Packages changed: Mesa Mesa-drivers NetworkManager PackageKit (1.2.4 -> 1.2.5) amavisd-new augeas autofs automake bash-completion binutils chrony emacs-flim (1.14.9+125+g02735de -> 1.14.9+130+g289e5bbd66f6) evince (42.2 -> 42.3) gimp git gnome-keyring (40.0 -> 42.1) gnutls (3.7.5 -> 3.7.4) gpg2 grep grub2 harfbuzz (4.2.1 -> 4.3.0) icewm (2.1.1 -> 2.9.7) kColorPicker (0.1.6 -> 0.2.0) kImageAnnotator (0.5.3 -> 0.6.0) kdsoap libopenmpt (0.6.2 -> 0.6.3) libstorage-ng (4.5.11 -> 4.5.14) libunwind logrotate (3.19.0 -> 3.20.1) minicom (2.7.1 -> 2.8) mobile-broadband-provider-info (20220315 -> 20220511) nagios (4.4.6 -> 4.4.7) opensuse-welcome osinfo-db (20220214 -> 20220516) polkit-default-privs (1550+20220404.7b4bea2 -> 1550+20220524.0345bd9) ppp (2.4.8 -> 2.4.9) python-base python-cryptography (36.0.2 -> 37.0.2) python-psutil (5.9.0 -> 5.9.1) python-scipy (1.8.0 -> 1.8.1) python-sympy qemu remmina (1.4.25 -> 1.4.26) rubygem-ruby-dbus (0.18.0.beta5 -> 0.18.0.beta6) seahorse (41.0 -> 42.0) texlive tnftp (20151004 -> 20210827) vlc wayland webkit2gtk3 (2.36.1 -> 2.36.2) webkit2gtk3-soup2 (2.36.1 -> 2.36.2) xmlcharent xmlsec1 (1.2.33 -> 1.2.34) xscreensaver xwayland (22.1.1 -> 22.1.2) yast2 (4.5.3 -> 4.5.4) yast2-installation (4.5.1 -> 4.5.2) yast2-ruby-bindings (4.5.0 -> 4.5.1) yast2-storage-ng (4.5.5 -> 4.5.6) yast2-trans (84.87.20220513.26f6bfaa16 -> 84.87.20220520.670357a704) zsh (5.8.1 -> 5.9) === Details === ==== Mesa ==== Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - buildrequire DirectX-Headers only on %{ix86} x86_64, since it's only relevant on these platforms - Calling patch with '-p1' (as the others are) so 'git show' .patch output works. - Generating 'n_stop-iris-flicker.patch' from 'git format-patch' vs. a standard diff. - Fixing up 'stop-iris-flicker.patch' patch name to follow standards. ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva - buildrequire DirectX-Headers only on %{ix86} x86_64, since it's only relevant on these platforms - Calling patch with '-p1' (as the others are) so 'git show' .patch output works. - Generating 'n_stop-iris-flicker.patch' from 'git format-patch' vs. a standard diff. - Fixing up 'stop-iris-flicker.patch' patch name to follow standards. ==== NetworkManager ==== Subpackages: NetworkManager-bluetooth NetworkManager-pppoe NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Fold NetworkManager-wifi back into the main package: The dep chain is not really different and it causes too many problems for users having that split. Not worth the pain (boo#1199710, boo#1199706). - As a consequence, also drop the recommends fro the main package to -wifi. ==== PackageKit ==== Version update (1.2.4 -> 1.2.5) Subpackages: PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0 - Update to version 1.2.5: + Backends: - dnf: . Add support for autoremove flag when removing packages. . Searches by name and package details should be case insensitive. . Update appstream xml files if dnf_sack_add_repos() does the download. - zypp: . Add -std=c++1z cpp flags. . Fix crash when search string is NULL. . Fix package installation using undefined data. - Changes to alpm, apttcc, nix, and slack. + Bugfixes: - Install offline-update enablement symlink if Meson is new enough. - Move Wants= line for network-online.target. - Add flags to D-Bus offline invoking methods. - Properly handle allow-reinstall flag for installations. - Provide better error message if trying to install an installed package. - Wait until online to activate systemd service. - Drop 505.patch, PackageKit-zypp-c++17.patch, and PackageKit-zypp-fix-crash-with-empty-search-string.patch: fixed upstream. ==== amavisd-new ==== Subpackages: amavisd-new-docs - amavis fails to start (bsc#1199755) Add missed requirement - Remove server:mail/amavisd-new/amavis.service since it results Assignment outside of section warning ==== augeas ==== Subpackages: augeas-lenses libaugeas0 - Employ shared library packaging guideline and resolve this rpmlint report: "libaugeas0.x86_64: E: shlib-policy-name-error SONAME: libfa.so.1, expected package suffix: 1" [boo#1191749] ==== autofs ==== - Moved -autofs- file from user specif directory /etc/NetworkManager/dispatcher.d to vendor specific directory /usr/lib/NetworkManager/dispatcher.d. So, users changes can still be done in /etc and will not be overwritten by an update. ==== automake ==== - update automake.keyring: use release-team keyring - don't reference source URL when the linked sources change over time ==== bash-completion ==== - Add patch bsc1199724-modules.patch (bsc#1199724) * Enable upstream commit to list ko.zst modules as well ==== binutils ==== Subpackages: libctf-nobfd0 libctf0 - Use https for variosu links. - Update binutils-2.38-branch.diff.gz (to 93054037f1e304e) in order to include PR29087. - Enable multitarget build on riscv64 - On SLE15 and later, use make -Oline to synchronize configure output by lines ==== chrony ==== Subpackages: chrony-pool-openSUSE - Moved 20-chrony file from user specif directory /etc/NetworkManager/dispatcher.d to vendor specific directory /usr/lib/NetworkManager/dispatcher.d. So, users changes can still be done in /etc and will not be overwritten by an update. ==== emacs-flim ==== Version update (1.14.9+125+g02735de -> 1.14.9+130+g289e5bbd66f6) - Update to version 1.14.9+130+g289e5bbd66f6: * Fold docstring within 80 characters * Remove XEmacs related stuff. * New installer option PACKAGE_LISPDIR * Fix problem with new timestamp format. * Fold docstring within 80 characters ==== evince ==== Version update (42.2 -> 42.3) Subpackages: evince-plugin-comicsdocument evince-plugin-djvudocument evince-plugin-dvidocument evince-plugin-pdfdocument evince-plugin-tiffdocument evince-plugin-xpsdocument libevdocument3-4 libevview3-3 nautilus-evince typelib-1_0-EvinceDocument-3_0 typelib-1_0-EvinceView-3_0 - Update to version 42.3: + Shell: Disconnect signal handler to prevent invalid read. + Updated translations. ==== gimp ==== Subpackages: gimp-plugin-aa gimp-plugins-python libgimp-2_0-0 libgimpui-2_0-0 - Do not recommend lang package: the lang package has smarter supplements in place. ==== git ==== Subpackages: git-core git-email git-gui git-svn git-web gitk perl-Git - Do not recommend git-cvs and git-svn by git, but rather have those two packages supplement the combination of git and their respective counterparts. ==== gnome-keyring ==== Version update (40.0 -> 42.1) Subpackages: gnome-keyring-pam libgck-modules-gnome-keyring - Update to version 42.1: + daemon: Add files to EXTRA_DIST to fix distcheck. - Changes from version 42.0: + secret-portal: Properly check the default keyring. + Build fixes. + ssh-agent: Fix crash by uninitialized GMutex. + fix looping off the end of the operations array. + readme: Mention libsecret instead of deprecated libgnome-keyring. + daemon: Make it systemd-activatable through the control socket. + Updated translations. - Add pkgcondfig(systemd) and pkgconfig(libsystemd) BuildRequires: new dependencies. ==== gnutls ==== Version update (3.7.5 -> 3.7.4) Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-hmac - disable kcapi usage for now, as kernel-obs-build not adjusted to contain the algorithms. bsc#1189283 - FIPS: Additional PBKDF2 requirements for KAT [bsc#1184669] * The IG 10.3.A and SP800-132 require some minimum parameters for the salt length, password length and iteration count. These parameters should be also used in the KAT. * Add gnutls-FIPS-PBKDF2-KAT-requirements.patch - Enable to run the regression tests also in FIPS mode. - Update to 3.7.4: * libgnutls: Added support for certificate compression as defined in RFC8879. * certtool: Added option --compress-cert that allows user to specify compression methods for certificate compression. * libgnutls: GnuTLS can now be compiled with --enable-strict-x509 configure option to enforce stricter certificate sanity checks that are compliant with RFC5280. * libgnutls: Removed IA5String type from DirectoryString within issuer and subject name to make DirectoryString RFC5280 compliant. * libgnutls: Added function to retrieve the name of current ciphersuite from session. * Bump libgnutlsxx soname due to ABI break * API and ABI modifications: - GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member - GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member - gnutls_compress_certificate_get_selected_method: Added - gnutls_compress_certificate_set_methods: Added * Update gnutls.keyring - build with lto - build with -Wl,-z,now -Wl,-z,relro - build without -fanalyzer, which cuts build time in ~ half - Update to 3.7.3: [bsc#1190698, bsc#1190796] * libgnutls: The allowlisting configuration mode has been added to the system-wide settings. In this mode, all the algorithms are initially marked as insecure or disabled, while the applications can re-enable them either through the [overrides] section of the configuration file or the new API (#1172). * The build infrastructure no longer depends on GNU AutoGen for generating command-line option handling, template file parsing in certtool, and documentation generation (#773, #774). This change also removes run-time or bundled dependency on the libopts library, and requires Python 3.6 or later to regenerate the distribution tarball. Note that this brings in known backward incompatibility in command-line tools, such as long options are now case sensitive, while previously they were treated in a case insensitive manner: for example --RSA is no longer a valid option of certtool. The existing scripts using GnuTLS tools may need adjustment for this change. * libgnutls: The tpm2-tss-engine compatible private blobs can be loaded and used as a gnutls_privkey_t (#594). The code was originally written for the OpenConnect VPN project by David Woodhouse. To generate such blobs, use the tpm2tss-genkey tool from tpm2-tss-engine: https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations or the tpm2_encodeobject tool from unreleased tpm2-tools. * libgnutls: The library now transparently enables Linux KTLS (kernel TLS) when the feature is compiled in with --enable-ktls configuration option (#1113). If the KTLS initialization fails it automatically falls back to the user space implementation. * certtool: The certtool command can now read the Certificate Transparency (RFC 6962) SCT extension (#232). New API functions are also provided to access and manipulate the extension values. * certtool: The certtool command can now generate, manipulate, and evaluate x25519 and x448 public keys, private keys, and certificates. * libgnutls: Disabling a hashing algorithm through "insecure-hash" configuration directive now also disables TLS ciphersuites that use it as a PRF algorithm. * libgnutls: PKCS#12 files are now created with modern algorithms by default (!