Packages changed: ImageMagick (7.1.0.50 -> 7.1.0.51) Mesa Mesa-drivers MozillaFirefox (106.0.1 -> 106.0.5) alsa (1.2.7.2 -> 1.2.8) alsa-ucm-conf (1.2.7.2 -> 1.2.8) alsa-utils (1.2.7 -> 1.2.8) at-spi2-core augeas (1.12.0 -> 1.13.0) autoyast2 (4.5.6 -> 4.5.8) baloo5-widgets (22.08.2 -> 22.08.3) bash bluedevil5 (5.26.1 -> 5.26.2) bluez breeze (5.26.1 -> 5.26.2) breeze-gtk (5.26.1 -> 5.26.2) btrfsprogs (5.19.1 -> 6.0) conmon coreutils curl (7.85.0 -> 7.86.0) dbus-1 (1.14.0 -> 1.14.4) dbus-1-glib dbus-1-x11 (1.14.0 -> 1.14.4) discover (5.26.1 -> 5.26.2) dolphin (22.08.2 -> 22.08.3) drkonqi5 (5.26.1 -> 5.26.2) evince (43.0 -> 43.1) expat (2.4.9 -> 2.5.0) ffmpegthumbs (22.08.2 -> 22.08.3) firewalld (1.2.0 -> 1.2.1) fwupd gcr3 gdb gdk-pixbuf (2.42.9 -> 2.42.10) gdm gettext-runtime (0.21 -> 0.21.1) gjs (1.74.0 -> 1.74.1) glib2 (2.74.0 -> 2.74.1) glibc gnome-keyring gnome-shell gnome-software gnome-terminal (3.46.2 -> 3.46.3) gpgme (1.16.0 -> 1.18.0) graphviz gstreamer (1.20.3 -> 1.20.4) gstreamer-plugins-bad (1.20.3 -> 1.20.4) gstreamer-plugins-base (1.20.3 -> 1.20.4) gstreamer-plugins-good (1.20.3 -> 1.20.4) gtk4 (4.8.1 -> 4.8.2) highway (1.0.1 -> 1.0.2) irqbalance kaccounts-integration (22.08.2 -> 22.08.3) kaccounts-providers (22.08.2 -> 22.08.3) kactivitymanagerd (5.26.1 -> 5.26.2) kate (22.08.2 -> 22.08.3) kcm_sddm (5.26.1 -> 5.26.2) kde-cli-tools5 (5.26.1 -> 5.26.2) kde-gtk-config5 (5.26.1 -> 5.26.2) kde-print-manager (22.08.2 -> 22.08.3) kdegraphics-thumbnailers (22.08.2 -> 22.08.3) kdenetwork-filesharing (22.08.2 -> 22.08.3) kdialog (22.08.2 -> 22.08.3) kernel-firmware (20220930 -> 20221031) kernel-source (6.0.3 -> 6.0.7) kexec-tools keylime (6.5.1 -> 6.5.3) kgamma5 (5.26.1 -> 5.26.2) khelpcenter5 (22.08.2 -> 22.08.3) khotkeys5 (5.26.1 -> 5.26.2) kinfocenter5 (5.26.1 -> 5.26.2) kio kio-extras5 (22.08.2 -> 22.08.3) kmenuedit5 (5.26.1 -> 5.26.2) konsole (22.08.2 -> 22.08.3) kpipewire (5.26.1 -> 5.26.2) kscreen5 (5.26.1 -> 5.26.2) kscreenlocker (5.26.1 -> 5.26.2) ksshaskpass5 (5.26.1 -> 5.26.2) ksystemstats5 (5.26.1 -> 5.26.2) kwalletmanager5 (22.08.2 -> 22.08.3) kwayland-integration (5.26.1 -> 5.26.2) kwin5 (5.26.1 -> 5.26.2.1) kwrited5 (5.26.1 -> 5.26.2) layer-shell-qt (5.26.1 -> 5.26.2) libXext (1.3.4 -> 1.3.5) libXinerama (1.1.4 -> 1.1.5) libavif libdrm (2.4.113 -> 2.4.114) libepoxy libffi (3.4.3 -> 3.4.4) libidn2 (2.3.3 -> 2.3.4) libkdcraw (22.08.2 -> 22.08.3) libkdecoration2 (5.26.1 -> 5.26.2) libkexiv2 (22.08.2 -> 22.08.3) libkscreen2 (5.26.1 -> 5.26.2) libksysguard5 (5.26.1 -> 5.26.2) libmysofa (1.2.1 -> 1.3.1) libnvme (1.1 -> 1.2) libosinfo libqt5-qtbase (5.15.6+kde177 -> 5.15.7+kde167) libqt5-qtdeclarative (5.15.6+kde20 -> 5.15.7+kde18) libqt5-qtgraphicaleffects (5.15.6+kde0 -> 5.15.7+kde0) libqt5-qtimageformats (5.15.6+kde4 -> 5.15.7+kde5) libqt5-qtlocation (5.15.6+kde3 -> 5.15.7+kde3) libqt5-qtmultimedia (5.15.6+kde1 -> 5.15.7+kde1) libqt5-qtquickcontrols (5.15.6+kde0 -> 5.15.7+kde0) libqt5-qtquickcontrols2 (5.15.6+kde5 -> 5.15.7+kde6) libqt5-qtsensors (5.15.6+kde0 -> 5.15.7+kde0) libqt5-qtspeech (5.15.6+kde1 -> 5.15.7+kde1) libqt5-qtsvg (5.15.6+kde9 -> 5.15.7+kde9) libqt5-qttools (5.15.6+kde1 -> 5.15.7+kde1) libqt5-qttranslations (5.15.6+kde2 -> 5.15.7+kde0) libqt5-qtvirtualkeyboard (5.15.6+kde1 -> 5.15.7+kde0) libqt5-qtwayland (5.15.6+kde49 -> 5.15.7+kde49) libqt5-qtwebchannel (5.15.6+kde3 -> 5.15.7+kde3) libqt5-qtwebview (5.15.6+kde0 -> 5.15.7+kde0) libqt5-qtx11extras (5.15.6+kde0 -> 5.15.7+kde0) libqt5-qtxmlpatterns (5.15.6+kde0 -> 5.15.7+kde0) libstorage-ng (4.5.47 -> 4.5.48) libva libva-gl libxml2 libxshmfence (1.3 -> 1.3.1) libyuv (20220713+d248929c -> 20220920+f9fda6e) llvm15 (15.0.2 -> 15.0.3) lsof (4.95.0 -> 4.96.4) luit (20201003 -> 20221028) lvm2 lvm2-device-mapper (1.02.185 -> 2.03.16_1.02.185) milou5 (5.26.1 -> 5.26.2) mobipocket (22.08.2 -> 22.08.3) mpg123 (1.30.2 -> 1.31.1) multipath-tools (0.9.1+52+suse.be8809e -> 0.9.2+59+suse.ac8942d) ntfs-3g_ntfsprogs (2022.5.17 -> 2022.10.3) nvme-cli (2.1.2 -> 2.2.1) open-lldp (1.1+44.0f781b4162d3 -> 1.1+58.8ca361bab766) openSUSE-build-key openldap2 openldap2-contrib-src openslp openssl (1.1.1q -> 1.1.1s) openssl-1_1 (1.1.1q -> 1.1.1s) openssl-3 (3.0.5 -> 3.0.7) osinfo-db (20220830 -> 20221018) oxygen5-sounds (5.26.1 -> 5.26.2) pam-config (1.7 -> 1.8) patterns-microos pipewire pkcs11-helper (1.28.0 -> 1.29.0) plasma-browser-integration (5.26.1 -> 5.26.2) plasma-nm5 (5.26.1 -> 5.26.2) plasma5-addons (5.26.1 -> 5.26.2) plasma5-desktop (5.26.1 -> 5.26.2) plasma5-disks (5.26.1 -> 5.26.2) plasma5-integration (5.26.1 -> 5.26.2) plasma5-openSUSE plasma5-pa (5.26.1 -> 5.26.2) plasma5-systemmonitor (5.26.1 -> 5.26.2) plasma5-thunderbolt (5.26.1 -> 5.26.2) plasma5-workspace (5.26.1 -> 5.26.2) plymouth (22.02.122+77.c09c651 -> 22.02.122+94.4bd41a3) polkit-default-privs (1550+20221018.7616c25 -> 1550+20221102.9f111fa) polkit-kde-agent-5 (5.26.1 -> 5.26.2) powerdevil5 (5.26.1 -> 5.26.2) protobuf (21.6 -> 21.9) python-Deprecated python-PyJWT (2.5.0 -> 2.6.0) python-SQLAlchemy (1.4.41 -> 1.4.42) python-Twisted (22.4.0 -> 22.10.0) python-charset-normalizer (2.1.1 -> 3.0.0) python-cryptography (38.0.1 -> 38.0.3) python-lark (1.1.2 -> 1.1.3) python-numpy (1.21.6 -> 1.23.4) python-oauthlib (3.2.1 -> 3.2.2) python-psutil (5.9.2 -> 5.9.3) python-pyOpenSSL (22.0.0 -> 22.1.0) python-pymongo (4.2.0 -> 4.3.2) python-pytz (2022.4 -> 2022.5) python-requests python-typing_extensions (4.3.0 -> 4.4.0) python-urllib3 python-zope.interface (5.4.0 -> 5.5.0) python310 (3.10.7 -> 3.10.8) python310-core (3.10.7 -> 3.10.8) qca-qt5 (2.3.4 -> 2.3.5) qemu raspberrypi-firmware (2022.10.18 -> 2022.10.26) raspberrypi-firmware-config (2022.10.18 -> 2022.10.26) raspberrypi-firmware-dt (2022.10.03 -> 2022.10.26) redis rgb (1.0.6 -> 1.1.0) rubygem-nokogiri (1.13.8 -> 1.13.9) rust-keylime (0.1.0+git.1664480840.0ea0492 -> 0.1.0+git.1666019359.f5de47b) samba (4.17.1+git.270.17afe7cb6b -> 4.17.2+git.273.a55a83528b9) sddm sessreg (1.1.2 -> 1.1.3) sg3_utils (1.47+5.d13bc56 -> 1.48~20221101.6d3bd26) shadow signon-kwallet-extension (22.08.2 -> 22.08.3) sqlite3 (3.39.3 -> 3.39.4) strace (5.19 -> 6.0) sudo (1.9.11p3 -> 1.9.12) suse-module-tools (16.0.23 -> 16.0.26) syslogd (1.4.1 -> 1.5.1) systemd (251.6 -> 251.7) systemsettings5 (5.26.1 -> 5.26.2) tar tigervnc timezone (2022e -> 2022f) tracker (3.4.0 -> 3.4.1) tracker-miners (3.4.0 -> 3.4.1) transactional-update (4.0.1 -> 4.1.0) usbutils (014 -> 015) vim (9.0.0709 -> 9.0.0814) vte (0.70.0 -> 0.70.1) vulkan-loader (1.3.224.0 -> 1.3.231.0) vulkan-tools (1.3.224.0 -> 1.3.231) webkit2gtk3 (2.38.0 -> 2.38.1) webkit2gtk4 (2.38.0 -> 2.38.1) xcb-util-cursor (0.1.3 -> 0.1.4) xdg-desktop-portal-kde (5.26.1 -> 5.26.2) xdg-user-dirs (0.17 -> 0.18) xmlsec1 (1.2.34 -> 1.2.36) xorg-x11-server xsetroot (1.1.2 -> 1.1.3) xterm (373 -> 375) xwayland (22.1.3 -> 22.1.5) yast2 (4.5.17 -> 4.5.18) yast2-add-on (4.5.1 -> 4.5.2) yast2-packager (4.5.5 -> 4.5.6) yast2-ruby-bindings (4.5.3 -> 4.5.4) zchunk (1.2.2 -> 1.2.3) === Details === ==== ImageMagick ==== Version update (7.1.0.50 -> 7.1.0.51) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - update to 7.1.0.51: * obtain scene from image structure * prevent undefined shift * Added private api to go through a linked list without using semaphores. * Fixed build. * latest automake configuration * fix undefined-shift in ReadTGAImage @ https://oss-fuzz.com/testcase?key=5129864151957504 * prevent divide by zero exception ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - build against llvm15/clang15 on sle15-sp5/Leap 15.5 - u_nouveau-corrupted-colors-boo1203949.patch * fixes corrupted colors in videos on nouveau with Kepler in Firefox (boo#1203949, issue#7416) - moved drirc.d config snippets from Mesa to Mea-dri package; radv driver specific conf was missing completely (boo#1204866) ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva - build against llvm15/clang15 on sle15-sp5/Leap 15.5 - u_nouveau-corrupted-colors-boo1203949.patch * fixes corrupted colors in videos on nouveau with Kepler in Firefox (boo#1203949, issue#7416) - moved drirc.d config snippets from Mesa to Mea-dri package; radv driver specific conf was missing completely (boo#1204866) ==== MozillaFirefox ==== Version update (106.0.1 -> 106.0.5) - Mozilla Firefox 106.0.5: * Addresses a crash experienced by users with Intel Gemini Lake CPUs (bmo#1702019) - Mozilla Firefox 106.0.4: * Fixed an issue with DRM Video playback (bmo#1797292) * Fixed broken layout of datetime input when switching types (bmo#1797139) - Mozilla Firefox 106.0.3 * Fixes for other platforms - Mozilla Firefox 106.0.2 * Fix missing content on some PDF forms (bmo#1794351) * Fix column width for the Notification sub-panel in Settings (bmo#1793558) * Fix a browser freeze with accessibility enabled on some sites such as the Proxmox Web UI (bmo#1793748) * Fix page reloading not working with Firefox View and not refreshing synced data (bmo#1792680, bmo#1794474) ==== alsa ==== Version update (1.2.7.2 -> 1.2.8) Subpackages: libasound2 libatopology2 - Update to version 1.2.8: add FreeBSD/NetBD/OpenBSD build support, fixes in control namehint, various PCM plugins and UCM. For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.7.2_v1.2.8 - Add keyring ==== alsa-ucm-conf ==== Version update (1.2.7.2 -> 1.2.8) - Update to version 1.2.8: lots of new