stdin (#579). * Ignore 0.0.0.0 as NBNS address (!446, vpnc-scripts#58). * Fix stray (null) in URL path after Pulse authentication (4023bd95). * Fix config XML parsing mistake that left GlobalProtect ESP non-working in v9.10 (!475). * Fix case sensitivity in GPST header matching (!474). ==== openssl-3 ==== Version update (3.0.8 -> 3.1.1) Subpackages: libopenssl3 - Update to 3.1.1: * Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate (CVE-2023-2650, bsc#1211430) * Multiple algorithm implementation fixes for ARM BE platforms. * Added a -pedantic option to fipsinstall that adjusts the various settings to ensure strict FIPS compliance rather than backwards compatibility. * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can trigger a crash of an application using AES-XTS decryption if the memory just after the buffer being decrypted is not mapped. Thanks to Anton Romanov (Amazon) for discovering the issue. (CVE-2023-1255, bsc#1210714) * Add FIPS provider configuration option to disallow the use of truncated digests with Hash and HMAC DRBGs (q.v. FIPS 140-3 IG D.R.). The option '-no_drbg_truncated_digests' can optionally be supplied to 'openssl fipsinstall'. * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that it does not enable policy checking. Thanks to David Benjamin for discovering this issue. (CVE-2023-0466, bsc#1209873) * Fixed an issue where invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. (CVE-2023-0465, bsc#1209878) * Limited the number of nodes created in a policy tree to mitigate against CVE-2023-0464. The default limit is set to 1000 nodes, which should be sufficient for most installations. If required, the limit can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build time define to a desired maximum number of nodes or zero to allow unlimited growth. (CVE-2023-0464, bsc#1209624) * Update openssl.keyring with key A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C (Tomas Mraz) * Rebased patches: - openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch - openssl-Add_support_for_Windows_CA_certificate_store.patch * Removed patches: - openssl-CVE-2023-0464.patch - openssl-Fix-OBJ_nid2obj-regression.patch - openssl-CVE-2023-0465.patch - openssl-CVE-2023-0466.patch - FIPS: Merge libopenssl3-hmac package into the library [bsc#1185116] - Add support for Windows CA certificate store [bsc#1209430] https://github.com/openssl/openssl/pull/18070 * Add openssl-Add_support_for_Windows_CA_certificate_store.patch - Security Fix: [CVE-2023-0465, bsc#1209878] * Invalid certificate policies in leaf certificates are silently ignored * Add openssl-CVE-2023-0465.patch - Security Fix: [CVE-2023-0466, bsc#1209873] * Certificate policy check not enabled * Add openssl-CVE-2023-0466.patch - Fix regression in the OBJ_nid2obj() function: [bsc#1209430] * Upstream https://github.com/openssl/openssl/issues/20555 * Add openssl-Fix-OBJ_nid2obj-regression.patch - Fix compiler error "initializer element is not constant" on s390 * Add openssl-z16-s390x.patch - Security Fix: [CVE-2023-0464, bsc#1209624] * Excessive Resource Usage Verifying X.509 Policy Constraints * Add openssl-CVE-2023-0464.patch - Pass over with spec-cleaner - Update to 3.1.0: * Add FIPS provider configuration option to enforce the Extended Master Secret (EMS) check during the TLS1_PRF KDF. The option '-ems-check' can optionally be supplied to 'openssl fipsinstall'. * The FIPS provider includes a few non-approved algorithms for backward compatibility purposes and the "fips=yes" property query must be used for all algorithm fetches to ensure FIPS compliance. The algorithms that are included but not approved are Triple DES ECB, Triple DES CBC and EdDSA. * Added support for KMAC in KBKDF. * RNDR and RNDRRS support in provider functions to provide random number generation for Arm CPUs (aarch64). * s_client and s_server apps now explicitly say when the TLS version does not include the renegotiation mechanism. This avoids confusion between that scenario versus when the TLS version includes secure renegotiation but the peer lacks support for it. * AES-GCM enabled with AVX512 vAES and vPCLMULQDQ. * The various OBJ_* functions have been made thread safe. * Parallel dual-prime 1536/2048-bit modular exponentiation for AVX512_IFMA capable processors. * The functions OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio, OPENSSL_LH_node_stats_bio and OPENSSL_LH_node_usage_stats_bio are now marked deprecated from OpenSSL 3.1 onwards and can be disabled by defining OPENSSL_NO_DEPRECATED_3_1. The macro DEFINE_LHASH_OF is now deprecated in favour of the macro DEFINE_LHASH_OF_EX, which omits the corresponding type-specific function definitions for these functions regardless of whether OPENSSL_NO_DEPRECATED_3_1 is defined. Users of DEFINE_LHASH_OF may start receiving deprecation warnings for these functions regardless of whether they are using them. It is recommended that users transition to the new macro, DEFINE_LHASH_OF_EX. * When generating safe-prime DH parameters set the recommended private key length equivalent to minimum key lengths as in RFC 7919. * Change the default salt length for PKCS#1 RSASSA-PSS signatures to the maximum size that is smaller or equal to the digest length to comply with FIPS 186-4 section 5. This is implemented by a new option OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX ("auto-digestmax") for the rsa_pss_saltlen parameter, which is now the default. Signature verification is not affected by this change and continues to work as before. * Update openssl.keyring with key 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 (Matt Caswell) ==== openssl ==== Version update (3.0.8 -> 3.1.1) - Update to 3.1.1 - Update to 3.1.0 ==== openvpn ==== Version update (2.6.3 -> 2.6.4) Subpackages: openvpn-auth-pam-plugin - Update to 2.6.4: * DCO: support kernel-triggered key rotation (avoid IV reuse after 2^32 packets). This is the userland side, accepting a message from kernel, and initiating a TLS renegotiation. As of release, * fix pkcs#11 usage with OpenSSL 3.x and PSS signing (Github #323) * fix compile error on TARGET_ANDROID * fix typo in help text * manpage updates (--topology) * encoding of non-ASCII windows error messages in log + management fixed - Update openvpn.keyring ==== orca ==== Version update (44.0 -> 44.1) - Update to version 44.1: + Web: - Support aria-disabled on application, tab, group, and focusable separator/splitter - Fix bug in identification of inline iframes + General: - Improve performance by checking for duplicate object events - Filter duplicate events when checking for double presses of the orca modifier + Updated translations. ==== oxygen5-sounds ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== pam ==== Version update (1.5.2.90 -> 1.5.3) - Update to final 1.5.3 release: - configure: added --enable-logind option to use logind instead of utmp in pam_issue and pam_timestamp. - pam_modutil_getlogin: changed to use getlogin() from libc instead of parsing utmp. - Added libeconf support to pam_env and pam_shells. - Added vendor directory support to pam_access, pam_env, pam_group, pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, pam_shells, and pam_time. - pam_limits: changed to not fail on missing config files. - pam_pwhistory: added conf= option to specify config file location. - pam_pwhistory: added file= option to specify password history file location. - pam_shells: added shells.d support when libeconf and vendordir are enabled. - Deprecated pam_lastlog: this module is no longer built by default because it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe, even on 64bit architectures. pam_lastlog will be removed in one of the next releases, consider using pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead. - Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() macros provided by _pam_macros.h; the memory override performed by these macros can be optimized out by the compiler and therefore can no longer be relied upon. ==== pam-full-src ==== Version update (1.5.2.90 -> 1.5.3) - Update to final 1.5.3 release: - configure: added --enable-logind option to use logind instead of utmp in pam_issue and pam_timestamp. - pam_modutil_getlogin: changed to use getlogin() from libc instead of parsing utmp. - Added libeconf support to pam_env and pam_shells. - Added vendor directory support to pam_access, pam_env, pam_group, pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, pam_shells, and pam_time. - pam_limits: changed to not fail on missing config files. - pam_pwhistory: added conf= option to specify config file location. - pam_pwhistory: added file= option to specify password history file location. - pam_shells: added shells.d support when libeconf and vendordir are enabled. - Deprecated pam_lastlog: this module is no longer built by default because it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe, even on 64bit architectures. pam_lastlog will be removed in one of the next releases, consider using pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead. - Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() macros provided by _pam_macros.h; the memory override performed by these macros can be optimized out by the compiler and therefore can no longer be relied upon. ==== pam_kwallet ==== Version update (5.27.4 -> 5.27.5) Subpackages: pam_kwallet-common - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-documentation patterns-base-enhanced_base patterns-base-minimal_base patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced - base: Add wtmpdb as Y2038 safe wtmp replacement ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Use wtmpdb as Y2038 safe wtmp replacement ==== pciutils ==== Version update (3.9.0 -> 3.10.0) Subpackages: libpci3 - Update to 3.10.0: - Fixed bug in definition of versioned symbol aliases in shared libpci, which made compiling with link-time optimization fail. - Filters now accept "0x..." syntax for backward compatibility. - Windows: The cfgmgr32 back-end which provides the list of devices can be combined with another back-end which provides access to configuration space. - ECAM (Enhanced Configuration Access Mechanism), which is defined by the PCIe standard, is now supported. It requires root privileges, access to physical memory, and also manual configuration on some systems. - lspci: Tree view now works on multi-domain systems. It now respects filters properly. - Last but not least, pci.ids were updated to the current snapshot of the database. This includes overall cleanup of entries with non-ASCII characters in their names -- such characters are allowed, but only if they convey interesting information (e.g., umlauts in German company names, but not the "registered trade mark" sign). ==== perl-Bootloader ==== Version update (1.0 -> 1.2) - merge gh#openSUSE/perl-bootloader#148 - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - 1.2 - no not install kexec-bootloader - 1.1 - merge gh#openSUSE/perl-bootloader#144 - add default-settings script - add new kexec-bootloader - add --default-settings option (bsc#1211082) ==== perl-IO-Socket-SSL ==== Version update (2.081 -> 2.083) - updated to 2.083 see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes 2.083 2023/05/18 - fix t/protocol_version.t for OpenSSL versions which don't support SECLEVEL (regression from #122) 2.082 2023/05/17 - SSL_version default now TLS 1.2+ since TLS 1.1 and lower deprecated #122 - fix output of alert string when debugging #132 - improve regex for hostname validation #130, #126 - add can_ciphersuites subroutine for feature checking #127 - Utils::CERT_create - die if unexpected arguments are given instead of ignoring these ==== perl-libwww-perl ==== Version update (6.68 -> 6.70) - updated to 6.70 see /usr/share/doc/packages/perl-libwww-perl/Changes 6.70 2023-04-30 13:22:56Z - Add cookie_jar_class attribute to allow different cookie jar modules to be used more easily (GH#91) (Tom Hukins, Julien Fiegehenn) - POD now contains all default attributes (GH#428) (Julien Fiegehenn) 6.69 2023-04-29 13:14:31Z - Timeouts for cached connections now update (GH#73) (Eric Johnson) - The conn_cache() can now be unset (GH#424) (Julien Fiegehenn) - LWP::Protocol now only attempts to load modules once (GH#62) (Burak Gursoy) - Fix a bug in no_proxy that allowed partial matches to a proxy address