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation and HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the default PBKDF2 iteration count has been increased to 600000. * libgnutls: PKCS#12 keys derived using GOST algorithm now uses HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity, to conform with the latest TC-26 requirements (#1225). * libgnutls: The library now provides a means to report the status of approved cryptographic operations (!1465). To adhere to the FIPS140-3 IG 2.4.C., this complements the existing mechanism to prohibit the use of unapproved algorithms by making the library unusable state. * gnutls-cli: The gnutls-cli command now provides a --list-config option to print the library configuration (!1508). * libgnutls: Fixed possible race condition in gnutls_x509_trust_list_verify_crt2 when a single trust list object is shared among multiple threads (#1277). [GNUTLS-SA-2022-01-17, CVSS: low] * API and ABI modifications: GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_verify_flags gnutls_ecc_curve_set_enabled: Added. gnutls_sign_set_secure: Added. gnutls_sign_set_secure_for_certs: Added. gnutls_digest_set_secure: Added. gnutls_protocol_set_enabled: Added. gnutls_fips140_context_init: New function gnutls_fips140_context_deinit: New function gnutls_fips140_push_context: New function gnutls_fips140_pop_context: New function gnutls_fips140_get_operation_state: New function gnutls_fips140_operation_state_t: New enum gnutls_transport_is_ktls_enabled: New function gnutls_get_library_configuration: New function * Remove patches fixed in the update: - gnutls-FIPS-module-version.patch - gnutls-FIPS-service-indicator.patch - gnutls-FIPS-service-indicator-public-key.patch - gnutls-FIPS-service-indicator-symmetric-key.patch - gnutls-FIPS-RSA-PSS-flags.patch - gnutls-FIPS-RSA-mod-sizes.patch - FIPS: Fix regression tests in fips and non-fips mode [bsc#1194468] * Add gnutls-FIPS-disable-failing-tests.patch * Remove patches: - gnutls-temporarily_disable_broken_guile_reauth_test.patch - disable-psk-file-test.patch - FIPS: Provide module identifier and version [bsc#1190796] * Add configurable options to output the module name/identifier (--with-fips140-module-name) and the module version (--with-fips140-module-version). * Add the CLI option list-config that reports the configuration of the library. * Add gnutls-FIPS-module-version.patch - FIPS: Provide a service-level indicator [bsc#1190698] * Add support for a "service indicator" as required in the FIPS140-3 Implementation Guidance in section 2.4.C * Add patches: - gnutls-FIPS-service-indicator.patch - gnutls-FIPS-service-indicator-public-key.patch - gnutls-FIPS-service-indicator-symmetric-key.patch - gnutls-FIPS-RSA-PSS-flags.patch - FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192008] * fips: allow more RSA modulus sizes * Add gnutls-FIPS-RSA-mod-sizes.patch * Delete gnutls-3.6.7-fips-rsa-4096.patch - Drop bogus condition "> 1550": that would mean 'more recent than Tumbleweed' which is technically impossible, as Tumbleweed is the leading project (and the condition causes issues as Tumbleweed needs to move away from 1550 due to CODE 15 SP5 plans). - Add crypto-policies support for Leap and SLE 15.4 [jsc#SLE-20287] - Add DANE guards - Remove gnutls-temporarily_disable_broken_guile_reauth_test.patch since its already working. - Update to version 3.7.2 * Added Linux kernel AF_ALG based acceleration * Fixed timing of early data exchange * The priority string option DISABLE_TLS13_COMPAT_MODE was added to disable TLS 1.3 middlebox compatibility mode * The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to GNUTLS_NO_IMPLICIT_INIT to reflect the purpose * certtool: * When signing a CSR, CRL distribution point (CDP) is no longer copied from the signing CA by default * When producing certificates and certificate requests, subject DN components that are provided individually will now be ordered by assumed scale - Rework the crypto-policies dependencies in libraries [bsc#1186385] - Compute the FIPS hmac file without re-defining the __os_install_post macro, use the brp-50-generate-fips-hmac script instead. [bsc#1184555] - Require the main package in devel and lib packages as the default priorities are now set via crypto-policies. [bsc#1183082] - Update to 3.7.1: [bsc#1183456, CVE-2021-20232] [bsc#1183457, CVE-2021-20231] * Fixed potential use-after-free in sending "key_share" and "pre_shared_key" extensions. * Fixed a regression in handling duplicated certs in a chain. * Fixed sending of session ID in TLS 1.3 middlebox compatibility mode. In that mode the client shall always send a non-zero session ID to make the handshake resemble the TLS 1.2 resumption; this was not true in the previous versions. * Removed dependency on the external 'fipscheck' package, when compiled with --enable-fips140-mode. * Added padlock acceleration for AES-192-CBC. - Remove patches upstream: * gnutls-gnutls-cli-debug.patch * gnutls-ignore-duplicate-certificates.patch * gnutls-test-fixes.patch - Fix the test suite for tests/gnutls-cli-debug.sh [bsc#1171565] * Don't unset system priority settings in gnutls-cli-debug.sh * Upstream: gitlab.com/gnutls/gnutls/merge_requests/1387 - Add gnutls-gnutls-cli-debug.patch - Fix: Test certificates in tests/testpkcs11-certs have expired * Upstream bug: gitlab.com/gnutls/gnutls/issues/1135 - Add gnutls-test-fixes.patch - gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates * Upstream bug: https://gitlab.com/gnutls/gnutls/issues/1131 - Add gnutls-ignore-duplicate-certificates.patch - Update to 3.7.0 * Depend on nettle 3.6 * Added a new API that provides a callback function to retrieve missing certificates from incomplete certificate chains * Added a new API that provides a callback function to output the complete path to the trusted root during certificate chain verification * OIDs exposed as gnutls_datum_t no longer account for the terminating null bytes, while the data field is null terminated. The affected API functions are: gnutls_ocsp_req_get_extension, gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension * Added a new set of API to enable QUIC implementation * The crypto implementation override APIs deprecated in 3.6.9 are now no-op * Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support * Support for padlock has been fixed to make it work with Zhaoxin CPU * The maximum PIN length for PKCS #11 has been increased from 31 bytes to 255 bytes - Remove patch fixed upstream: * gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch - Add version guards for the crypto-policies package - Fix threading bug in libgnutls [bsc#1173434] * Upstream bug: gitlab.com/gnutls/gnutls/issues/1044 - Require the crypto-policies package [bsc#1180051] - Use the centralized crypto policy profile (jsc#SLE-15832) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) * add gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch - FIPS: Add TLS KDF selftest (bsc#1176671) * add gnutls-FIPS-TLS_KDF_selftest.patch - Escape rpm command %%expand when used in comment. - Update to 3.6.15 * libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing. [GNUTLS-SA-2020-09-04, CVSS: medium] * libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now indicates that with a false return value (!1306). * libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked accordingly to SP800-56A rev 3 (!1295, !1299). * libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than the size of the internal base64 blob (#1025). * libgnutls: Certificate verification failue due to OCSP must-stapling is not honered is now correctly marked with the GNUTLS_CERT_INVALID flag * libgnutls: The audit log message for weak hashes is no longer printed twice * libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is disabled in the priority string. Previously, even when TLS 1.2 is explicitly disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is enabled (#1054). - drop upstreamed patches: * gnutls-detect_nettle_so.patch * 0001-crypto-api-always-allocate-memory-when-serializing-i.patch - Correctly detect gmp, nettle, and hogweed libraries (bsc#1172666) * add gnutls-detect_nettle_so.patch - Fix a memory leak that could lead to a DoS attack against Samba servers (bsc#1172663) * add 0001-crypto-api-always-allocate-memory-when-serializing-i.patch - Temporarily disable broken guile reauth test (bsc#1171565) * add gnutls-temporarily_disable_broken_guile_reauth_test.patch - Update to 3.6.14 * libgnutls: Fixed insecure session ticket key construction, since 