profiles for USB-audio, SOF and others: https://www.alsa-project.org/wiki/Changes_v1.2.7.2_v1.2.8 - Add keyring ==== alsa-utils ==== Version update (1.2.7 -> 1.2.8) - Update to alsa-utils 1.2.8: automake update, minor alsactl, amixer and aplay fixes. https://www.alsa-project.org/wiki/Changes_v1.2.7.2_v1.2.8 - Add keyring ==== at-spi2-core ==== Subpackages: libatk-1_0-0 libatk-bridge-2_0-0 libatspi0 typelib-1_0-Atk-1_0 typelib-1_0-Atspi-2_0 - Ensure xprop is required when xwayland is installed. ==== augeas ==== Version update (1.12.0 -> 1.13.0) Subpackages: augeas-lenses libaugeas0 libfa1 - Update to 1.13.0 * Fixes bsc#1204554 * Added augeas-1.13.0-replace_security_context_t-patch to fix a syntax error. * Rebased gcc9-disable-broken-test.patch * Dropped the following patches since they are now upstreamed: - augeas-new_options_for_chrony.patch - augeas-allow_printable_ASCII.patch - remove-unportable-tests.patch * General changes/additions - Add Dockerfile (Nicolas Gif) (Issue #650) - augtool: Improved readline integration to handle quoting issues (Pino Toscano) - typechecker: Allow including '/' in keys and labels. Thanks to felixdoerre for pointing out that this restriction was unnecessary. See issue #668 for the discussion. - Add function modified() to select nodes which are marked as dirty (George Hansper) (Issue #691) - Add CLI command 'preview' and API 'aug_preview' to preview file contents (George Hansper) (#690) - Add "else" operator to augeas path-filter expressions (priority selector) (George Hansper) (#692) - Add new axis 'seq' to allow /path/seq::*[expr] to match and create numeric nodes, as idempotent alternative to /path/*[expr] (George Hansper) (#706) * Lens changes/additions - Authinfo2: new lens to parse Authinfo2 format (Nicolas Gif) (Issue #649) - Chrony: add new options (Miroslav Lichvar) (Issue #698) - Cmdline: New lens to parse /proc/cmdline (Thomas Weißschuh) - Crypttab: support UUID in device and / in opt (Raphaël Pinson) (#713) - Fail2ban: new lens to parse Fail2ban format (Nicolas Gif) (Issue #651) - Grub: support '+' in kernel command line option names (Pino Toscano) (Issue #647) - Krb5: handle [plugins] subsection (Pino Toscano) (Issue #663) - Limits: support colons in the domain pattern of the limits lens (Xavier Mol) (Issue #645) - Logrotate: add hourly schedule (Jason A. Smith) (Issue #655) - Mke2fs: parse more common entries between [defaults] and the tags in [fs_types], fix the type of few entries, handle the [options] stanza (Pino Toscano) (Issue #642) - support quoted values (Pino Toscano) (Issue #661) - NetworkManager: allow # in values (mfilka) (#723) - Opendkim: update to match current conffile format (Issue #644) - Postfix_Master: Allow unix-dgram as type (Issue #635) - Postfix_transport: Allow underscore (Anton Baranov) (Issue #678) - Postgresql: Allow hyphen '-' in values that don't require quotes (Marcin Barczyński) (Issues #700 #701) - Properties: Allow "/" in property names (felixdoerre) (Issue #680) - Redis: add incl path /etc/redis.conf (Raphaël Pinson) (#726) - support "replicaof" (Raphaël Pinson) (#727) - fix support