to disable a proxy (GH#421) (Julien Fiegehenn) ==== permissions ==== Version update (1699_20230424 -> 1699_20230516) Subpackages: chkstat permissions-config - Update to version 20230516: * common permissions: add icingaweb2 setgid directory (bsc#1211314) ==== pipewire ==== Version update (0.3.69 -> 0.3.71) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Have pipewire-spa-plugins-0_2 suggest pipewire-libjack-%{apiver_str}: this package requires libjack.so.0, so we best use our own implementation. - Add patch from upstream to fix JACK buffersize updates: * 0001-jack-update-bufsize-and-samplerate-when-skipping-not.patch - Create a pipewire-jack package that provides jack-daemon (and conflicts with any other) and requires the pipewire-libjack library. Move the ld configuration from pipewire-libjack, so that only pipewire-jack forces PipeWire to be the default JACK. - Update to version 0.3.71: * Highlights - A new zero-latency jackdbus bridge was added. This works similar to what PulseAudio has to offer and creates a sink/source when jackdbus is started. It is however much more efficient and runs the complete PipeWire graph as a synchronous JACK client with no added latency. - Many performance improvements. Activation of remote nodes is more efficient, fewer eventfds are required on the clients, less callback overhead in performence critical paths and an optimized poll function was added. This was mainly driven by the jackdbus module to get the lowest possible overhead when running the graph. - The JACK notify callback implementation was reworked to emulate better what JACK does, improving compatibility with ardour7 and the JACK stress test. - More work on BAP devices. Device latency is now passed on to applications also for multi-device headsets, and channel allocation is handled better. - Many more improvements and bugfixes. * PipeWire - Remove the hardcoded limit on io_areas. This is used to link nodes together and exchange buffers, it was limited to 2048 but now dynamically scales based on requirements. - Rate and quantum changes are now applied correctly in more cases. (#3159) - Updates to client-node to more efficiently process the driver. - The profiler information was improved to be more accurate. It should now work better for remote drivers. - Some potential memory map errors were fixed in the protocol because in some case with large messages, some fds were closed too soon. - pw-filter now implements the pw_filter_set_active() method. - A potential out-of-buffers case was fixed in capture pw-streams where buffers were not moved to the recycle queue when the node suspended. - Nodes are now always woken up with the eventfd. Previously there were some optimiztions in the server to directly call into the node process function but that optimization is not necessary. Without this optimization it is now possible to run nodes in different threads. - pw-stream trigger is now implemented correctly in all cases. - Remote nodes now use one eventfd less because they get triggered with the node eventfd directly. - Monitor ports are now ignored in latency updates. - A potential race when reporting an error to a client was fixed. (#3192) - Fix a bug where always_process nodes would sometimes IDLE. (#3189) - Optimize peer activation. Nodes are now activated more efficiently and independent of the number of links. It also reduces the number of eventfds and memory in remote clients. - A bug in property serialization was fixed. Values with spaces would only serialize the first part of the value. * Modules - Correctly handle the echo-canceler plugin init method fallback. The samplerate was not correctly configured. This is only a regression for people that have external echo-canceler plugins. - RAOP sink now only sets the volume on the remote end when the stream is recording. (#3175) - RAOP discover now tries to deduplicate entries from the same host. - A new zero-latency jackdbus bridge was added. This works similar to what pulseaudio has to offer and creates a sink/source when jackdbus is started. It is however much more efficient and runs the complete PipeWire graph as a synchronous JACK client. - The access module uses a more secure way to check the application executable. - module-combine-stream now has configurable delay and latency for each stream. This can be used to align sinks/sources with different latencies. - A potential crash in module-pulse-tunnel was fixed when shutting down. (#3199) - Module-rt will now clamp the nice value to the min allowed value to avoid errors from rtkit. (#3186) - Fix a bug with the session counters in module-rtp-sap. Also use the right format for L24. Improve the AES67 example config. - Improve some warning and info messages in module-rt. (#3194) - module-rtp-session should now do something when started without arguments. - A potential crash in module-rtp-session was fixed. (#3217) - module-filter-chain has better error reporting when a convolver fails to load. (#3223) * SPA - Move some things around to avoid compiler warnings. (#3171) ... changelog too long, skipping 125 lines ... - reenable ffmpeg plugin by building against ffmpeg-5-mini ==== plasma-branding-MicroOS ==== Version update (20230420 -> 20230519) - Add Ark to default flatpak installation script (boo#1211555) - 20230519 ==== plasma-browser-integration ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== plasma-framework ==== Version update (5.105.0 -> 5.106.0) Subpackages: libKF5Plasma5 plasma-framework-components - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Fix osd- icon IDs (kde#469303) * Label: set horizontalAlignment explicitly * Rename nepomuk icon to search (kde#416072) * Fix build with Qt 6.5 ==== plasma-nm5 ==== Version update (5.27.4 -> 5.27.5) Subpackages: plasma-nm5-openconnect plasma-nm5-openvpn - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * Use nm_conn_wireguard_import to import WireGuard files (kde#420066,kde#468365,kde#452952,kde#423973,kde#427222) * Persist imported VPN connections on disk (kde#468666) ==== plasma5-addons ==== Version update (5.27.4 -> 5.27.5) Subpackages: plasma5-addons-lang - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * applets/colorpicker: disable pick button when compositing is disabled (kde#466230) * ProfilesModel: Adjust to kate using different folder for storing sessions than konsole (kde#466824) * runners/datetime: fix test failure * applets/colorpicker: Use native relative positioning Menu API * applets/colorpicker: Open context menu on Menu key press * applets/colorpicker: Fix copying color via keyboard * applets/colorpicker: Factor out logic from signal handler * applets/colorpicker: Only reset global current index from a real current item * applets/colorpicker: Fix QML/JS code style, add explicit signal arguments ==== plasma5-desktop ==== Version update (5.27.4 -> 5.27.5) Subpackages: plasma5-desktop-emojier - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * [kcm/keys] Fix loading service data * desktoppackage: Fix ScrollBar overlapping configuration category delegates * desktoppackage: Fix visual overlap of items in applet configuration view * landingpage: Port "Most Used Pages" grid to Kirigami.SizeGroup * landingpage: Fix broken binding in "Most Used Pages" grid * landingpage: Set implicit size, so that kcmshell doesn't open too small * kcms/keys: Make adding a script file work even if its path has spaces in the name * kcms/keys: Make Add Command work with percent characters in commands * applets/taskmanager: also check title contains "-" * applets/taskmanager: fix tooltip text with custom window title (kde#462760) * automounter: don't track ignored devices (kde#468410) * applets/taskmanager: don't show Unpin menu item while app is launching (kde#468668) * KCM/mouse: enable compatibility with x11-libinput 1.3 (kde#468217) * Folder View: fix keyboard shortcuts handling (kde#436362) * applets/taskmanager: show Activity icons in relevant context menu items (kde#419225) * emojier: enable asynchronous loading in Instantiator (kde#468328) * CompactApplet: show tabbar for Breeze Twilight (kde#468313) * kcms/landingpage: add accessible name to animation speed slider * kcms/landingpage: use explanation label as accessible description * applets/taskmanager: also match row index before skipping updating bindings * applets/taskmanager: reset `parentTask` after a task was moved * applets/taskmanager: Improve scrolling usability - Drop patches, now upstream: * 0001-KCM-mouse-enable-compatibility-with-x11-libinput-1.3.patch ==== plasma5-disks ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== plasma5-integration ==== Version update (5.27.4 -> 5.27.5) Subpackages: plasma5-integration-plugin plasma5-integration-plugin-lang - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * wayland: Only set decoration palette once for each change (kde#468408) ==== plasma5-openSUSE ==== Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE plasma5-workspace-branding-openSUSE sddm-theme-openSUSE - Update to 5.27.5 ==== plasma5-pa ==== Version update (5.27.4 -> 5.27.5) Subpackages: plasma5-pa-lang - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== plasma5-systemmonitor ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== plasma5-thunderbolt ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== plasma5-workspace ==== Version update (5.27.4.1 -> 5.27.5) Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-libs xembedsniproxy - Require cpp explicitly, xrdb doesn't do it anymore - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Too many changes to list here ==== plymouth ==== Subpackages: libply-splash-core5 libply-splash-graphics5 libply5 plymouth-dracut plymouth-lang plymouth-plugin-label plymouth-plugin-two-step plymouth-scripts plymouth-theme-bgrt plymouth-theme-spinner - Proporly list services as parameters to %service_del_postun_without_restart: new versions mandate the parameters to further down the line eliminate errors. For the time being, the code does not care for the parameters. ==== podman ==== Version update (4.5.0 -> 4.5.1) Subpackages: podman-cni-config - Update to version 4.5.1: * Release v4.5.1 * [CI:DOCS] Final release notes for v4.5.1 * [CI:BUILD] Packit: set propose-downstream action type to pre-sync * Revert "Resolve symlink path for qemu directory if possible" * no need for podman-next rpm test on maint branch * [CI:BUILD] Packit: add jobs for downstream Fedora package builds * libpod: configureNetNS() tear down on errors * libpod: rootlessNetNs.Cleanup() fix error message * network create/update: allow dns servers comma separated * machine: fix default connection URL to use 127.0.0.1 * compat: accept tag in /images/create?fromSrc * compat container create: match duplicate mounts correctly * machine: qemu only remove connection after confirmation * windows: podman save allow the use of stdout * remote: exec inspect update exec session status * podman-remote logs: handle server error correctly * libpod: stop containers with --restart=always * Do not include image annotations when building spec * [v4.5] system tests: fix race in kube-play read-only * api: fix parsing filters * Support systemd optional prefix '-' for devices. * *: migrate image registry to registry.k8s.io * Makefile: include `release-artifacts` target * [CI:BUILD] Packit: Initial Enablement * Bump to v4.5.1-dev ==== policycoreutils ==== Subpackages: policycoreutils-python-utils python3-policycoreutils - Add python-wheel build dependency to build correctly with latest python-pip version. ==== polkit-default-privs ==== Version update (1550+20230307.7f42172 -> 1550+20230517.ab68b2d) - Update to version 1550+20230517.ab68b2d: * rename com.deepin.api to org.deepin.dde (bsc#1211376) ==== polkit-kde-agent-5 ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * force extreme focus protection (kde#312325) ==== poppler ==== Version update (23.04.0 -> 23.05.0) Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools - update to 23.05.0: * Fix crash when filling some forms * Set SigFlags when signing unsigned signature * Add some infrastructure code to support multiple signing backends * Fix potential stack overflow in PostScriptFunction::parseCode * Fix some minor uninitialised memory reads ==== poppler-qt5 ==== Version update (23.04.0 -> 23.05.0) - update to 23.05.0: * Fix crash when filling some