3.6.4. The TLS server would not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777) [GNUTLS-SA-2020-06-03, CVSS: high] * libgnutls: Fixed handling of certificate chain with cross-signed intermediate CA certificates (#1008). (bsc#1172461) * libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997). * libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority Key Identifier (AKI) properly (#989, #991). * certtool: PKCS #7 attributes are now printed with symbolic names (!1246). * libgnutls: Use accelerated AES-XTS implementation if possible (!1244). Also both accelerated and non-accelerated implementations check key block according to FIPS-140-2 IG A.9 (!1233). * libgnutls: Added support for AES-SIV ciphers (#463). * libgnutls: Added support for 192-bit AES-GCM cipher (!1267). * libgnutls: No longer use internal symbols exported from Nettle (!1235) * API and ABI modifications: GNUTLS_CIPHER_AES_128_SIV: Added GNUTLS_CIPHER_AES_256_SIV: Added GNUTLS_CIPHER_AES_192_GCM: Added gnutls_pkcs7_print_signature_info: Added - Add key D605848ED7E69871: public key "Daiki Ueno " to the keyring - Drop gnutls-fips_correct_nettle_soversion.patch (upstream) - Use correct nettle .so version when looking for a FIPS checksum (bsc#1166635) * add gnutls-fips_correct_nettle_soversion.patch - Update to 3.6.13 * libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support) The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol (#960) [GNUTLS-SA-2020-03-31, CVSS: high] (bsc#1168345) * libgnutls: Added new APIs to access KDF algorithms (#813). * libgnutls: Added new callback gnutls_keylog_func that enables a custom logging functionality. * libgnutls: Added support for non-null terminated usernames in PSK negotiation (#586). * gnutls-cli-debug: Improved support for old servers that only support SSL 3.0. - Split off FIPS checksums into a separate libgnutls30-hmac subpackage (bsc#1152692) - gnutls 3.6.12 * libgnutls: Introduced TLS session flag (gnutls_session_get_flags()) to identify sessions that client request OCSP status request (#829). * libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448 signature algorithm (RFC 8032) under TLS (#86). * libgnutls: Added the default-priority-string option to system configuration; it allows overriding the compiled-in default-priority-string. * libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by draft-smyshlyaev-tls12-gost-suites-07). By default this ciphersuite is disabled. It can be enabled by adding +GOST to priority string. In the future this priority string may enable other GOST ciphersuites as well. Note, that server will fail to negotiate GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites are enabled on GnuTLS-based servers. * libgnutls: added priority shortcuts for different GOST categories like CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL. * libgnutls: Reject certificates with invalid time fields. That is we reject certificates with invalid characters in Time fields, or invalid time formatting To continue accepting the invalid form compile with --disable-strict-der-time * libgnutls: Reject certificates which contain duplicate extensions. We were previously printing warnings when printing such a certificate, but that is not always sufficient to flag such certificates as invalid. Instead we now refuse to import them (#887). * libgnutls: If a CA is found in the trusted list, check in addition to time validity, whether the algorithms comply to the expected level prior to accepting it. This addresses the problem of accepting CAs which would have been marked as insecure otherwise (#877). * libgnutls: The min-verification-profile from system configuration applies for all certificate verifications, not only under TLS. The configuration can be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable. * libgnutls: The stapled OCSP certificate verification adheres to the convention used throughout the library of setting the 'GNUTLS_CERT_INVALID' flag. * libgnutls: On client side only send OCSP staples if they have been requested by the server, and on server side always advertise that we support OCSP stapling * libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible with gnutls_ocsp_req_t but const. * certtool: Added the --verify-profile option to set a certificate verification profile. Use '--verify-profile low' for certificate verification to apply the 'NORMAL' verification profile. * certtool: The add_extension template option is considered even when generating a certificate from a certificate request. - gnutls 3.6.11.1: * libgnutls: Corrected issue with TLS 1.2 session ticket handling as client during resumption * libgnutls: gnutls_base64_decode2() succeeds decoding the empty string to the empty string. This is a behavioral change of the API but it conforms to the RFC4648 expectations * libgnutls: Fixed AES-CFB8 implementation, when input is shorter than the block size. Fix backported from nettle. * certtool: CRL distribution points will be set in CA certificates even when non self-signed * gnutls-cli/serv: added raw public-key handling capabilities (RFC7250). Key material can be set via the --rawpkkeyfile and - -rawpkfile flags. - gnutls 3.6.10: * Add support for deterministic ECDSA/DSA (RFC6979) * Add functions for in-place encryption/decryption of data buffers * server now selects the highest TLS protocol version, if TLS 1.3 is enabled and the client advertises an older protocol version first * Add support for GOST 28147-89 cipher in CNT (GOST counter) mode and MAC generation based on GOST 28147-89 (IMIT) * certtool: when outputting an encrypted private key do not insert the textual description of it - Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - gnutls 3.6.9: * add support for copying digest or MAC contexts * Mark the crypto implementation override APIs as deprecated * Add support for AES-GMAC, as a separate to GCM, MAC algorithm * Add support for Generalname registeredID * The priority configuration was enhanced to allow more elaborate system-wide configuration of the library - includes changes from 3.6.8: * Add support for AES-XTS cipher * Fix calculation of Streebog digests * During Diffie-Hellman operations in TLS, verify that the peer's public key is on the right subgroup (y^q=1 mod p), when q is available (under TLS 1.3 and under earlier versions when RFC7919 parameters are used). * Apply STD3 ASCII rules in gnutls_idna_map() to prevent hostname/domain crafting via IDNA conversion * certtool: allow the digital signature key usage flag in CA certificates * gnutls-cli/serv: add the --keymatexport and --keymatexportsize options. These allow testing the RFC5705 using these tools - drop patches to re-enable tests: * disable-psk-file-test.patch * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch - Trim useless %if..%endif guards that do not affect the build. - Fix language errors in description again. - Update gnutls to 3.6.7 * * libgnutls, gnutls tools: Every gnutls_free() will automatically set the free'd pointer to NULL. This prevents possible use-after-free and double free issues. Use-after-free will be turned into NULL dereference. The counter-measure does not extend to applications using gnutls_free(). * * libgnutls: Fixed a memory corruption (double free) vulnerability in the certificate verification API. Reported by Tavis Ormandy; addressed with the change above. [GNUTLS-SA-2019-03-27, #694] [bsc#1130681] (CVE-2019-3829) * * libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages; Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] [bsc#1130682] (CVE-2019-3836) * * libgnutls: enforce key usage limitations on certificates more actively. Previously we would enforce it for TLS1.2 protocol, now we enforce it even when TLS1.3 is negotiated, or on client certificates as well. When an inappropriate for TLS1.3 certificate is seen on the credentials structure GnuTLS will disable TLS1.3 support for that session (#690). * * libgnutls: the default number of tickets sent under TLS 1.3 was increased to two. This makes it easier for clients which perform multiple connections to the server to use the tickets sent by a default server. * * libgnutls: enforce the equality of the two signature parameters fields in a certificate. We were already enforcing the signature algorithm, but there was a bug in parameter checking code. * * libgnutls: fixed issue preventing sending and receiving from different threads when false start was enabled (#713). * * libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable session, as non-writeable security officer sessions are undefined in PKCS#11 (#721). * * libgnutls: no longer send downgrade sentinel in TLS 1.3. Previously the sentinel value was embedded to early in version negotiation and was sent even on TLS 1.3. It is now sent only when TLS 1.2 or earlier is negotiated (#689). * * gnutls-cli: Added option --logfile to redirect informational messages output. - Disabled dane support in SLE since dane is not shipped there - Changed configure script to hardware guile site directory since command-line option '--with-guile-site-dir=' was removed from the configure script. * * Added gnutls-3.6.6-set_guile_site_dir.patch - Modified gnutls-3.6.0-disable-flaky-dtls_resume-test.patch to fix compilation issues on PPC - Update to 3.6.6 * * libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits on the public key (#640). * * libgnutls: Added support for raw public-key authentication as defined in RFC7250. Raw public-keys can be negotiated by enabling the corresponding certificate types via the priority strings. The raw public-key mechanism must be explicitly enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280). * * libgnutls: When on server or client side we are sending no extensions we do not set an empty extensions field but we rather remove that field competely. This solves a regression since 3.5.x and improves compatibility of the server side with certain clients. * * libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if the CKA_SIGN is not set (#667). * * libgnutls: The priority string option %NO_EXTENSIONS was improved to completely disable extensions at all cases, while providing a functional session. This also implies that when specified, TLS1.3 is disabled. * * libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. The previous definition was non-functional (#609). - drop no longer needed gnutls-enbale-guile-2.2.patch - refresh disable-psk-file-test.patch - Update to 3.6.5 * * libgnutls: Provide the option of transparent re-handshake/reauthentication when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571). * * libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127) * * libgnutls: The priority functions will ignore and not enable TLS1.3 if requested with legacy TLS versions enabled but not TLS1.2. That is because if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled) servers which do not support TLS1.3 will negotiate TLS1.2 which will be rejected by the client as disabled (#621). * * libgnutls: Change RSA decryption to use a new side-channel silent function. This addresses a security issue where memory access patterns as well as timing on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher attacks. Side-channel resistant code is slower due to the need to mask access and timings. When used in TLS the new functions cause RSA based handshakes to be between 13% and 28% slower on average (Numbers are indicative, the tests where performed on a relatively modern Intel CPU, results vary depending on the CPU and architecture used). This change makes nettle 3.4.1 the minimum requirement of gnutls (#630). [CVSS: medium] * * libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword in the priority string. It is only accepted as legacy option and is ignored. * * libgnutls: Added support for EdDSA under PKCS#11 (#417) * * libgnutls: Added support for AES-CFB8 cipher (#357) * * libgnutls: Added support for AES-CMAC MAC (#351) * * libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D S-BOXes). They are fixed now. * * libgnutls: Added support for GOST key unmasking and unwrapped GOST private keys parsing, as specified in R 50.1.112-2016. * * gnutls-serv: It applies the default settings when no --priority option is given, using gnutls_set_default_priority(). * * p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin option (#561) * * certtool: Add parameter --no-text that prevents certtool from outputting text before PEM-encoded private key, public key, certificate, CRL or CSR. - minimum required libnettle is now 3.4.1 - refresh * disable-psk-file-test.patch * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch ==== gpg2 ==== Subpackages: dirmngr - added tpm support, added a new subpackage gpg2-tpm ==== grep ==== - use release keyring rather than full one for validation - Do not link an unversioned file by URL (and refresh keyring) ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Fix installation over serial console ends up in infinite boot loop (bsc#1187810) * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch - Fix ppc64le build error for new IEEE long double ABI * 0001-libc-config-merge-from-glibc.patch ==== harfbuzz ==== Version update (4.2.1 -> 4.3.0) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 4.3.0: + Major speed up in loading and subsetting fonts, especially in handling CFF table. Subsetting some fonts is now 3 times faster + Speed up blending CFF2 table + Speed up hb_ot_tags_from_language() + Fix USE classification of U+10A38 to fix multiple marks on single Kharoshthi base + Fix parsing of empty CFF Index + Fix subsetting CPAL table with partial palette overlaps ==== icewm ==== Version update (2.1.1 -> 2.9.7) Subpackages: icewm-config-upstream icewm-default icewm-lang icewm-lite - Rebase patches for version 2.9.7: * icewm-susemenu.patch * icewm-desktop-nodisplay.patch * icewm-preferences.patch - Update to 2.9.7: * Fix for saving keyboard layouts in --rewrite-preferences. * Faster and more reliable restart of icewmbg. * Add themable preference ColorKeyboardLayoutText. * Add KeySysKeyboardNext to switch to next keyboard layout. * Document alternative keypad handling in icewm-keys(1). * Handle right-to-left languages in icewm-menu-fdo. * Add -g,--generic option to icewm-menu-fdo for GenericName in menus. * Updated translations: Czech, Danish, Finnish, Turkish, German, French. - from version 2.9.6: * Lower a fullscreen window below the window which is to be activated. * Start a new fullscreen client in the fullscreen layer for issue #85. * Prioritize the thermal zones when showing CPU temperature. * Let CPU graphs share a single timer and adjust to changes to TaskBarCPUSamples. * Support workspace names "next" and "prev" in icesh for issue bbidulock/icewm#640. * Updated translations: Spanish, German, Italian, Chinese, Portuguese (Brazil). - from version 2.9.5: * Set the window type of desktop icons and of the dockapps container. * Make taskbar unhide more reliable. * Fix OSS / APM confusion in some translations. * Fix for taskbar on icewm restart when there is a fullscreen window. * Fix for TaskBarAutoHide and for focusing address bar. * Make TaskBarFullscreenAutoShow option more reliable. * Remove all of the inefficient management of the fullscreen layer. * Fixes to prevent a lockup where no keybinding works, when activating a do-not-focus output-only window on a workspace where no focusable window exists. * When a fullscreen disappears, update the taskbar layer. * On startup don't switch workspace to activate a fullscreen window. * Updated translations: it, id, pt, pt_BR, de, ar, lt. - from version 2.9.4: * Always keep desktop icons below application windows. * Set an icewmbg background color as a pixmap to overcome limitations in picom and compton for issue bbidulock/icewm#632. * When icewmbg is configured with just a single background image or color, then always create a single pixmap in the X11 server as a temporary resource and have icewmbg exit to free its memory. * Add icesh options +class and +Pid to extend the window selection. * Improved workaround for 'feh' desktop backgrounds, where its pixmap has been marked persistent, for issue bbidulock/icewm#627. * Eliminate flicker when resizing frames which have a shape masked border, like CoolSteel and Illuminate-ice by enabling bit gravity. * Minimized windows which have both winoptions startMinimized and ignoreActivationMessages, require a mouse click to become active. * Support focus in subwindows of Globally Active Input applications, like games in a Wine virtual desktop for issue #73. * Eliminate all flicker when switching between different fullscreen windows for issue bbidulock/icewm#630. * Always put the active window first in the list of switchable windows for issue bbidulock/icewm#631. * Updated translation: Portuguese. - from version 2.9.3: * Support Unicode and non-Latin text in input fields and the address bar. * Add a Tile submenu to the window menu for issue #74. * When icewm starts, force the desktop background to be refreshed, for 'feh' background pixmaps in issue bbidulock/icewm#627. * Initialize locale specific modifiers with XSetLocaleModifiers. * Refresh the task pane background on expose events. * Fix for icesh maximize. * Fix to eliminate toggling the input focus. * Fix for the system tray background for issue bbidulock/icewm#626. * Updated translations: Ukrainian, Slovak, Japanese, Catalan, Portuguese. - from version 2.9.2: * Fix for fullscreen wine programs for issue #73. * Fix the drawing of LED-clock for themes like "unusualscars". * Fix a memory access after free after loading a core font failed. * Fix a missing include sys/wait.h for the FreeBSD build. * Add support for multiple clocks in different time zones. * Internationalize the error messages for the dynamic menu. * Internationalize the keyboard tooltip. - from version 2.9.1: * Fix for focusing wine and winecfg for issue bbidulock/icewm#625. * Fix the taskbar background for double height taskbar. * Swap the columns in the about dialog for right-to-left locales. * Replace "sans-serif" with "DejaVu Sans" for Xft fonts, because these support a wider range of characters, which improves support for languages with non-Latin scripts. * Add tabs to CPU multiline status tooltip for two-column display. * Fix multiline tooltips for right-to-left locales. * Ensure the multiline tab spacing is two character positions. * Fix taskbar collapse button for right-to-left locales. * Fix workspace pane sizing for right-to-left locales. * When the keyboard layout changes due to external reasons and the taskbar has the keyboard applet, then reflect the new layout in the taskbar applet for issue bbidulock/icewm#622. * Make the keyboard applet display all of the output of setxkbmap -query in the tooltip for the applet. * With the mouse in the keyboard applet, always post the tooltip. * Compress a series of XMappingEvents to one keyboard update. - from version 2.9.0: * Improvements to drawing right-to-left text within left-to-right locales. * Improvements for right-to-left locales like Arabic and Hebrew. * Give icewmbg an error handler to protect against destroyed windows. * Updated translations, most notably Ukrainian. * Only free cursor attributes when they were allocated. * Fix column alignment in menu's for right-to-left languages. * Prefer to keep the system menu within the frame when opening it from the menu button in the titlebar. * Don't repaint the taskbar when it is collapsed. * Refresh the taskbar to prevent background artefacts in CoolSteel. * Fix the last entry in the themes menu for the default theme. * Ignore empty resize events to reduce flickering when resizing in CoolSteel. * Only redraw frame borders on the last expose event. * Fix the the bottom right hole of a scrolled window list for bbidulock/icewm#620. * Add logout icons to Logout submenu for issue #69. * Update minimum required cmake version to 3.2. * Support right-to-left languages for corefonts when i18n is enabled. * When codesets are missing in a fontset, then only search for extra fonts in the same font family, and only when i18n is enabled. * Detect UTF-8 locale and support multibyte to wide character conversions. * Make DejaVu the default backup font family for corefonts. * Fix the horizontal scrollbar for the window list window. * Improve the ascent/descent detection for font sets. * Optimize text length detection for width-limited text fields. * Improve the Xft last resort backup font. * Improve vertical font positioning for the address bar. * Reuse discarded miniicon positions when minimizing to desktop. * Flush stdout after printing preferences. * Detect Right-To-Left locales Arabic, Hebrew, Farsi, Pashto, Sindhi, Urdu. * Improve the handling of font loading failures. * Improve the handling of setting "PreferFreetypeFonts" to false. * Use the font "10x20" as the last resort font instead of "fixed". * Be resilient to font preferences being set to the empty string. * Document drag and drop. * Add support for edge switching during drag and drop operations. * Update icewm.desktop for issue bbidulock/icewm#617. * Add a font cache to prevent repeatedly loading the same fonts, which also makes icewm a little faster on startup. * Don't kill internal windows. * Only let a frame retake focus on an ungrab event when the manager still believes that frame should have focus. This fixes the flashing of title bar buttons when the window list window is popped up. * Fix for FreeBSD build. * Document the -T switch for taskbar in icesh for issue #18. - from version 2.8.0 * Improve the explanation on how to spy on client messages with icesh. * When rearranging windows with tile placement or cascade placement, correct for the top side vertical offset, in those themes which have a masked top border. * Improve the explanation for some of the preferences. * Update the winoptions example on DockApps. * Guard against a color name being set to the empty string (bbidulock/icewm#614). * Improve the performance and scalability of the window list menu. * In the window list window group similar application windows together. * Add +group and +Class select options to icesh. * Improve the filtering on the WM_CLASS property in icesh. * Fix the OSS/ALSA defaults in icesound help message (bbidulock/icewm#609). * Fix the OSS/ALSA defaults in icesound man page (bbidulock/icewm#608) * Only support SVG for icons, not for icewmbg backgrounds. * Let icewmbg pixmaps free its associated Image to reduce memory usage. * Prevent a potential trailing -I flag in CMake for issue #57. * Fix the description for sizeby in the icesh manpage. * Fix overflows in battery calculations for issue bbidulock/icewm#607. * Update the translations, most notably Brazilian Portuguese. - from version 2.7.0 * Increase the maximum value for TaskbarButtonWidthDivisor from 25 to 50. * Add a --with-background= build option to set a default background path. * Improve the responsiveness of icewmbg when a new image must be scaled. * Reduce the memory usage by icewmbg by removing the image cache. * Make icewmbg much faster when scanning directories for image files. * Improve the reliability of icewm motion compression by also testing for subwindow equality. * Decrease the number of system calls for path lookups. * Guard against array indexing with negative indices. * Double the timeout for the dynamic menu generator to 1.4 seconds. * Eliminate most of the inefficiences when looking for icon directories. * Postpone the loading of cursors, because some cursors are seldomly used. * Rewrite the task successor and task predecessor actions to properly take into account the separation of TaskBarApp and TaskButton, as well as task grouping. This resolves issues #602 and #604. * Allow to build icewm using cmake -GNinja (issue #603). * Fix building on a case-insensitive file system (issue #601). - from version 2.6.0: * Keep track of changes to modal flag. * Optimize raising of modal windows. * Fix a memory leak for dynamic menu's. * Free start menu and windowlist menu on exit. * Fix for browse menu's for root and home in start menu. * Eliminate several memory leaks in icon handling. * Use absolute paths for the Exec definition in desktop files. * Only do a passive grab on buttons which are defined by the ButtonRaiseMask. * Guard against buffer overflow when copying the degrees centigrade symbol. * When a focused window can't raise, or there is no overlapping window, then there shouldn't be a passive button grab by icewm, in order to improve menu handling in applications which don't use windows for menu's. * Release the passive button grab from a focused window, when a button click wouldn't raise it, for improved menu handling for applications with internal menu's (CSS drawing). * These fix the Debian Bug report with number #989764: "icewm: Intermittently unable to select menu items in drop-down menus.", which was reported versus IceWM version 2.1.2 on June 12 on: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989764. - from version 2.5.0: * Fix for a crash when destructing frames with kill message boxes. * Clear the UrgencyHint in the WM_HINTS structure to stop the flashing. * Collect windows to arrange from layers OnTop, Normal and Below. * Add new -unmapped and -viewable filters to icesh. * Restore the window selection after an "end" clause in icesh. * Add example for constructing dropdown terminals with icesh. * Updated 8 translations. * Add full support for application modal dialogs. * Support WM_TRANSIENT_FOR being equal to the root window, per the EWMH standard in section: "Implementing enhanced support for application transient windows". * Revert "Enforce that focus remains with IceTopWin for issue #593." * Support paths with spaces in the rebuild.sh build script. * Replace paths with configured directories in generated manpages for CMake builds and also fix spaces and double quotes. * CMake builds html pages for #50. - from version 2.4.0: * Fix icehelp to ignore a missing file icon. * Add support for WindowMaker DockApps to icewm and icesh. * Support Ctrl+Mouse buttons to control dockapps. * Make icewm resilient against a newly managed client exiting immediately. * Ensure that focus remains with IceTopWin when showing desktop for issue #593. * Consider AllWorkspaces to be equal to the active workspace in Alt+Tab, when QuickSwitchGroupWorkspaces is enabled, for issue #589. * Improve recovery from restart failures. * Improve icehelp colors. * Support searching for keywords in icehelp document with Ctrl+F and F3. * Improve centrally placing transient windows over their leader window when CenterTransientsOnOwner is enabled. * Fix for when CenterLarge is true. * Prevent compiler warnings. * A dozen translations were updated. - from version 2.3.4: * Add a button for a menu in icehelp. * Support anti-aliased fonts in icehelp. * Improve accuracy of clicking on links in icehelp. * Support reverse video in icehelp. * Add more keyboard shortcuts to icehelp. * Let icehelp handle scrollbar keys when mouse pointer is inside a scrollbar. * Improve vertical alignment of text with different font faces in icehelp. * Add a --disable-rsvg option to configure for issue #587. * Always rebuild manpages when Makefile changes. * Fix for positioning new frames for themes with mask shaped top sides. * Fix for snapping frame borders for themes with mask shaped top sides. * Generate preferences in sorted order. * Better handling of preferences which have null strings by default. * Cleaner rewriting of preferences with --rewrite-preferences option. * Add a PingTimeout preference for issue #47. * When _NET_WM_PING timeouts then request user permission to send a terminate signal to the application for issue #47. * Fix the exit code of icesh for issue #585. * Only use RTTI when debugging for issue #48. * Updated translations. - from version 2.3.3: * Document default winoption format .OPTION. * Permit scroll wheel to control rolling up or down for issue #584. * Add new icewm option --rewrite-preferences to update preferences. * Improve documentation for options for Super/Windows key modifiers. * Make the QuickSwitch modifiers dependent on the type of QuickSwitch: either from the Alt+Tab or from the "switchkey" keyword for issue #583. * Don't reorder focus when Alt+Tabbing for issue #579. * Defer loading internationalized help text until required. * Add support for conditional expressions to icesh. * Add a toggle option "^" to the "netState" command for issue #580. - from version 2.3.2: * Document more workspace button features. * Improve drawing rectangles with rounded corners. * Use reversed active text colors for drawing grouping number. * Dissolve the disparity between dragged and non-dragged task buttons. * Allow button clicks with some mouse motion between button press and release. * Fix for editing workspace name in the workspace button. * Repaint workspace button after editing the workspace name. * Change the default