forms * Set SigFlags when signing unsigned signature * Add some infrastructure code to support multiple signing backends * Fix potential stack overflow in PostScriptFunction::parseCode * Fix some minor uninitialised memory reads ==== powerdevil5 ==== Version update (5.27.4 -> 5.27.5) Subpackages: powerdevil5-lang - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * Fix for screen backlight not working on Planet Computers Astro Slide PDA * Fix and consolidate discharge rate and remaining time calculation * Remove unused "BatteryState" from backend interface * Fix possible race between DeviceAdded signal and device enumeration * Remove support for UPower < 0.99.0 ==== prison-qt5 ==== Version update (5.105.0 -> 5.106.0) Subpackages: libKF5Prison5 prison-qt5-imports - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Fix PDF417 with binary content not producing any output with ZXing 2.0 ==== purpose ==== Version update (5.105.0 -> 5.106.0) Subpackages: libKF5Purpose5 libKF5PurposeWidgets5 - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Fix build with Qt 6.5 ==== python-PyJWT ==== Version update (2.6.0 -> 2.7.0) - update to version 2.7.0 * Add classifier for Python 3.11 by @eseifert in #818 * Add Algorithm.compute_hash_digest and use it to implement at_hash validation example by @sirosen in #775 * fix: use datetime.datetime.timestamp function to have a milliseconds by @daillouf in #821 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #825 * Custom header configuration in jwk client by @thundercat1 in #823 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #828 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #833 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #835 * Add PyJWT._{de,en}code_payload hooks by @akx in #829 * Add sort_headers parameter to api_jwt.encode by @evroon in #832 * Make mypy configuration stricter and improve typing by @akx in #830 * Bump actions/stale from 6 to 7 by @dependabot in #840 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #838 * Add more types by @Viicos in #843 * Differentiate between two errors by @irdkwmnsb in #809 * Fix _validate_iat validation by @Viicos in #847 * Improve error messages when cryptography isn't installed by @Viicos in #846 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #852 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #855 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #859 * Make Algorithm an abstract base class by @Viicos in #845 * docs: correct mistake in the changelog about verify param by @gbillig in #866 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #868 * Bump actions/stale from 7 to 8 by @dependabot in #872 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #874 * Add a timeout for PyJWKClient requests by @daviddavis in #875 * Add client connection error exception by @daviddavis in #876 * Add complete types to take all allowed keys into account by @Viicos in #873 * [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #878 * Build and upload PyPI package by @jpadilla in #884 * Fix for issue #862 - ignore invalid keys in a jwks. by @timw6n in #863 * Add as_dict option to Algorithm.to_jwk by @fluxth in #881 ==== python-SQLAlchemy ==== Version update (2.0.12 -> 2.0.15) - Switch documentation to be within the main package. - Update to 2.0.15 [#] orm * As more projects are using new-style “2.0” ORM querying, it’s becoming apparent that the conditional nature of “autoflush”, being based on whether or not the given statement refers to ORM entities, is becoming more of a key behavior. Up until now, the “ORM” flag for a statement has been loosely based around whether or not the statement returns rows that correspond to ORM entities or columns; the original purpose of the “ORM” flag was to enable ORM-entity fetching rules which apply post-processing to Core result sets as well as ORM loader strategies to the statement. For statements that don’t build on rows that contain ORM entities, the “ORM” flag was considered to be mostly unnecessary. * It still may be the case that “autoflush” would be better taking effect for all usage of Session.execute() and related methods, even for purely Core SQL constructs. However, this still could impact legacy cases where this is not expected and may be more of a 2.1 thing. For now however, the rules for the “ORM-flag” have been opened up so that a statement that includes ORM entities or attributes anywhere within, including in the WHERE / ORDER BY / GROUP BY clause alone, within scalar subqueries, etc. will enable this flag. This will cause “autoflush” to occur for such statements and also be visible via the ORMExecuteState.is_orm_statement event-level attribute. References: #9805 [#] postgresql * Repaired the base Uuid datatype for the PostgreSQL dialect to make full use of the PG-specific UUID dialect-specific datatype when “native_uuid” is selected, so that PG driver behaviors are included. This issue became apparent due to the insertmanyvalues improvement made as part of #9618, where in a similar manner as that of #9739, the asyncpg driver is very sensitive to datatype casts being present or not, and the PostgreSQL driver-specific native UUID datatype must be invoked when this generic type is used so that these casts take place. References: #9808 - Release 2.0.13 [#] orm * Modified the JoinedLoader implementation to use a simpler approach in one particular area where it previously used a cached structure that would be shared among threads. The rationale is to avoid a potential race condition which is suspected of being the cause of a particular crash that’s been reported multiple times. The cached structure in question is still ultimately “cached” via the compiled SQL cache, so a performance degradation is not anticipated. References: #9777 * Fixed regression where use of update() or delete() within a CTE construct, then used in a select(), would raise a CompileError as a result of ORM related rules for performing ORM-level update/delete statements. References: #9767 * Fixed issue in new ORM Annotated Declarative where using a ForeignKey (or other column-level constraint) inside of mapped_column() which is then copied out to models via pep-593 Annotated would apply duplicates of each constraint to the Column as produced in the target Table, leading to incorrect CREATE TABLE DDL as well as migration directives under Alembic. References: #9766 * Fixed issue where using additional relationship criteria with the joinedload() loader option, where the additional criteria itself contained correlated subqueries that referred to the joined entities and therefore also required “adaption” to aliased entities, would be excluded from this adaption, producing the wrong ON clause for the joinedload. References: #9779 [#] sql * Generalized the MSSQL try_cast() function into the sqlalchemy. import namespace so that it may be implemented by third party dialects as well. Within SQLAlchemy, the try_cast() function remains a SQL Server-only construct that will raise CompileError if used with backends that don’t support it. * try_cast() implements a CAST where un-castable conversions are returned as NULL, instead of raising an error. Theoretically, the construct could be implemented by third party dialects for Google BigQuery, DuckDB, and Snowflake, and possibly others. Pull request courtesy Nick Crews. References: #9752 * Fixed issue in values() construct where an internal compilation error would occur if the construct were used inside of a scalar subquery. References: #9772 [#] postgresql * Fixed apparently very old issue where the ENUM.create_type parameter, when set to its non-default of False, would not be propagated when the Column which it’s a part of were copied, as is common when using ORM Declarative mixins. References: #9773 [#] tests * Fixed test that relied on the sys.getsizeof() function to not run on pypy, where this function appears to have different behavior than it does on cpython. References: #9789 - PEP517 - Add missing runtime requirement - update to 2.0.13: * https://docs.sqlalchemy.org/en/20/changelog/changelog_20.html#change-2.0.13 - drop unnecessary mypy dependency ==== python-Twisted ==== Subpackages: python310-Twisted python310-Twisted-tls - Switch documentation to be within the main package. ==== python-anyio ==== - Add patch fix-failing-tls-tests.patch: * Fix test failures with Python TLS changes. ==== python-attrs ==== Version update (22.2.0 -> 23.1.0) - Update to 23.1.0: [#] Backwards-incompatible Changes * Python 3.6 has been dropped and packaging switched to static package data using Hatch. #993 [#] Deprecations * The support for zope-interface via the attrs.validators.provides validator is now deprecated and will be removed in, or after, April 2024. * The presence of a C-based package in our developement dependencies has caused headaches and we're not under the impression it's used a lot. * Let us know if you're using it and we might publish it as a separate package. #1120 [#] Changes * attrs.filters.exclude() and attrs.filters.include() now support the passing of attribute names as strings. #1068 * attrs.has() and attrs.fields() now handle generic classes correctly. #1079 * Fix frozen exception classes when raised within e.g. contextlib.contextmanager, which mutates their __traceback__ attributes. #1081 * @frozen now works with type checkers that implement PEP-681 (ex. pyright). #1084 * Restored ability to unpickle instances pickled before 22.2.0. [#1085] * attrs.asdict()'s and attrs.astuple()'s type stubs now accept the attrs.AttrsInstance protocol. #1090 * Fix slots class cellvar updating closure in CPython 3.8+ even when __code__ introspection is unavailable. #1092 * attrs.resolve_types() can now pass include_extras to typing.get_type_hints() on Python 3.9+, and does so by default. [#1099] * Added instructions for pull request workflow to CONTRIBUTING.md. [#1105] * Added type parameter to attrs.field() function for use with attrs.make_class(). * Please note that type checkers ignore type metadata passed into make_class(), but it can be useful if you're wrapping attrs. #1107 * It is now possible for attrs.evolve() (and attr.evolve()) to change fields named inst if the instance is passed as a positional argument. * Passing the instance using the inst keyword argument is now deprecated and will be removed in, or after, April 2024. #1117 * attrs.validators.optional() now also accepts a tuple of validators (in addition to lists of validators). #1122 ==== python-blinker ==== Version update (1.5 -> 1.6.2) - Update to 1.6.2: * Type annotations are not evaluated at runtime. typing-extensions is not a runtime dependency. :pr:`94` - 1.6.1: * Ensure that py.typed is present in the distributions (to enable other projects to use blinker's typing). * Require typing-extensions > 4.2 to ensure it includes ParamSpec. :issue:`90` - 1.6: * Add a muted context manager to temporarily turn off a signal. :pr:`84` * Allow int senders (alongside existing string senders). :pr:`83` * Add a send_async method to the Signal to allow signals to send to coroutine receivers. :pr:`76` * Update and modernise the project structure to match that used by the pallets projects. :pr:`77` * Add an intial set of type hints for the project. ==== python-gevent ==== Version update (22.10.1 -> 22.10.2) - handle-python-ssl-changes.patch: refresh to handle ssl.shared_ciphers() behavior change in python 3.11 as well - Add patch handle-python-ssl-changes.patch: * Handle Python 3.10 changes where ssl.shared_ciphers() changes behaviour. - skip one more test from testsuite - update to 22.10.2: * Update to greenlet 2.0. This fixes a deallocation issue that required a change in greenlet's ABI. The design of greenlet 2.0 is intended to prevent future fixes and enhancements from requiring an ABI change, making it easier to update gevent and greenlet independently. - Switch documentation to be within the main package. ==== python-greenlet ==== Version update (1.1.3 -> 2.0.2) - update to 2.0.2: * Fix calling ``greenlet.settrace()`` with the same tracer object that was currently active. * Various compilation and standards conformance fixes. * Python 3.11: Fix a memory leak. See issue 328 and gevent issue 1924. - 2.0.0.post0 (2022-11-03) * Add Programming Language :: Python :: 3.11 to the PyPI classifier metadata. - 2.0.0rc5 (2022-10-31) * Linux: Fix another group of rare crashes that could occur when shutting down an interpeter running multiple threads. See issue 325. - 2.0.0rc4 (2022-10-30) * Linux: Fix a rare crash that could occur when shutting down an interpreter running multiple threads, when some of those threads are in greenlets making calls to functions that release the GIL. - 2.0.0rc1 (2022-10-27) * Deal gracefully with greenlet switches that occur while deferred deallocation of objects is happening using CPython's "trash can" mechanism. Previously, if a large nested container held items that switched greenlets during delayed deallocation, and that second greenlet also invoked the trash can, CPython's internal state could become corrupt. This was visible as an assertion error in debug builds. Now, the relevant internal state is saved and restored during greenlet switches. See also gevent issue 1909. * Rename the C API function PyGreenlet_GET_PARENT to PyGreenlet_GetParent for consistency. The old name remains available as a deprecated alias. - 2.0.0a1 (2022-01-20) * Drop support for very old versions of GCC and MSVC. Compilation now requires a compiler that either supports C++11 or has some other intrinsic way to create thread local variables; for older GCC, clang and SunStudio we use __thread, while for older MSVC we use __declspec(thread). * This version of greenlet is known to compile and pass tests on CPython 3.11.0a4. Earlier or later 3.11 releases may or may not work. See PR 280. Special thanks to Brandt Bucher and the CPython developers. * Fix several leaks that could occur when using greenlets from multiple threads. For example, it is no longer necessary to call getcurrent() before exiting a thread to allow its main greenlet to be cleaned up. See issue 252. * Fix the C API PyGreenlet_Throw to perform the same error checking that the Python API greenlet.throw() does. Previously, it did no error checking. - drop sphinx-6.0.0.patch (upstream) ==== python-httpcore ==== Version update (0.16.3 -> 0.17.0) - update to 0.17.0: * Add DEBUG level logging. (#648) * Respect HTTP/2 max concurrent streams when settings updates are sent by server. (#652) * Increase the allowable HTTP header size to 100kB. (#647) * Add `retries` option to SOCKS proxy classes. (#643) ==== python-numpy ==== - Add patch remove-deprecated-hypothesis-funcs.patch: * Change to a non-deprecated function from hypothesis. ==== python-pip ==== Version update (22.3.1 -> 23.1.2) - Update to 23.1.2 - Upgrade setuptools to 67.7.2 - 23.1.1: - Revert #11487, as it causes issues with virtualenvs created by the Windows Store distribution of Python. (#11987) - Revert pkg_resources (via setuptools) back to 65.6.3 - Update documentation to reflect the new behavior of using the cache of locally built wheels in hash-checking mode. (#11967) - 23.1: - Remove support for the deprecated --install-options. (#11358) - --no-binary does not imply setup.py install anymore. Instead a wheel will be built locally and installed. (#11451) - --no-binary does not disable the cache of locally built wheels anymore. It only means "don't download wheels". (#11453) - Deprecate --build-option and --global-option. Users are invited to switch to --config-settings. (#11859) - Using --config-settings with projects that don't have a pyproject.toml now prints a deprecation warning. In the future the presence of config settings will automatically enable the default build backend for legacy projects and pass the setttings to it. (#11915) - Remove setup.py install fallback when building a wheel failed for projects without pyproject.toml. (#8368) - When the wheel package is not installed, pip now uses the default build backend instead of setup.py install and setup.py develop for project without pyproject.toml. (#8559) - Specify egg-link location in assertion message when it does not match installed location to provide better error message for debugging. (#10476) - Present conflict information during installation after each choice that is rejected (pass -vv to pip install to show it) (#10937) - Display dependency chain on each Collecting/Processing log line. (#11169) - Support a per-requirement --config-settings option in requirements files. (#11325) - The --config-settings/-C option now supports using the same key multiple times. When the same key is specified multiple times, all values are passed to the build backend as a list, as opposed to the previous behavior, where pip would only pass the last value if the same key was used multiple times. (#11681) - Add -C as a short version of the --config-settings option. (#11786) - Reduce the number of resolver rounds, since backjumping makes the resolver more efficient in finding solutions. This also makes pathological cases fail quicker. (#11908) - Warn if --hash is used on a line without requirement in a requirements file. (#11935) - Stop propagating CLI --config-settings to the build dependencies. They already did not propagate to requirements provided in requirement files. To pass the same config settings to several requirements, users should provide the requirements as CLI arguments. (#11941) - Support wheel cache when using --require-hashes. (#5037) - Add --keyring-provider flag. See the Authentication page in the documentation for more info. (#8719) - In the case of virtual environments, configuration files are now also included from the base installation. (#9752) - Fix grammar by changing "A new release of pip available:" to "A new release of pip is available:" in the notice used for indicating that. (#11529) - Normalize paths before checking if installed scripts are on PATH. (#11719) - Correct the way to decide if keyring is available. (#11774) - More consistent resolution backtracking by removing legacy hack related to setuptools resolution (#11837) - Include AUTHORS.txt in pip's wheels. (#11882) - The uninstall and install --force-reinstall commands no longer call normalize_path() repeatedly on the same paths. Instead, these results are cached for the duration of an uninstall operation, resulting in improved performance, particularly on Windows. (#11889) - Fix and improve the parsing of hashes embedded in URL fragments. (#11936) - When package A depends on package B provided as a direct URL dependency including a hash embedded in the link, the - -require-hashes option did not warn when user supplied hashes were missing for package B. (#11938) - Correctly report requested_extras in the installation report when extras are specified for a local directory installation. (#11946) - When installing an archive from a direct URL or local file, populate download_info.info.hashes in the installation report, in addition to the legacy download_info.info.hash key. (#11948) - 23.0.1: - Change the hashes in the installation report to be a mapping. Emit the archive_info.hashes dictionary in direct_url.json. (#11312) - Implement logic to read the EXTERNALLY-MANAGED file as specified in PEP 668. This allows a downstream Python distributor to prevent users from using pip to modify the externally managed environment. (#11381) - Enable the use of keyring found on PATH. This allows keyring installed using pipx to be used by pip. (#11589) - The inspect and installation report formats are now declared stable, and their version has been bumped from 0 to 1. (#11757) - Wheel cache behavior is restored to match previous versions, allowing the cache to find existing entries. (#11527) - Use the "venv" scheme if available to obtain prefixed lib paths. (#11598) - Deprecated a historical ambiguity in how egg fragments in URL-style requirements are formatted and handled. egg fragments ... changelog too long, skipping 9 lines ... cause exceptions in pip install (#11704) ==== python-pycryptodome ==== Version update (3.17.0 -> 3.18.0) - update to 3.18.0: * Added support for DER BOOLEAN encodings. * The library now compiles on Windows ARM64. Thanks to Niyas Sait. * GH#722: ``nonce`` attribute was not correctly set for XChaCha20_Poly1305 ciphers. Thanks to Liam Haber. * GH#728: Workaround for a possible x86 emulator bug in Windows for ARM64. * GH#739: OID encoding for arc 2 didn't accept children larger than 39. Thanks to James. * Correctly check that the scalar matches the point when importing an ECC private key. ==== python-pyzmq ==== Version update (24.0.1 -> 25.0.2) - Update to version 25.0.2 * Bundled subset of tornado's IOLoop (deprecated since pyzmq 17) is removed, so ZMQStream cannot be used without an actual install of tornado. * Remove support for tornado 4. * Added `socket_class` argument to zmq.Context.socket * Support shadowing sockets with socket objects. * In zmq.auth and zmq.eventloop.zmqstream callbacks may now be async. * License files have been renamed to more standard LICENSE.BSD, LICENSE.LESSER to appease some license auto-detect tools. ==== python-redis ==== Version update (4.5.4 -> 4.5.5) - update to 4.5.5: * Add support for CLIENT NO-TOUCH * Add support for CLUSTER MYSHARDID * Add "address_remap" feature to RedisCluster * Add WITHSCORES argument to ZREVRANK command * Improve error output for master discovery * Fix XADD: allow non negative maxlen * Fix create single connection client from url * Optionally disable disconnects in read_response * Fix SLOWLOG GET return value * Fix potential race condition during disconnection * Return response in case of KeyError * Fix incorrect usage of once flag in async Sentinel * Fix memory leak caused by hiredis in asyncio case * Really do not use asyncio's timeout lib before 3.11.2 ==== python-requests ==== Version update (2.28.2 -> 2.30.0) - add sle15_python_module_pythons - Update to 2.30.0: * Added support for urllib3 2.0.  * Defer chunked requests to the urllib3 implementation to improve standardization. * Relax header component requirements to support bytes/str subclasses. ==== python-responses ==== Version update (0.21.0 -> 0.23.1) - Drop patch 636-urllib3-2-compat.patch: * moto needs to stay with urllib3 < 2 due to boto. - Update 636-urllib3-2-compat.patch (from gh#getsentry/responses!636). - Fix missing runtime requirements - Remove runtime requirement of typing stubs - Update to 0.23.1: - Remove `tomli` import. See #630 - Add Python 3.11 support - Fix type annotations of `CallList`. See #593 - `request` object is attached to any custom exception provided as `Response` `body` argument. See #588 - Fixed mocked responses leaking between tests when `assert_all_requests_are_fired` and a request was not fired. - [BETA] Default recorder format was changed to YAML. Added `responses.RequestsMock._parse_response_file` and `responses._recorder.Recorder.dump_to_file` methods that allow users to override default parser to eg toml, json - Update `requests` dependency to the version of 2.22.0 or higher. See #584. - [BETA] Added possibility to record responses to TOML files via `@_recorder.record(file_path="out.toml")` decorator. - [BETA] Added possibility to replay responses (populate registry) from TOML files via `responses._add_from_file(file_path="out.toml")` method. - Fix type for the `mock`'s patcher object. See #556 - Fix type annotation for `CallList` - Add `passthrough` argument to `BaseResponse` object. See #557 - Fix `registries` leak. See #563 - `OriginalResponseShim` is removed. See #585 - Add support for the `loose` version of `json_params_matcher` via named argument `strict_match`. See #551 - Add lists support as JSON objects in `json_params_matcher`. See #559 - Added project links to pypi listing. - `delete`, `get`, `head`, `options`, `patch`, `post`, `put` shortcuts are now implemented using `functools.partialmethod`. - Fix `MaxRetryError` exception. Replace exception by `RetryError` according to `requests` implementation. See [#572]. - Adjust error message when `Retry` is exhausted. See #580. - Remove py_old_re_Pattern.patch, because we don’t care about compatibility with pre-SLE15-SP4 any more. - Add compat-urllib3-2.patch and unbundle-urllib3.patch to make the package compatible with urllib3 >= 2.0 (still not enough gh#getsentry/responses#635). ==== python-rich ==== Version update (13.3.5 -> 13.4.1) - update to 13.4.1: * Fixed typing extensions import in markdown #2979 - update to 13.4.0: * Added support for tables in Markdown #2977 ==== python-rpm ==== - add _multibuild for multiple .spec-files ==== python-setuptools ==== Version update (67.6.1 -> 67.7.2) - Testing must be single-spec as well. - Update to 67.7.2: * #3902: Fixed wrong URLs used in warnings and logs. * #3898: Fixes setuptools.dist:invalid_unless_false when value is false don’t raise error * #3849: Overhaul warning system for better visibility. * #3884: Add a stacklevel parameter to warnings.warn() to provide more information to the user. - Add patch use-tarfile-extraction_filter.patch: * Set an extraction_filter to avoid a warning. - add sle15_python_module_pythons (jsc#PED-68) ==== python-tornado6 ==== Version update (6.2 -> 6.3.2) - New upstream release 6.3.2 - Security improvements - Fixed an open redirect vulnerability in StaticFileHandler under certain configurations. - ``tornado.web`` - `.RequestHandler.set_cookie` once again accepts capitalized keyword arguments for backwards compatibility. This is deprecated and in Tornado 7.0 only lowercase arguments will be accepted. - What's new in Tornado 6.3.0 - The new `.Application` setting ``xsrf_cookie_name`` can now be used to take advantage of the ``__Host`` cookie prefix for improved security. To use it, add ``{"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs": {"secure": True}}`` to your `.Application` settings. Note that this feature currently only works when HTTPS is used. - `.WSGIContainer` now supports running the application in a ``ThreadPoolExecutor`` so the event loop is no longer blocked. - `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2, are no longer deprecated. - WebSockets are now much faster at receiving large messages split into many fragments. - General changes - Python 3.7 is no longer supported; the minimum supported . Python version is 3.8 Python 3.12 is now supported . - To avoid spurious deprecation warnings, users of Python 3.10 should upgrade to at least version 3.10.9, and users of Python 3.11 should upgrade to at least version 3.11.1. - Tornado submodules are now imported automatically on demand. This means it is now possible to use a single ``import tornado`` statement and refer to objects in submodules such as `tornado.web.RequestHandler`. - Deprecation notices - In Tornado 7.0, `tornado.testing.ExpectLog` will match ``WARNING`` and above regardless of the current logging configuration, unless the ``level`` argument is used. - `.RequestHandler.get_secure_cookie` is now a deprecated alias for `.RequestHandler.get_signed_cookie`. `.RequestHandler.set_secure_cookie` is now a deprecated alias for `.RequestHandler.set_signed_cookie`. - `.RequestHandler.clear_all_cookies` is deprecated. No direct replacement is provided; `.RequestHandler.clear_cookie` should be used on individual cookies. - Calling the `.IOLoop` constructor without a ``make_current`` argument, which was deprecated in Tornado 6.2, is no longer deprecated. - `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2, are no longer deprecated. - `.AsyncTestCase.get_new_ioloop` is deprecated. - ``tornado.auth`` - New method `.GoogleOAuth2Mixin.get_google_oauth_settings` can now be overridden to get credentials from a source other than the `.Application` settings. - ``tornado.gen`` - `contextvars` now work properly when a ``@gen.coroutine`` calls a native coroutine. - ``tornado.options`` - `~.OptionParser.parse_config_file` now recognizes single comma-separated strings (in addition to lists of strings) for options with ``multiple=True``. - ``tornado.web`` - New `.Application` setting ``xsrf_cookie_name`` can be used to change the name of the XSRF cookie. This is most useful to take advantage of the ``__Host-`` cookie prefix. - `.RequestHandler.get_secure_cookie` and `.RequestHandler.set_secure_cookie` (and related methods and attributes) have been renamed to `~.RequestHandler.get_signed_cookie` and `~.RequestHandler.set_signed_cookie`. This makes it more explicit what kind of security is provided, and avoids confusion with the ``Secure`` cookie attribute and ``__Secure-`` cookie prefix. The old names remain supported as deprecated aliases. - `.RequestHandler.clear_cookie` now accepts all keyword arguments accepted by `~.RequestHandler.set_cookie`. In some cases clearing a cookie requires certain arguments to be passed the same way in which it was set. - `.RequestHandler.clear_all_cookies` now accepts additional keyword arguments for the same reason as ``clear_cookie``. However, since the requirements for additional arguments mean that it cannot reliably clear all cookies, this method is now deprecated. - ``tornado.websocket`` - It is now much faster (no longer quadratic) to receive large messages that have been split into many fragments. - `.websocket_connect` now accepts a ``resolver`` parameter. - ``tornado.wsgi`` - `.WSGIContainer` now accepts an ``executor`` parameter which can be used to run the WSGI application on a thread pool. - What's new in Tornado 6.2.0 - Deprecation notice - Python 3.10 has begun the process of significant changes to the APIs for managing the event loop. Calls to methods such as `asyncio.get_event_loop` may now raise `DeprecationWarning` if no event loop is running. This has significant impact on the patterns for initializing ... changelog too long, skipping 101 lines ... - Remove upstreamed ignore-py310-deprecation-warnings.patch ==== python-urllib3 ==== Version update (1.26.15 -> 2.0.2) - update to 2.0.2: * Fixed ``HTTPResponse.stream()`` to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. - Update to 2.0.1: * Fixed a socket leak when fingerprint or hostname verifications fail. * Fixed an error when HTTPResponse.read(0) was the first read call or when the internal response body buffer was otherwise empty. * Removed support for Python 2.7, 3.5, and 3.6. * Removed fallback on certificate commonName in match_hostname() function. * Removed support for Python with an ssl module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. * Removed support for OpenSSL versions earlier than 1.1.1. * Removed urllib3.contrib.appengine.AppEngineManager and support for Google App Engine Standard Environment. * Changed ssl_version to instead set the corresponding SSLContext.minimum_version and SSLContext.maximum_version values. * Changed default SSLContext.minimum_version to be TLSVersion.TLSv1_2 in line with Python 3.10. * Changed urllib3.util.create_urllib3_context to not override the system cipher suites with a default value. * Changed multipart/form-data header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. * Changed HTTPConnection.request() to always use lowercase chunk boundaries when sending requests with Transfer-Encoding: chunked. * Changed enforce_content_length default to True, preventing silent data loss when reading streamed responses. * Changed all parameters in the HTTPConnection and HTTPSConnection constructors to be keyword-only except host and port. * Changed HTTPConnection.getresponse() to set the socket timeout from HTTPConnection.timeout value before reading data from the socket. * Changed name of Retry.BACK0FF_MAX to be Retry.DEFAULT_BACKOFF_MAX. * Changed TLS handshakes to use SSLContext.check_hostname when possible. * Changed the default blocksize to 16KB to match OpenSSL's default read amounts. * Changed HTTPResponse.read() to raise an error when calling with decode_content=False after using decode_content=True to prevent data loss. * Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress. * Fixed the default value of HTTPSConnection.socket_options to match HTTPConnection. * Fixed a socket leak if HTTPConnection.connect() fails. - Drop patch remove_mock.patch, included upstream. - Fiddle with {Build,}Requires as appropiate, six finally dropped. ==== python-zope.event ==== - Switch documentation to be within the main package. ==== python310 ==== Version update (3.10.10 -> 3.10.11) Subpackages: python310-curses python310-dbm - Why in the world we download from HTTP? - Add CVE-2007-4559-filter-tarfile_extractall.patch to fix CVE-2007-4559 (bsc#1203750) by adding the filter for tarfile.extractall (PEP 706). - Update to 3.10.11: - Core and Builtins - gh-102416: Do not memoize incorrectly automatically generated loop rules in the parser. Patch by Pablo Galindo. - gh-102356: Fix a bug that caused a crash when deallocating deeply nested filter objects. Patch by Marta Gómez Macías. - gh-102397: Fix segfault from race condition in signal handling during garbage collection. Patch by Kumar Aditya. - gh-102126: Fix deadlock at shutdown when clearing thread states if any finalizer tries to acquire the runtime head lock. Patch by Kumar Aditya. - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal module. Patch by Max Bachmann. - gh-101967: Fix possible segfault in positional_only_passed_as_keyword function, when new list created. - gh-101765: Fix SystemError / segmentation fault in iter __reduce__ when internal access of builtins.__dict__ keys mutates the iter object. - Library - gh-102947: Improve traceback when dataclasses.fields() is called on a non-dataclass. Patch by Alex Waygood - gh-101979: Fix a bug where parentheses in the metavar argument to argparse.ArgumentParser.add_argument() were dropped. Patch by Yeojin Kim. - gh-102179: Fix os.dup2() error message for negative fds. - gh-101961: For the binary mode, fileinput.hookcompressed() doesn’t set the encoding value even if the value is None. Patch by Gihwan Kim. - gh-101936: The default value of fp becomes io.BytesIO if HTTPError is initialized without a designated fp parameter. Patch by Long Vo. - gh-101566: In zipfile, apply fix for extractall on the underlying zipfile after being wrapped in Path. - gh-101997: Upgrade pip wheel bundled with ensurepip (pip 23.0.1) - gh-101892: Callable iterators no longer raise SystemError when the callable object exhausts the iterator but forgets to either return a sentinel value or raise StopIteration. - gh-97786: Fix potential undefined behaviour in corner cases of floating-point-to-time conversions. - gh-101517: Fixed bug where bdb looks up the source line with linecache with a lineno=None, which causes it to fail with an unhandled exception. - gh-101673: Fix a pdb bug where ll clears the changes to local variables. - gh-96931: Fix incorrect results from ssl.SSLSocket.shared_ciphers() - gh-88233: Correctly preserve “extra” fields in zipfile regardless of their ordering relative to a zip64 “extra.” - gh-95495: When built against OpenSSL 3.0, the ssl module had a bug where it reported unauthenticated EOFs (i.e. without close_notify) as a clean TLS-level EOF. It now raises SSLEOFError, matching the behavior in previous versions of OpenSSL. The options attribute on SSLContext also no longer includes OP_IGNORE_UNEXPECTED_EOF by default. This option may be set to specify the previous OpenSSL 3.0 behavior. - gh-94440: Fix a concurrent.futures.process bug where ProcessPoolExecutor shutdown could hang after a future has been quickly submitted and canceled. - Documentation - gh-103112: Add docstring to http.client.HTTPResponse.read() to fix pydoc output. - gh-85417: Update cmath documentation to clarify behaviour on branch cuts. - gh-97725: Fix asyncio.Task.print_stack() description for file=None. Patch by Oleg Iarygin. - Tests - gh-102980: Improve test coverage on pdb. - gh-102537: Adjust the error handling strategy in test_zoneinfo.TzPathTest.python_tzpath_context. Patch by Paul Ganssle. - gh-101377: Improved test_locale_calendar_formatweekday of calendar. - Build - gh-102711: Fix -Wstrict-prototypes compiler warnings. - Removed upstreamed: - invalid-json.patch ==== python310-core ==== Version update (3.10.10 -> 3.10.11) Subpackages: libpython3_10-1_0 python310-base - Why in the world we download from HTTP? - Add CVE-2007-4559-filter-tarfile_extractall.patch to fix CVE-2007-4559 (bsc#1203750) by adding the filter for tarfile.extractall (PEP 706). - Update to 3.10.11: - Core and Builtins - gh-102416: Do not memoize incorrectly automatically generated loop rules in the parser. Patch by Pablo Galindo. - gh-102356: Fix a bug that caused a crash when deallocating deeply nested filter objects. Patch by Marta Gómez Macías. - gh-102397: Fix segfault from race condition in signal handling during garbage collection. Patch by Kumar Aditya. - gh-102126: Fix deadlock at shutdown when clearing thread states if any finalizer tries to acquire the runtime head lock. Patch by Kumar Aditya. - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal module. Patch by Max Bachmann. - gh-101967: Fix possible segfault in positional_only_passed_as_keyword function, when new list created. - gh-101765: Fix SystemError / segmentation fault in iter __reduce__ when internal access of builtins.__dict__ keys mutates the iter object. - Library - gh-102947: Improve traceback when dataclasses.fields() is called on a non-dataclass. Patch by Alex Waygood - gh-101979: Fix a bug where parentheses in the metavar argument to argparse.ArgumentParser.add_argument() were dropped. Patch by Yeojin Kim. - gh-102179: Fix os.dup2() error message for negative fds. - gh-101961: For the binary mode, fileinput.hookcompressed() doesn’t set the encoding value even if the value is None. Patch by Gihwan Kim. - gh-101936: The default value of fp becomes io.BytesIO if HTTPError is initialized without a designated fp parameter. Patch by Long Vo. - gh-101566: In zipfile, apply fix for extractall on the underlying zipfile after being wrapped in Path. - gh-101997: Upgrade pip wheel bundled with ensurepip (pip 23.0.1) - gh-101892: Callable iterators no longer raise SystemError when the callable object exhausts the iterator but forgets to either return a sentinel value or raise StopIteration. - gh-97786: Fix potential undefined behaviour in corner cases of floating-point-to-time conversions. - gh-101517: Fixed bug where bdb looks up the source line with linecache with a lineno=None, which causes it to fail with an unhandled exception. - gh-101673: Fix a pdb bug where ll clears the changes to local variables. - gh-96931: Fix incorrect results from ssl.SSLSocket.shared_ciphers() - gh-88233: Correctly preserve “extra” fields in zipfile regardless of their ordering relative to a zip64 “extra.” - gh-95495: When built against OpenSSL 3.0, the ssl module had a bug where it reported unauthenticated EOFs (i.e. without close_notify) as a clean TLS-level EOF. It now raises SSLEOFError, matching the behavior in previous versions of OpenSSL. The options attribute on SSLContext also no longer includes OP_IGNORE_UNEXPECTED_EOF by default. This option may be set to specify the previous OpenSSL 3.0 behavior. - gh-94440: Fix a concurrent.futures.process bug where ProcessPoolExecutor shutdown could hang after a future has been quickly submitted and canceled. - Documentation - gh-103112: Add docstring to http.client.HTTPResponse.read() to fix pydoc output. - gh-85417: Update cmath documentation to clarify behaviour on branch cuts. - gh-97725: Fix asyncio.Task.print_stack() description for file=None. Patch by Oleg Iarygin. - Tests - gh-102980: Improve test coverage on pdb. - gh-102537: Adjust the error handling strategy in test_zoneinfo.TzPathTest.python_tzpath_context. Patch by Paul Ganssle. - gh-101377: Improved test_locale_calendar_formatweekday of calendar. - Build - gh-102711: Fix -Wstrict-prototypes compiler warnings. - Removed upstreamed: - invalid-json.patch ==== qemu ==== Version update (7.1.0 -> 8.0.2) - Update to version 8.0.2: * Stability, security and bug fixes - Patch added: * [openSUSE][RPM] Update to version 8.0.2 - Patch added: [openSUSE][RPM] Fix deps for virtiofsd and improve spec files - Update the _constraints file: * the qemu-testsuite package does not exist any longer, but some of the tests are done in the qemu package (so "transfer" some of the constraints to that one) - some of the builds are failing with OOM, happening while the RPM is actually put together, at the end of the process. Try to give them more RAM - Patch added: [openSUSE][RPM] spec: require virtiofsd, now that it is a sep package (#27) - Update to version 8.0.0 (https://wiki.qemu.org/ChangeLog/8.0) * Removed features: https://qemu-project.gitlab.io/qemu/about/removed-features.html * Deprecated features: https://qemu-project.gitlab.io/qemu/about/deprecated.html * Some notable changes: - ARM: - New emulated CPU types: - Cortex-A55 CPU - Cortex-R52 CPU - x86 - Add support for Xen guests under KVM with Linux v5.12+ - New CPU model "SapphireRapids" - VFIO - Experimental migration support has been updated to the v2 VFIO migration protocol - virtio - virtio-mem now fully supports combining preallocation with migration - vDPA - Support live migration of vhost-vdpa net devices without CVQ, with no need of x-svq - virtiofs - The old C virtiofsd has been removed, use the new Rust implementation instead. * Patches added: [openSUSE][RPM] Try to avoid recommending too many packages (bsc#1205680) [openSUSE][RPM] Move documentation to a subpackage and fix qemu-headless (bsc#1209629) roms: add back edk2-basetools target async: Suppress GCC13 false positive in aio_bh_poll() [openSUSE][OBS] Limit the workflow runs to the factory branch (#25) [openSUSE][RPM] Spec file adjustments for 8.0.0 - (Radical!) Change of packaging workflow. Now pretty much everything happens via git, and interacting with https://github.com/openSUSE/qemu.git. See README.PACKAGING for details * Patches added: linux-user: Add pidfd_open(), pidfd_send_signal() and pidfd_getfd() syscalls linux-user: fill out task state in /proc/self/stat linux-user: Emulate CLONE_PIDFD flag in clone() * Patches transformed in git commits: Disable-some-tests-that-have-problems-in.patch Make-char-muxer-more-robust-wrt-small-FI.patch Make-installed-scripts-explicitly-python.patch Makefile-fix-build-with-binutils-2.38.patch PPC-KVM-Disable-mmu-notifier-check.patch Raise-soft-address-space-limit-to-hard-l.patch Revert-linux-user-fix-compat-with-glibc-.patch Revert-roms-efirom-tests-uefi-test-tools.patch Revert-tests-qtest-enable-more-vhost-use.patch Update-linux-headers-to-v6.0-rc4.patch accel-abort-if-we-fail-to-load-the-accel.patch acpi-cpuhp-fix-guest-visible-maximum-acc.patch ath5k-Add-missing-AR5K_EEPROM_READ-in-at.patch bios-tables-test-add-test-for-number-of-.patch bios-tables-test-teach-test-to-use-smbio.patch block-Handle-curl-7.55.0-7.85.0-version-.patch block-io_uring-revert-Use-io_uring_regis.patch configure-Add-Wno-gnu-variable-sized-typ.patch dmg-warn-when-opening-dmg-images-contain.patch dump-Add-architecture-section-and-sectio.patch dump-Refactor-dump_iterate-and-introduce.patch dump-Reintroduce-memory_offset-and-secti.patch dump-Rename-write_elf-_phdr_note-to-prep.patch dump-Rename-write_elf_loads-to-write_elf.patch dump-Reorder-struct-DumpState.patch dump-Replace-opaque-DumpState-pointer-wi.patch dump-Rework-dump_calculate_size-function.patch dump-Rework-filter-area-variables.patch dump-Rework-get_start_block.patch dump-Split-elf-header-functions-into-pre.patch dump-Use-a-buffer-for-ELF-section-data-a.patch dump-Write-ELF-section-headers-right-aft.patch hw-acpi-erst.c-Fix-memory-handling-issue.patch hw-display-qxl-Avoid-buffer-overrun-in-q.patch hw-display-qxl-Document-qxl_phys2virt.patch hw-display-qxl-Have-qxl_log_command-Retu.patch hw-display-qxl-Pass-requested-buffer-siz.patch hw-pvrdma-Protect-against-buggy-or-malic.patch hw-scsi-megasas-check-for-NULL-frame-in-.patch hw-smbios-add-core_count2-to-smbios-tabl.patch hw-smbios-handle-both-file-formats-regar.patch hw-smbios-support-for-type-8-port-connec.patch include-elf.h-add-s390x-note-types.patch increase-x86_64-physical-bits-to-42.patch linux-user-Fake-proc-cpuinfo.patch linux-user-lseek-explicitly-cast-non-set.patch linux-user-remove-conditionals-for-many-.patch linux-user-use-max-as-default-CPU-model-.patch linux-user-use-target_ulong.patch meson-install-ivshmem-client-and-ivshmem.patch ... changelog too long, skipping 47 lines ... xen_disk-Add-suse-specific-flush-disable.patch ==== qqc2-desktop-style ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Don't attempt to sync colors when application is shutting down ==== raspberrypi-firmware-dt ==== - Enable 3.5mm jack socket stereo audio (bsc#1209314): * 0001-ARM-dts-bcm2711-rpi-Reuse-bcm2836-vchiq-driver.patch ==== redis ==== - refresh redis-hashes from upstream source ==== rpm ==== Subpackages: librpmbuild9 - add _multibuild for multiple .spec-files ==== ruby-common ==== Version update (3.2 -> 3.2.1) - bump the version so we can require the new version to make it easier to depend on the new functionality - Support runtime dependencies for the generated subpackages: syntax: Requires: rubygem(gemname) Recommends: rubygem(gemname:x) >= x.y This will be transformed into Requires: rubygem(ruby::gemname) Recommends: rubygem(ruby::gemname:x) >= x.y That way we ensure that every package only requires rubygems for the current ruby version. ==== rubygem-gem2rpm ==== - add BuildRequires: ruby-common >= 3.2 This version is required to rebuild the package. The older ruby-common is no longer sufficient. ==== rubygem-ruby-dbus ==== Version update (0.21.0 -> 0.22.1) - 0.22.1 Bug fixes: * Fix OBS building by disabling IPv6 tests, gh#mvidner/ruby-dbus#134. - 0.22.0 Features: * Enable using nokogiri without rexml (by Dominik Andreas Schorpp, gh#mvidner/ruby-dbus#132) Bug fixes: * Respect DBUS_SYSTEM_BUS_ADDRESS environment variable. Other: * For NameRequestError, mention who is the other owner. * Session bus autolaunch still does not work, but: don't try launchd except on macOS, and improve the error message. * examples/gdbus split off to its own repository ==== setxkbmap ==== Version update (1.3.3 -> 1.3.4) - Update to version 1.3.4 * gitlab CI: stop requiring Signed-off-by in commits * Be more careful about querying randr * Fix "Xwayland" spelling * Check for the XWAYLAND extension * Route the Xwayland warning through stderr ==== shaderc ==== Version update (2023.2 -> 2023.4) - Update to release 2023.4 * Add option to preserve bindings * Add options to control mesh shading limits ==== shim ==== - Update shim-install to amend full disk encryption support b540061e041b Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector f2e8143ce831 Use the long name to specify the grub2 key protector 72830120e5ea cryptodisk: support TPM authorized policies 49e7a0d307f3 Do not use tpm_record_pcrs unless the command is in command.lst ==== signon-kwallet-extension ==== Version update (23.04.0 -> 23.04.1) - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - No code change since 23.04.0 ==== solid ==== Version update (5.105.0 -> 5.106.0) Subpackages: libKF5Solid5 solid-imports solid-tools - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Implement solid-hardware monitor mode for property changes * Connect UPowerDevice propertyChanged signal to frontend * Avoid cache bypass of `UPowerDevice::allProperties` * Use values from PropertiesChanged instead of invalidating whole cache ==== sonnet ==== Version update (5.105.0 -> 5.106.0) Subpackages: libKF5SonnetCore5 libKF5SonnetUi5 sonnet-imports - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== spectacle ==== Version update (23.04.0 -> 23.04.1) - Fix systemd_user_post/preun/postun calls: all systemd_user macros take service names as parameter. - Update to 23.04.1 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/23.04.1/ - Changes since 23.04.0: * Increase default stroke size for rectanlge and ellipse annotations * Undo making it possible to uncheck font * Multiply annotation shadow opacity by stroke or fill opacity (kde#464170) * Use transparent default fill color for rectangle and ellipse annotations * Allow making annotation colors fully transparent via checkboxes (kde#468077) * return early if action is null in Utils::shapeShadow() * Hide redundant header on Wayland (kde#468818) * Add pragma once to ScreenShotEffect.h * Add pragma once to PlasmaVersion.h * PlasmaVersion: clean up header file * Warn when screenshot effect isn't available on wayland, exit if no GUI * Fix segfaults from xcb function calls not getting replies fast enough * Fix warning about plasmashell service without plasmashell * Enable autoRepeat for Undo/Redo buttons * Only add 200ms delay if Plasma version is less than 5.27.4 * Fix quitting Spectacle with Escape affecting windows below it (kde#428478) ==== sqlite3 ==== Version update (3.41.2 -> 3.42.0) Subpackages: libsqlite3-0 sqlite3-tcl - Update to 3.42.0: * Add the FTS5 secure-delete command. This option causes all forensic traces to be removed from the FTS5 inverted index when content is deleted. * Enhance the JSON SQL functions to support JSON5 extensions. * The SQLITE_CONFIG_LOG and SQLITE_CONFIG_PCACHE_HDRSZ calls to sqlite3_config() are now allowed to occur after sqlite3_initialize(). * New sqlite3_db_config() options: SQLITE_DBCONFIG_STMT_SCANSTATUS