value for ModSuperIsCtrlAlt from true to false. * Support ModSuperIsCtrlAlt in the quick switch for issue #574. * Reduce the number of frame updates when changing workspace. * Free the memory for the About dialog after it is closed. * Prevent a compiler warning. * Update Finnish translation. - from version 2.3.1: * Let icewmbg refresh the root background on icewm restart to evade a bug in the X server. * Prevent compiler warnings about missing overrides. * Improve drawing for TaskBarTaskGrouping with preferences. * Fix for drawing missing icon in message box. * Fix for changing theme via theme menus. * Fix for drawing icons in menus. * Fix for switchkey. - from version 2.3.0: * Add new preference NetStatusShowOnlyRunning to only show running network interfaces by alspitz. * Reduce systemcalls as much as possible when updating network status. * Only update tooltips when a tooltip window is visible. * Postpone creating tooltips. * If without system tray, enforce taskbar updateLocation for issue #559. * Redraw task button when name changes. * Print more details for "all" in "icesh motif". * When client loses its X shape then update frame functions, which fixes toggling "Use system title bar and borders" in Chrome. * Optimize filereader to reduce the number of read system calls. * Add new preference TaskBarTaskGrouping to group similar applications under a single task button for issue #198. * Support immediate toggling of TaskBarTaskGrouping without a restart. * Add menu option to icehelp to open current document in a browser. * Support switching workspaces via window menu list. * Add command "denormal" to icesh for issue #561. * Support mouse buttons up to button number 9 for issue #333. * Allow to switch workspaces by key in the Alt+Tab QuickSwitch for #563. * Improve handling of modifier keys in QuickSwitch. * Support arrow keys, Home, End, Delete and Return keys in QuickSwitch. * Support keys '1' to '9' to index the QuickSwitch. * Prevent closing QuickSwitch window when a button release event occurs. * Fixes for QuickSwitch when there is a fullscreen window for issue #558. * Add QuickSwitchRaiseCandidate to raise a selected window for issue #564. * Don't reorder focus in QuickSwitch when changing workspaces for issue #564. * Support rotating mouse wheel buttons in QuickSwitch to scroll over windows. * Efficiency improvements to QuickSwitch. * When QuickSwitch is up and a new window is created, then add it to the list. * Support colored cursors when using libXpm for issue #45. * When activating a frame on another workspace, ignore any focus events on the root window, for more reliable QuickSwitching to intended window. * Updated documentation. * Updated translations. - from version 2.2.1: * Fix the CMake build. * Draw an icon in each message box popup. * Make input field focus tab-traversable when editing preferences. * When modifying preferences, only trim input for scalar options. * Simplify the icewm manpage. * Taskbar may have a non-zero screen due to XineramaPrimaryScreen in getNewPos. Only consider workarea when using same screen as taskbar, otherwise allow entire desktop for issue bbidulock/icewm#557. * Position the move/size-status on the screen of the window. - from version 2.2.0: * Support modifying all icewm preferences directly via a popup. * Allow to reset a key or string option in the preferences menu. * Show the preference description when modifying a preference. * Give each preference option a meaningful description. * Drop support for nonICCCMconfigureRequest winoption. * Immediately redraw clock after setting default clock format. * Add new clock format %H:%M to clock menu. * Fix cmake test target for issue #41. * Improve CMake build speed by building libraries. * If an application resizes itself partially outside the work area, then move it back inside the work area, if possible, for issue #550. * Fix ignoreQuickSwitch winoption for focused windows for issue #552. * Support locales in icehelp and icewmhint. - from version 2.1.2: * In icewm-menu-fdo don't abort directory scanning on bad menu items to fix issue #546. * Relayout task buttons whenever a task button is removed for issue #548. * Add test for XShm extension+pixmaps. * Remove the urgent state flag from frame when gaining or losing focus. * Add 'urgent' action to icesh to set the urgent flag on a window. * Create a Settings submenu to reduce Start menu items for issue #543. --- ---------------------------------------------------------------- ==== kColorPicker ==== Version update (0.1.6 -> 0.2.0) - Update to 0.2.0 * Add option to show alpha channel and reset color selection ==== kImageAnnotator ==== Version update (0.5.3 -> 0.6.0) - Update to version 0.6.0 New * Add optional undo, redo, crop, scale and modify canvas buttons to dock widgets. * Cut out vertical or horizontal slice of an image. * Middle-click on tab header closes tab. * Add button to fit image into current view. * Allow changing item opacity. * Add support for RGBA colors with transparency. * Add mouse cursor sticker. * Allow scaling stickers per setting. * Respect original aspect ratio of stickers. * Respect original size of stickers. Fixed * Adding image effect does not send image change notification. * Blur / Pixelate break when going past image edge once. * Item opacity not applied when item shadow disabled. Changed * Changed kImageAnnotator: Max font size changed to 100pt. ==== kdsoap ==== - Add a Qt6 flavor for kdsoap. ==== libopenmpt ==== Version update (0.6.2 -> 0.6.3) - Update to 0.6.3: * Pitch / Pan Separation and Random Variation instrument properties were not resetting properly when seeking, potentially causing instruments to be played e.g. at a vastly different pan position compared to playing the module continuously. * MED: Stereo samples were not imported correctly. ==== libstorage-ng ==== Version update (4.5.11 -> 4.5.14) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#879 - added include for gcc13 (gh#openSUSE/libstorage-ng#878) - 4.5.14 - merge gh#openSUSE/libstorage-ng#877 - use new parted type command instead of SUSE-specific type-id - extended documentation - 4.5.13 - merge gh#openSUSE/libstorage-ng#876 - added support for BitLocker using cryptsetup - extended LuksInfo class - fixed probing partition name - added testcase - updated integration tests - coding style - updated parser for 'cryptsetup status' - 4.5.12 ==== libunwind ==== - Fix dependencies - Fix file list ==== logrotate ==== Version update (3.19.0 -> 3.20.1) - update to 3.20.1: * drop world-readable permission on state file even when ACLs are enabled (#446) - removed obsolete logrotate-CVE-2022-1348-follow-up.patch - Security fix: (bsc#1199652, CVE-2022-1348) * Add follow-up upstream patch for the introduced fix. * Added patch logrotate-CVE-2022-1348-follow-up.patch - Update patch: * logrotate-3.19.0-man_logrotate.patch -> logrotate-3.20.0-man_logrotate.patch - update to 3.20.0: * fix potential DoS from unprivileged users via the state file (CVE-2022-1348) * fix a misleading debug message with copytruncate and rotate 0 (#443) * add support for unsigned time_t (#438) * do not lock state file /dev/null (#433) ==== minicom ==== Version update (2.7.1 -> 2.8) - Do not recommend lang package: the lang package has smarter supplements in place (working with zypper locales). - Replace dead URL with current upstream - Update to version 2.8 * New timestamp mode: Delta to previous line. * Add HPA ESC sequence * Add alternative window support (ti/te) * Fix file name of non-global configuration settings. * Update translations: Indonesian, French, Swedish, Spanish, German, Brazilian Portuguese, Vietnamese, Polish, Danish, Norwegian, and Serbian * New translation: Serbian, Simplified chinese * Fix F10 macro key used in current setups * Add F11 and F12 for macro use * Fixed DTR for recent systems * Add support for RS485. * Add --capturefile-buffer-mode option * Bug fixes - Drop upstream resolved patches * fix-upstream-gcc10-build2.patch * fix-upstream-gcc10-build3.patch * fix-upstream-gcc10-build1.patch - Drop minicom-2.3-no-build-date.patch, GCC now uses SOURCE_DATE_EPOCH - Rebased minicom-2.2-defaults.diff as openSUSE-defaults.patch - Rebased minicom-2.4-norootsetup.diff as openSUSE-no-root-setup.patch - Add patch from upstream minicom-2.8-replace-sigrelse.patch, replace deprecated sigrelse - Add patch to fix undefined reference to external symbols minicom-2.8-fix-undefined-reference.patch ==== mobile-broadband-provider-info ==== Version update (20220315 -> 20220511) - Update to version 20220511: * us: update verizon MCCMNC * us: Verizon Wirleess had been awarded 301 012 * us: Verizon Wireless MMS settings * us: declare AT&T MCC MNC * at: declare lyca mobile MMS config * al: add AMC internet APN config * af: add MMS settings for AWCC * ad: add andorra telecom MMS settings * za: mtn mms * za: cell-c MMS setting * es: Add Euskaltel MMS settings * il: youphone mms (same APN for data and mms) * il: cellcom balance test * il: Rami Levi MMS settings * serviceproviders: fix indentation * il: Partner (previously known as Orange) MMS config ==== nagios ==== Version update (4.4.6 -> 4.4.7) Subpackages: nagios-www - 4.4.7 - 2022-04-14 FIXES * Fixed checkboxes in jsonquery.html (#778) (Rfferrao87) * Added SSL support for version update check (Sebastian Wolf) * Note: NEB modules using the priority/scheduling queues in libnagios may need to update headers due to symbol conflicts with OpenSSL. * Fixed XSS in homepage when displaying update check results (Sebastian Wolf) * Fixed allocation error in getcgi.c (#820) (Ariadne Conill) * Fixed Error: NULL variable for lines of spaces in resource.cfg (#814) (Ralf Herrmann) * Fixed crash when handling large check output (#825, #828) (Kilvador) * Update packaging instructions for RPM/EPEL (#850) (T.J. Yang) * Include packaging instructions for DEB (#842) (Catfriend1) * Fixed CGI object processing when names end in \ (#819) (Sebastian Wolf) * $SERVICEPROBLEMID$ now accessible when notifications are sent (#688) (Sebastian Wolf) ==== opensuse-welcome ==== - Do not recommend lang package: the lang package has smarter supplements in place. ==== osinfo-db ==== Version update (20220214 -> 20220516) - Update to database version 20220516 osinfo-db-20220516.tar.xz ==== polkit-default-privs ==== Version update (1550+20220404.7b4bea2 -> 1550+20220524.0345bd9) - Update to version 1550+20220524.0345bd9: * Add kinfocenter5 whitelisting (bsc#1199735). * gconf: cleanup rules used by dropped gconf2 package ==== ppp ==== Version update (2.4.8 -> 2.4.9) - Add ppp-compiling-with-clang-encounters-an-error-in-eap-tls..patch that fixed the following rpmlint error: executable-stack (Badness: 10000) /usr/sbin/pppd - Update to version 2.4.9 * Support for new EAP (Extensible Authentication Protocol) methods * Support for EAP-TLS * Support for EAP-MSCHAPv2 * New pppd options: * chap-timeout * chapms-strip-domain * replacedefaultroute * noreplacedefaultroute * ipv6cp-accept-remote * lcp-echo-adaptive * ip-up-script * ip-down-script * ca * capath * cert * key * crl-dir * crl * max-tls-version * need-peer-eap * Fixes for CVE-2020-8597 and CVE-2015-3310. * The rp-pppoe plugin has been renamed to pppoe, to distinguish it from the upstream rp-pppoe code. Its options have changed names, but the old names are kept as aliases. * Many bug fixes and cleanups. - Drop upstream fixed patches * ppp-2.4.3-winbind-setuidfix.patch * fix-header-conflict.patch * ppp-CVE-2015-3310.patch * ppp-CVE-2020-8597.patch * ppp-cifdefroute.patch * ppp-higher-speeds.patch * ppp-2.4.3-strip.diff * ppp-filter.patch * ppp-__P.patch - Drop upstream resolved ppp-make.patch use `--cflags` configure switch instead ==== python-base ==== Subpackages: libpython2_7-1_0 python-xml - Filter out executable-stack error that is triggered for i586 target. ==== python-cryptography ==== Version update (36.0.2 -> 37.0.2) - update to 37.0.2: * Fixed an issue where parsing an encrypted private key with the public loader functions would hang waiting for console input on OpenSSL 3.0.x rather than raising an error. * Restored some legacy symbols for older ``pyOpenSSL`` users. These will be removed again in the future, so ``pyOpenSSL`` users should still upgrade to the latest version of that package when they upgrade ``cryptography``. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.9.x and 3.0.x. The new minimum LibreSSL version is 3.1+. * **BACKWARDS INCOMPATIBLE:** Removed ``signer`` and ``verifier`` methods from the public key and private key classes. These methods were originally deprecated in version 2.0, but had an extended deprecation timeline due to usage. Any remaining users should transition to ``sign`` and ``verify``. * Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by the OpenSSL project. The next release of ``cryptography`` will be the last to support compiling with OpenSSL 1.1.0. * Deprecated Python 3.6 support. Python 3.6 is no longer supported by the Python core team. Support for Python 3.6 will be removed in a future ``cryptography`` release. * Deprecated the current minimum supported Rust version (MSRV) of 1.41.0. In the next release we will raise MSRV to 1.48.0. Users with the latest ``pip`` will typically get a wheel and not need Rust installed, but check :doc:`/installation` for documentation on installing a newer ``rustc`` if required. * Deprecated :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish` because they are legacy algorithms with extremely low usage. These will be removed in a future version of ``cryptography``. * Added limited support for distinguished names containing a bit string. * We now ship ``universal2`` wheels on macOS, which contain both ``arm64`` and ``x86_64`` architectures. Users on macOS should upgrade to the latest ``pip`` to ensure they can use this wheel, although we will continue to ship ``x86_64`` specific wheels for now to ease the transition. * This will be the final release for which we ship ``manylinux2010`` wheels. Going forward the minimum supported ``manylinux`` ABI for our wheels will be ``manylinux2014``. The vast majority of users will continue to receive ``manylinux`` wheels provided they have an up to date ``pip``. For PyPy wheels this release already requires ``manylinux2014`` for compatibility with binaries distributed by upstream. * Added support for multiple :class:`~cryptography.x509.ocsp.OCSPSingleResponse` in a :class:`~cryptography.x509.ocsp.OCSPResponse`. * Restored support for signing certificates and other structures in :doc:`/x509/index` with SHA3 hash algorithms. * :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` is disabled in FIPS mode. * Added support for serialization of PKCS#12 CA friendly names/aliases in :func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates` * Added support for 12-15 byte (96 to 120 bit) nonces to :class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`. This class previously supported only 12 byte (96 bit). * Added support for :class:`~cryptography.hazmat.primitives.ciphers.aead.AESSIV` when using OpenSSL 3.0.0+. * Added support for serializing PKCS7 structures from a list of certificates with :class:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`. * Added support for parsing :rfc:`4514` strings with :meth:`~cryptography.x509.Name.from_rfc4514_string`. * Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.AUTO` to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This can be used to verify a signature where the salt length is not already known. * Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.DIGEST_LENGTH` to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This constant will set the salt length to the same length as the ``PSS`` hash algorithm. * Added support for loading RSA-PSS key types with :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key` and :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`. This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a normal RSA private key, discarding the PSS constraint information. ==== python-psutil ==== Version update (5.9.0 -> 5.9.1) - removed obsolete skip-partitions-erros.patch - update to 5.9.1 * Enhancements - 1053: drop Python 2.6 support. (patches by Matthieu Darbois and Hugo van Kemenade) - 2050, [Linux]: increase read(2) buffer size from 1k to 32k when reading /proc pseudo files line by line. This should help having more consistent results. - 2057, [OpenBSD]: add support for cpu_freq(). - 2107, [Linux]: Process.memory_full_info() (reporting process USS/PSS/Swap memory) now reads /proc/pid/smaps_rollup instead of /proc/pids/smaps, which makes it 5 times faster. * Bug fixes - 2048: AttributeError is raised if psutil.Error class is raised manually and passed through str. - 2049, [Linux]: cpu_freq() erroneously returns curr value in GHz while min and max are in MHz. - 2050, [Linux]: virtual_memory() may raise ValueError if running in a LCX container. ==== python-scipy ==== Version update (1.8.0 -> 1.8.1) - Update to version 1.8.1. * Bug-fix release with no new features. ==== python-sympy ==== - Add sympy_printing_ccode.patch eliminating sympy.printing.ccode deprecated module, because it just stands in the way (gh#sympy/sympy#23533) ==== qemu ==== Subpackages: qemu-arm qemu-audio-spice qemu-block-curl qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-ipxe qemu-ksm qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios - It has been observed that building QEMU with _FORTIFY_SOURCE=3 causes problem (see bsc#1199924). Force it to =2 for now, while we investigate the issue. - Backport a GCC 12 aarch64 build fix (bsc#1199625) * Patches added: block-qdict-Fix-Werror-maybe-uninitializ.patch - Filter out rpmlint error that is valid for qemu, but will have its badness increased in the future. ==== remmina ==== Version update (1.4.25 -> 1.4.26) Subpackages: remmina-plugin-rdp remmina-plugin-secret remmina-plugin-vnc - Do not recommend lang package: the lang package has smarter supplements in place. - Updated to remmina version 1.4.26 - Major improvements: * A Python plugin/API (you can write Remmina plugins in Python now!!!) * X11 Forward for the SSH plugin @marco.fortina * Kiosk improvements and new command lines options - Other changes: * Fix trial for 2577: Closing a VNC connection makes Remmina close all other... * Handle after-auth connection errors in VNC properly * Using Remmina from command-line for kiosked servers * Manual page refactoring fixes #2056 (closed) * Add mutex to protect RDP clipboard->srv_data. Fixes #2666 (closed) * Add '--no-tray-icon' command-line option * Make FreeRDPs TLS Security Level setting accessible in the advanced settings view * Disable grabs for SSH and SFTP, #closes #2728 (closed) * Cannot disable shared folder * Use PyInitializeEx in order to skip signal handler registration * Ignore add new connection button in kiosk mode * WWW plugin refactoring ==== rubygem-ruby-dbus ==== Version update (0.18.0.beta5 -> 0.18.0.beta6) - 0.18.0.beta6 API: * Data::Base#value returns plain Ruby types; Data::Container#exact_value contains Data::Base (gh#mvidner/ruby-dbus#114). * Data::Base#initialize and .from_typed allow plain or exact values, validate argument types. * Implement #== (converting) and #eql? (strict) for Data::Base and DBus::Type. ==== seahorse ==== Version update (41.0 -> 42.0) Subpackages: gnome-shell-search-provider-seahorse - Update to version 42.0: + pgp: Fix GPG version check. + desktop: Add pgp,gpg to the description. + search-provider: Don't escape result description as markup. + gkr: Network label fixes. + ssh: Fix CPU Usage Spike When Calling ssh-keygen. + desktop: Add supported mime types to .desktop file> + desktop: Mark application as adaptive. + metainfo: Align app name with .desktop name. + ui: Opt-in to color scheme user preference> + Updated translations. ==== texlive ==== Subpackages: libkpathsea6 libsynctex2 - Use the found perl version for requiring perl-base in perl-biber (boo#1199795) ==== tnftp ==== Version update (20151004 -> 20210827) - Update to version 20210827 * Validate address in server's PASV and LPSV responses. Previously a hostile server could cause ftp to open a data connection elsewhere. * Avoid intermittent crashes by fixing signal handler restoration. * Fix intermittent failures in -q QUITTIME by not using restartable signals. * Set SO_KEEPALIVE on control connection to attempt to avoid timeouts. * Display usage to stdout with -?. - Update to version 20200705: * Avoid crashes by exiting if lostpeer due to a signal * Issue PWD commands to the server only when we actually need the results, not speculatively, just in case we might. * Use "anonymous" instead of the local username for anonymous ftp. Avoids unnecesary information leak. * Use the first name we requested the http/https URL for, not any name we ended up with after random redirects. * Support using CONNECT for https:// via proxy. * Improve SSL error reporting, and IPv6 endpoint reporting. * Use the system glob() if required extensions are supported. - Drop upstream fixed tnftp-20100108-am_and_libedit.patch - Drop upstream fixed tnftp-verify_hostname.patch ==== vlc ==== Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau - Add vlc-dav1d-1.0.patch: Fix build with dav1d 1.0. Upstream commits 2202c892 and d38ddd727. ==== wayland ==== Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0 - modernize spec file * use licensedir * use bcond * use https:// urls * spec-cleaner ==== webkit2gtk3 ==== Version update (2.36.1 -> 2.36.2) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.36.2: + Fix some pages showing empty content boxes when using GTK4. + Fix the build with accessibility disabled. + Fix the build with newer Ruby versions. + Fix several crashes and rendering issues. ==== webkit2gtk3-soup2 ==== Version update (2.36.1 -> 2.36.2) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles - Update to version 2.36.2: + Fix some pages showing empty content boxes when using GTK4. + Fix the build with accessibility disabled. + Fix the build with newer Ruby versions. + Fix several crashes and rendering issues. ==== xmlcharent ==== - Handle update case as well (boo#1199754) ==== xmlsec1 ==== Version update (1.2.33 -> 1.2.34) Subpackages: libxmlsec1-1 libxmlsec1-nss1 libxmlsec1-openssl1 - update to 1.2.34: * Support for OpenSSL compiled with OPENSSL_NO_ERR. * Full support for LibreSSL 3.5.0 and above * Several other small fixes ==== xscreensaver ==== Subpackages: xscreensaver-data xscreensaver-data-extra xscreensaver-lang - Add option --with-app-defaults to configure * fix boo#1199742 ==== xwayland ==== Version update (22.1.1 -> 22.1.2) - Update to version 22.1.2 * randr: Add "RANDR Emulation" property * xwayland/output: Set the "RANDR Emulation" property * xwayland: Fix invalid pointer access in drm_lease_device_handle_released. ==== yast2 ==== Version update (4.5.3 -> 4.5.4) Subpackages: yast2-logs - Added experimental infrastructure for managing system in a chroot (bsc#1199840) - 4.5.4 ==== yast2-installation ==== Version update (4.5.1 -> 4.5.2) - AutoYaST Second Stage: Added a missing dependency to the service to prevent getty-autogeneration listen on 5901 port (bsc#1199746) - 4.5.2 ==== yast2-ruby-bindings ==== Version update (4.5.0 -> 4.5.1) - Added experimental infrastructure for managing system in a chroot (bsc#1199840) - 4.5.1 ==== yast2-storage-ng ==== Version update (4.5.5 -> 4.5.6) - Fixed failing unit test: Added translatable message for new libstorage enum type for bitlocker (bsc#1199832) - 4.5.6 ==== yast2-trans ==== Version update (84.87.20220513.26f6bfaa16 -> 84.87.20220520.670357a704) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20220520.670357a704: * New POT for text domain 'packager'. - Update to version 84.87.20220517.14c54455f9: * New POT for text domain 'qt'. * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * New POT for text domain 'qt'. * New POT for text domain 'iscsi-client'. ==== zsh ==== Version update (5.8.1 -> 5.9) - update to 5.9: zsh 5.9 is dedicated to the memory of Sven Guckes, who was, amongst other things, a long-time zsh advocate. For more information, see: https://linuxnews.de/2022/02/sven-guckes-verstorben/ https://groups.google.com/g/vim_announce/c/MJBKVd-xrEE/m/joVNaDgAAgAJ When unsetting a hash element, the string enclosed in square brackets is interpreted literally after any normal command-line-argument expansions. Thus unset "hash[$key]" first expands $key as usual for a double-quoted string, and then interprets that result as the exact hash element to unset. This differs from previous versions of the shell, which would also remove a leading backslash for an unusual subset of characters in the expansion of $key. Note this also means, for example, that now unset 'hash[ab]cd]' unsets the element with key "ab]cd" rather than silently doing nothing. The function command learnt a -T option to declare a function and enable tracing for it simultaneously. The option SHORT_REPEAT was added to enable the short syntax of SHORT_LOOPS for the repeat command only. It is disabled by default. The _arguments function now supports NUL-delimiting optargs in the opt_args array via the -0 option. Developers of completion functions should find this easier to handle reliably than the default colon-delimiting behaviour. The zsh/system module's `zsystem flock` command learnt an -i option to set the wait interval used with -t. Additionally, -t now supports fractional seconds. The option CLOBBER_EMPTY was added to enable the overwrite behaviour of CLOBBER for empty files only. It is disabled by default. A (-) expansion flag was added. It works like (n) but correctly sorts negative numbers. The (*) expansion flag enables EXTENDED_GLOB for pattern matching. For example, ${(*)sample/(#b)*(pat)*/${match[1]}} uses backreferences even if EXTENDED_GLOB is not otherwise set. However, this does not descend into nested exapansions, and doubling as (**) does not disable EXTENDED_GLOB. The compinit function learnt a -w option to explain why compdump runs. When run without the -i or -u options and compaudit discovers security issues, answering "y" to the "Ignore insecure ..." prompt removes the insecure elements (like the -i option) where previously it ignored the result (thus formerly like the -u option). Further, removing those elements includes dropping directories from the $fpath array. The zsh/datetime module's strftime builtin learnt an -n option to omit the trailing newline when printing a formatted time. The XTRACE option is now disabled while running user-defined completion widgets. This corresponds to long-standing behavior of other user ZLE widgets. Use the _complete_debug widget to capture XTRACE output, or use "functions -T" to enable tracing of specific completion functions. The fc builtin learnt an -s option which is a POSIX equivalent to the `fc -e-` method of re-executing a command without invoking an editor. The option CASE_PATHS was added to control how NO_CASE_GLOB behaves. NO_CASE_GLOB + NO_CASE_PATHS is equivalent to the current NO_CASE_GLOB behaviour. NO_CASE_GLOB + CASE_PATHS treats only path components that contain globbing characters as case-insensitive; this behaviour may yield more predictable results on case-sensitive file systems. NO_CASE_PATHS is the default. With the new TYPESET_TO_UNSET option set, "typeset foo" leaves foo unset, in contrast to the default behavior which assigns foo="". Any parameter attributes such as numeric type, sorting, and padding are retained until the parameter is explicitly unset or a conflicting value is assigned. This is similar to default behavior of bash and ksh. This option is disabled by default. The compadd builtin's -D option can now be specified more than once. The zsh/zutil module's zformat builtin learnt an -F option which behaves like -f except that ternary expressions check for existence instead of doing math evaluation. The conventional syntax used to indicate units, ranges, and default values in completion descriptions (e.g. `timeout (seconds) (0-60) [20]`) is now recognised by the completion system itself. These components are parsed out of the description and can be individually styled. A _numbers helper function has been added to help function authors offer rich completion for these values. The log builtin, WATCH parameter, et al., have been broken out into a separate module, zsh/watch. The module is enabled by default. The zsh/watch module's WATCHFMT parameter now supports colours via the %F and %K escapes. The STTY parameter can now be set to an empty string before running a command to automatically restore terminal settings after the command finishes. The "jobs" command and "$jobstates" and related parameters can report on parent shell jobs even in subshells. This is a snapshot of the parent state, frozen at the point the subshell started. However, if a subshell starts its own background jobs, the parent state is discarded in order to report on those new jobs. - drop ncurses-fix.patch: upstream