and SQLITE_DBCONFIG_REVERSE_SCANORDER. * Query planner improvements. * Add the --unsafe-testing command-line option. * Allow commands ".log on" and ".log off", even in --safe mode. * "--" as a command-line argument means all subsequent arguments that start with "-" are interpreted as normal non-option argument. * Magic parameters ":inf" and ":nan" bind to floating point literals Infinity and NaN, respectively. * Add the ability for application-defined SQL functions to have the same name as join keywords: CROSS, FULL, INNER, LEFT, NATURAL, OUTER, or RIGHT. * Enhancements to PRAGMA integrity_check * Allow the session extension to be configured to capture changes from tables that lack an explicit ROWID. * Added the subsecond modifier to the date and time functions. * Negative values passed into sqlite3_sleep() are henceforth interpreted as 0. * The maximum recursion depth for JSON arrays and objects is lowered from 2000 to 1000. * Extended the built-in printf() function so the comma option now works with floating-point conversions in addition to integer conversions. * Miscellaneous bug fixes and performance optimizations. ==== sssd ==== Version update (2.8.2 -> 2.9.0) Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Update to release 2.9 * The sss_simpleifp library is deprecated (and for openSUSE, already removed) * The "Files provider" (i.e. id_provider = files) is deprecated (and for openSUSE, already removed) * SSSD will no longer warn about changed defaults when using ldap_schema = rfc2307 and default autofs mapping. * New passkey functionality, which will allow the use of FIDO2 compliant devices to authenticate a centrally managed user locally. * Add support for ldapi:// URLs to allow connections to local LDAP servers. * NSS IDMAP has two new methods: getsidbyusername and getsidbygroupname. ==== syndication ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== syntax-highlighting ==== Version update (5.105.0 -> 5.106.0) Subpackages: libKF5SyntaxHighlighting5 syntax-highlighting-imports - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - Changes since 5.105.0: * Backport theme changes to kf5 * backport master hl file updates * Add mimetype for markdown ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-coredump systemd-doc udev - Move more packaging fixups in the fixlet script. - Provide (Lua-based) file triggers and adapt systemd.spec accordingly (boo#1133764) More specifically, file triggers handle automatically installations or updates of files for sysusers, tmpfiles, hwdb, journal catalog, udev rules, sysctl and binfmt. Therefore it makes a bunch of systemd rpm macros (such as %udev_hwdb_update, %udev_rules_update, %journal_catalog_update, %tmpfiles_create, %sysusers_create and so on) not needed anymore. However before considering simplifying your spec files beware that these changes are not available in SLE yet and will probably never reach the current releases (latest one being SLE15-SP5 as of this writing). Macros dealing with unit restart/enabling (such as %systemd_pre, %service_add_pre, %service_del_postun, ...) are still needed though. However reloading of systemd instances (and thus restarting of units) are delayed until the very end of the package install/update transaction and is now done only once. Nevertheless to fully take advantage of file triggers, users have to activate a specific zypper transaction backend which is still considered as experimental, see bsc#1041742 for details. - Provide a (slighlty) customized version of systemd-update-helper. Some of the systemd rpm macros rely now on the helper and delegate their work to it. Hence we don't need to rebuild all packages anymore when the content of the rpm macros must be updated/fixed. - Drop an old fix for the persistent net rules (only needed on SLE). Factory (fortunately) dropped the persistent net rule generator long time ago. ==== systemd-rpm-macros ==== Version update (20 -> 22) - Bump to version 22 - Make sure that (future) users of %sysctl_apply() and %binfmt_apply() will call the macros with arguments. - Test the presence of /run/systemd/system to check whether we're operating during transactional updates. Hence the behavior is the same when operating in a chroot or during transactional updates. - Leave %sysctl_apply() and %binfmt_apply() empty (bsc#1211272) Only the former has very few users currently and none of them has specific code relying on the new sysctl values to be effective between the macros and the file triggers. - Bump to version 21 - Rely on 'systemd-update-helper' shell script to implement %service_* macros The helper was introduced by upstream commit 6d825ab2d42d3219e49a1. The main advantage is that we no more need to rebuild all packages to update the macro definitions. Internally the script relies on file triggers for 'daemon-reload' operations and for restarting units (when needed). - Update other macros to reflect the fact that systemd package provides file triggers for sysusers, tmpfiles, hwdb, and journal catalog. ==== systemsettings5 ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - No code changes since 5.27.4 ==== sysvinit ==== Version update (3.00 -> 3.07) - Update to sysvinit 3.07 * Fixed killall5 so that processes in the omit list are not sent any signals, including SIGSTOP. * Fixed usage message for killall5 to be more accurate. * pidof was not returning PIDs of programs which were launched using a symbolic link. (ie /tmp/sleep when /tmp/sleep links to /usr/bin/sleep). This is now fixed as we check both the realpath and symbolic path for processes. In other words, "pidof /tmp/sleep" and "pidof /usr/bin/sleep" will return the same PIDs when /tmp/sleep is a symbolic link to /usr/bin/sleep. * Fixed memory initialization error in pidof. Fix provided by Markus Fischer. * Accepted patch from Mark Hindley which avoids clearing realpath information in pidof when trying to find matching executables. * Mark Hindley fixed typo in es.po * Mark Hindley cleaned up translation code in src/Makefile. * Drop sulogin from Debian build. Removed libcrypt-dev dependency. * Fixed pt translation pages which were failing due to mis-matched open/close tags. * Makefile now respects ROOT prefix when setting up pidof-to-killall5 symbolic link. * Removed redundant translation files from man directory. * Makefile now respects DESTDIR. User can specify either ROOT= or DESTDIR= to set install prefix. * Helge Kreutzmann provided updated Makefile for translation of manual pages. This has been added to the man directory. * Added sys/sysmacros.h include in mountpoint.c to fix compiler errors on systems where major/minor macros were not defined. * Applied patches from Mark Hindley to clean up man page Makefile, translations and installs of new man pages. * Remove reliance on linux/fs.h as it conflicts with glibc 2.36. Patch provided by lucascars. * Mark Hindley supplied patch to make bootlogd compile on GNU Hurd systems. Was missing major/minor macro. * Fixed formatting in init.8 man page. Patch provided by Mark Hindley. * Added q and Q flags to synopsis in shutdown manual page. * Applied fixes for markup and spacing in manual pages. Patch provided by Mario Blattermann. * Added translation framework (po4a) from Mario Blttermann. * Added Makefile for man/ directory. Will handle translations and substitutions. * Applied new translations for multiple languages from Mario Blattermann. * Added ability to use "@" symbol in command named in the inittab file. This treats commands as literal and does not launch a shell to interpret them. * Updated inittab manual page to include overview of symbols which trigger a shell interpretor and how to disable them using the @ symbol. * Introduced change which adds error checking in bootlogd when performing chdir(). - Provided by Alexander Vickberg * Add check for console using TIOCGDEV on Linux systems in bootlogd to make finding console more robust. - Provided by Alexander Vickberg * Default to showing processes in the uninterruptable state (D). The -z flag no longer affects whether processes in D state are shown. The -z flag does still toggle whether zombie (Z) processes are shown. * Removed unnecessary check which is always true from init tab parsing. - Port patches * sysvinit-2.88dsf-suse.patch * sysvinit-2.90-no-kill.patch * sysvinit-2.90.dif - Add keyring as well as signature for source tar ball of sysvinit ==== texlive ==== - Move the provides of pdfjam to its usecase (boo#1211877) - Add patch source-luatex.dif * Update to luatex 1.17.0 with the fixes for CVE-2023-32668 and CVE-2023-32700 (bsc#1211389) VUL-0: TeXLive: Arbitrary code execution in LuaTeX ==== threadweaver ==== Version update (5.105.0 -> 5.106.0) - Update to 5.106.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.106.0 - No code change since 5.105.0 ==== tnftp ==== Version update (20210827 -> 20230507) - Update to version 20230507 * Add timeout for SSL connection setup, defaulting to 60 seconds. * Consistently use poll(2) instead of select(2). * Check EAGAIN as well as EINTR. * Simplify includes. - Update to version 20230409 * Add option sslnoverify to control validation of SSL certificates. * Add netrc processing to fetch-mode (URL on command line) to enable options and autologin via netrc. * Fix SSL cleanup in some error paths. * Support SSL certificate validation by default. FTPSSLNOVERIFY=1 in the environment to disable validation. * Handle relative URLs. * Improve ftp(1) markup. * Fix -? in a more portable manner. ==== tpm2.0-abrmd ==== Subpackages: libtss2-tcti-tabrmd0 tpm2.0-abrmd-selinux - Cover ALP via the %{suse_version} macro ==== tpm2.0-tools ==== - Disable tests. Some tests randomly fails, maybe dependening on the OBS worker assigned during the build (not confirmed) ==== tracker ==== Version update (3.5.1 -> 3.5.3) Subpackages: libtracker-sparql-3_0-0 tracker-data-files - Update to version 3.5.3: + Build fixes around strftime() bug workarounds on some architectures/platforms. + Improved compatibility of JSON cursor readers. + Leaks plugged. - Drop 63ea8f1a.patch: Fixed upstream. - Drop %systemd_user_postun_with_restart macro from the %postun directive. It's been deprecated and emptied (expands to nil) on both Tumbleweed and Leap already. - Comment unneded "/usr/bin/env python3" shebang line on utils/ trackertestutils/__main__.py Python script. - Change tracker-data-files package's architecture to noarch, as it doesn't contain any binaries. - Update to version 3.5.2: + Fix several possible crashers. + Fix bashisms in doc generation scripts. + Fix ISO8601 date strings in cursors on Darwin. + Plug leak. - Add 63ea8f1a.patch: Revert build: Detect appropriate strftime() year modifier at build time. Revert upstream commit for now as it breaks build for i586. ==== tracker-miners ==== Version update (3.5.1 -> 3.5.2) Subpackages: tracker-miner-files - Update to version 3.5.2: + Fix a number of potential crashers. + Fix possibly stuck extractor process. + Restore performance lost in 3.5.1 of extractor query to get unextracted items. + Plug memory leak. ==== transactional-update ==== Version update (4.1.5 -> 4.2.1) Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit - Version 4.2.1 - Implement "apply" command to switch into new snapshot directly [jsc#PED-3912] - Use new snapper functionality to set default snapshot - this makes it possible to execute hooks as requested in [poo#127160], [gh#openSUSE/transactional-update#85] and [gh#openSUSE/transactional-update#105]. - Don't hardcode GRUB2 [gh#openSUSE/transactional-update#100] / [poo#127154] - Fix cleanup handler - Fix unmounting temporary mounts - Prevent loosing track of snapshots in certain rollback scenarios - these would not be marked for deletion otherwise - Document "notify" reboot method - Minimal required snapper version is 0.8.10 now, for the new snapper functionality there is a backwards compatibility layer. - Conflict with health-checker < 1.8 - the "good" snapshot detection of GRUB cannot rely on transactional-update any more due to the new apply command - Depend on usrmerge for apply command ==== update-alternatives ==== - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Suppress error messages for grep command where the input file might not exist (boo#1169835) - Call fdupes without -s to avoid broken symlinks, pointing to different subpackage. boo#1209990 - Add upstream patch fix-lib-internal-cache-size.patch bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9 ==== util-linux-systemd ==== - Suppress error messages for grep command where the input file might not exist (boo#1169835) - Call fdupes without -s to avoid broken symlinks, pointing to different subpackage. boo#1209990 - Add upstream patch fix-lib-internal-cache-size.patch bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9 ==== vim ==== Version update (9.0.1504 -> 9.0.1572) Subpackages: vim-data vim-data-common vim-small xxd - Updated to version 9.0.1572, fixes the following problems * Typst filetype is not recognized. * reverse() on string doesn't work in compiled function. * CI: sound dummy is disabled. * Line not fully displayed if it doesn't fit in the screen. * Display errors when making topline shorter and 'smoothscroll' is set. * Recent glibc marks sigset() as a deprecated. * Text not scrolled when cursor moved with "g0" and "h". * Some commands for opening a file don't use 'switchbuf'. * Coveralls workflow on CI is commented out. * CI: check in sound-dummy module may throw an error. * USD filetype is not recognized. * In cmdline window S-Tab does not select previous completion. * Position of marker for 'smoothscroll' not computed correctly. * CI: sound-dummy module is not installed. * CI: using slightly outdated gcc version. * Code for handling 'switchbuf' is repeated. * setcharsearch() does not clear last searched char properly. * Vim9: error for missing "return" after "throw". * Test failures for unreachable code. * Wrong error for unreachable code after :throw. * Function argument types not always checked and using v:none may cause an error. * Win32: When 'encoding' is set $PATH has duplicate entries. * Mixing package managers is not a good idea. * GTK3: window manager resize hints are incomplete. * Display moves up and down with 'incsearch' and 'smoothscroll'. * Json lines files are not recognized. * Motif: GUI scrollbar test fails in 24 lines terminal. * Profiler calculation may be wrong on 32 bit builds. * With 'smoothscroll' cursor may move below botline. * Cannot use "this.member" in lambda in class method. * Some tests are slow. * RedrawingDisabled not used consistently. * Error messages are not translated. - Updated to version 9.0.1538, fixes the following problems - fixes boo#1211256 CVE-2023-2609 * No error when calling remote_startserver() with an empty string. * Error when heredoc content looks like heredoc. * Line number not displayed when using 'smoothscroll'. * Assert message is confusing with boolean result. assert_inrange() replaces message instead of adding it. * Catch does not work when lines are joined with a newline. * Error message lacks mentioning the erroneous argument. * Misleading variable name for error message. * Crash when using wrong arg types to assert_match(). * Inserting lines when scrolling with 'smoothscroll' set. * Text scrolls unnecessarily when splitting and 'splitkeep' is not "cursor". * Test waits unnecessarily long before checking screendump. * reverse() does not work for a String. * Cannot use special keys in mapping. * Search stats not always visible when searching backwards. * Global 'filetype' is set when it is detected from the file content. * Completion for option name includes all bool options. * Failing redo of command with control characters. * Some functions give two error messages. * Some error messages are not marked for translation. * Passing -1 for bool is not always rejected. * 'smoothscroll' does not always work properly. * Condition is always true. * Crash when using negative value for term_cols. * Libsodium encryption is only used with "huge" features, even when manually enabled through configure. (Tony Mechelynck) * Code style test doesn't check for space after "if". * Cursor moves to wrong line when 'foldmethod' is "diff". (Rick Howe) * Crash when register contents ends up being invalid. * Crash when expanding "~" in substitute causes very long text. * Test for 'smoothscroll' is ineffective. * Test for expanding "~" in substitute takes too long. * Test commented out in a wrong way. * CI: sound dummy stopped working. * Message for opening the cmdline window is not translated. * :wqall does not trigger ExitPre. (Bart Libert) ==== vte ==== - Add 24547fb3.patch: widget: Don't consume right clicks on gtk4. ==== vulkan-loader ==== Version update (1.3.247 -> 1.3.250.0) - Update to release SDK-1.3.250.0 * No changes over 1.3.247 [SDK-250 is a branch of regular-243 with some cherry-picks bringing it to roughly regular-247; there is little relation to regular-250] ==== vulkan-tools ==== Version update (1.3.247 -> 1.3.250.0) - Update to release SDK-1.3.250.0 * vulkaninfo: Issue flush before exiting ==== webkit2gtk3 ==== Version update (2.40.1 -> 2.40.2) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.40.2 (boo#1211846): + Fix scrollbar jumping to top when drag released outside window in GTK4. + Fix video rendering when GL is disabled. + Fix flickering on looped videos when starting again. + Fix CPU usage on autoplaying videos. + Choose amount of painting threads depending on available CPU cores on GTK4. + Fix several crashes and rendering issues. + Security fixes: CVE-2023-28204 CVE-2023-32373 (boo#1211658 boo#1211659). - Drop gcc13-fix.patch: fixed upstream. ==== webkit2gtk4 ==== Version update (2.40.1 -> 2.40.2) Subpackages: libjavascriptcoregtk6_0-1 libwebkitgtk6_0-4 webkitgtk-6_0-injected-bundles - Update to version 2.40.2 (boo#1211846): + Fix scrollbar jumping to top when drag released outside window in GTK4. + Fix video rendering when GL is disabled. + Fix flickering on looped videos when starting again. + Fix CPU usage on autoplaying videos. + Choose amount of painting threads depending on available CPU cores on GTK4. + Fix several crashes and rendering issues. + Security fixes: CVE-2023-28204 CVE-2023-32373 (boo#1211658 boo#1211659). - Drop gcc13-fix.patch: fixed upstream. ==== wget ==== Version update (1.21.3 -> 1.21.4) - GNU wget 1.21.4: * Document --retry-on-host-error in help text * Increase read buffer size to 64k. This should speed up downloads on gigabit and faster connections * Update deprecated option '--html-extension' to '--adjust-extension' in documentation ==== wireless-regdb ==== Version update (20230213 -> 20230503) - Update to version 20230503: * wireless-regdb: update regulatory database based on preceding changes * wireless-regdb: Update regulatory rules for Hong Kong (HK) * wireless-regdb: update regulatory rules for India (IN) * wireless-regdb: Update regulatory rules for Russia (RU). Remove DFS requirement. * Update regulatory info for Russia (RU) on 6GHz ==== wireplumber ==== Subpackages: libwireplumber-0_4-0 wireplumber-audio - Require wireplumber-audio if pipewire-jack is installed. - Recommend pipewire-jack in wireplumber-audio. ==== wpa_supplicant ==== - Change ctrl_interface from /var/run to %_rundir (/run) ==== xdg-desktop-portal-kde ==== Version update (5.27.4 -> 5.27.5) - Update to 5.27.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.5 - Changes since 5.27.4: * [notifications] Set proper value for x-kde-xdgTokenAppId * screenshot: fix flameshot #3164 by using native resolution * screencast: Don't try to screencast nullptr ==== xdm ==== - since xrdb no longer requires cpp, it needs to be reqired here now ==== xfsprogs ==== Version update (6.2.0 -> 6.3.0) - update to 6.3.0: - xfs_repair: Don't leak buffer when discarding directories - xfs_repair: estimate per-AG btree slack better - xfs_db: fix broken logic in error path - xfsprogs: nrext64 option is now in [inode] section of mkfs conf files ==== xrdb ==== - Downgrade cpp requires to recommends (bsc#1211267) ==== xterm ==== Version update (379 -> 380) Subpackages: xterm-bin xterm-resize - update to 380: * reduce compiler warnings in configure script. * simplify the change for sixelScrolling * add xterm+focus and report+da2, update report+version building blocks in terminfo, from post-ncurses 6.4 * drop the -title option from uxterm and koi8rxterm, because that interferes with deriving the default title from the -e option (Debian #1031837). Compensate for this by using the -class option to derive a default title. * improve description of readline 2003 mode in ctlseqs.ms * other improvements to status-line feature (report by Thomas Wolff): + clear status line on DECCOLM + ignore DECSASD if no previous DECSSDT + allow DECSSDT 1 immediately after DECSSDT 2, i.e., without switching back to host mode. * adjust RequestResize to avoid shrinking screen when using DECCOLM while the status-line is active (report/patch by Thomas Wolff). * disallow wrapping before the beginning of the screen, to the end of the screen, for cursor-back sequences (Redhat #2182357). * modify makefile to install the 16x16 xpm files (report by Harald Dunkel). * update test-package to reflect resolution of Debian #906901. * change default of showMissingGlyphs to True. * improve handling of double-sized characters when those happen to be missing from the bitmap font and/or are fullwidth. * pointer/overflow fixes (reported by David Leadbeater): + improve limit-checks for control-sequence numeric parameters in SIXEL graphics. + add null-pointer checks in WriteNow macro to handle a case where SS2 or SS3 might be in effect while processing a combining character. + disallow ReGIS reporting for character-set names containing characters other than alphanumerics or underscore. + implement TrueType fallback font for double-sized characters, including Unicode fullwidth. Also add limitFontHeight to provide for configuring the distinction between slightly-oversized glyphs and double-sized glyphs. * configure script improvements: + check for nfsd_t * fix a typo in the underline cursor thickness derivation ==== yaml-cpp ==== - Drop patches fix-cmake-export.patch untabify-cmakelists.patch replacing them with pull-request 1077.patch which was merged (bsc#1191137). ==== yast2-control-center ==== Version update (4.6.0 -> 4.6.1) Subpackages: yast2-control-center-qt - Require xdg-utils since it's no longer required by desktop-data-openSUSE and yast-control-center-qt needs it to start modules with 'xdg-su'. (bsc#1211869) - 4.6.1 ==== yast2-installation ==== Version update (4.6.2 -> 4.6.3) - Use a larger font for xterm during installation via X resources (bsc#1211267) Details: https://github.com/yast/yast-installation/pull/1085 4.6.3 ==== yast2-network ==== Version update (4.6.2 -> 4.6.3) - Do not write the EAP auth attribute when writing a wireless wicked configuration using the EAP mode as TLS (bsc#1211026) - 4.6.3 ==== yast2-pkg-bindings ==== Version update (4.6.1 -> 4.6.2) - Dropped the *-devel-doc subpackage (related to bsc#1211319) - 4.6.2 ==== yast2-services-manager ==== Version update (4.6.0 -> 4.6.1) - Improved help text for services table (bsc#1211320) - 4.6.1 ==== yast2-storage-ng ==== Version update (4.6.5 -> 4.6.10) - Add bus_id for DASD (gh#yast/yast-storage-ng#1339, gh#openSUSE/agama#578). - 4.6.10 - GuidedProposal: allow Agama to configure exactly what to do with every existing partition (gh#yast/yast-storage-ng#1337). - 4.6.9 - Allow to pass commit callbacks to inst_prepdisk client. - Needed for Agama (gh#openSUSE/agama#558). - 4.6.8 - GuidedProposal adapted to support assigning volumes to specific devices when volumes_allocate_mode is :auto (useful for Agama). - Guided Setup: display a hint for disks with sensible data transports like FCoE or NVMe/oF (bsc#1209588). - 4.6.7 - AutoYaST: correctly import legacy values for parity_algorithm. - Partitioner: when creating an MD RAID, do not ask for the chunk side when it makes no sense. Eg. RAID1 (bsc#1205172). - 4.6.6 ==== yast2-vm ==== Version update (4.6.0 -> 4.6.1) - The libvirtd daemon is deprecated and is going away. The replacements are virtqemud for KVM/qemu and virtxend for Xen. (bsc#1210572) - 4.6.1 ==== zisofs-tools ==== - Fix url and download to up to date location. - Add autoconf as BuildRequires. ==== zstd ==== Subpackages: libzstd1 - Revert the addition of build specific cmake files: breaks gdal, apache-arrow and possibly others -- boo#1211566 * note that shipping cmake files is not intentional or supported upstream at the moment: gh#facebook/zstd#3642 - Add cmake files manually because we do not want to add cmake to the bootstrap ring0