for "sentinel" (Raphaël Pinson) (#728) - Resolv: Support new options (Trevor Vaughan) (Issues #707 #708) - Rsyslog: support multiple actions in filters and selectors (Issue [#653]) - Shellvars: exclude more tcsh profile scripts (Pino Toscano) (Issue [#627]) - Simplevars: add ocsinventory-agent.cfg (Pat Riehecky) (Issue #637) - Sudoers: support new @include/@includedir directives (Pino Toscano) (Issue #693) - Sudoers: Allow AD groups (luchihoratiu) (Issue #696) - Support negative integers (Ando David Roots) (#724) - Ssh: add Match keyword support (granquet) (Issue #695) - Sshd: support quotes in Match conditions (Issue #739) - Systemd: fix parsing of envvars with spaces (Pino Toscano) (#659) - Add incl paths according to 'systemd.network(5)' (chruetli) (#683) - Tinc: new lens for Tinc VPN configuration files (Thomas Weißschuh) (#718) - Toml: support arrays (norec) in inline tables (Raphaël Pinson) (#703) - Tmpfiles: improvements to the types specification (Pino Toscano) (Issue #694) ==== autoyast2 ==== Version update (4.5.6 -> 4.5.8) - Log the profile/rules/classes file SHA1 sum so we can later verify that a particular file was or was not used by YaST (related to bsc#1204175) - 4.5.8 - Allow empty values in ask/default, ask/selection/label and ask/selection/value elements (bsc#1204448). - 4.5.7 ==== baloo5-widgets ==== Version update (22.08.2 -> 22.08.3) - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== bash ==== Subpackages: bash-doc bash-sh - Set DEFAULT_LOADABLE_BUILTINS_PATH to get BASH_LOADABLES_PATH correct (boo#1204567) ==== bluedevil5 ==== Version update (5.26.1 -> 5.26.2) Subpackages: bluedevil5-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== bluez ==== Subpackages: bluez-auto-enable-devices bluez-cups libbluetooth3 - For pushing bluez 5.65 to 15-SP5 (bluez-5.62), sync more change log: (jsc#PED-1407) - The hcidump-Fix-set_ext_ctrl-global-buffer-overflow.patch be merged to bluez-5.51 in 2018. (bsc#1013732)(CVE-2016-9801) - The following btmon patches are merged to bluez-5.51 and later: 0001-btmon-fix-segfault-caused-by-buffer-over-read.patch 0002-btmon-fix-segfault-caused-by-buffer-over-read.patch 0003-btmon-fix-segfault-caused-by-buffer-over-read.patch 0004-btmon-Fix-crash-caused-by-integer-underflow.patch 0005-btmon-fix-stack-buffer-overflow.patch 0006-btmon-fix-multiple-segfaults.patch 0007-btmon-fix-segfault-caused-by-integer-underflow.patch 0008-btmon-fix-segfault-caused-by-integer-undeflow.patch 0009-btmon-fix-segfault-caused-by-buffer-over-read.patch 0010-btmon-fix-segfault-caused-by-buffer-overflow.patch 0011-btmon-fix-segfault-caused-by-integer-underflow.patch 0012-btmon-fix-segfault-caused-by-buffer-over-read.patch (bsc#1015173)(CVE-2016-9918)(bsc#1013893)(CVE-2016-9802) - The shared-gatt-server-Fix-not-properly-checking-for-sec.patch be merged to bluez-5.57 in 2021. (bsc#1186463 CVE-2021-0129 CVE-2020-26558) - The gatt-Fix-potential-buffer-out-of-bound.patch be merged to bluez-5.56 in 2021. (bsc#1187165 CVE-2021-3588) - The shared-gatt-db-Introduce-gatt_db_attribute_set_fixed.patch be merged to bluez-5.56 in 2021. (bsc#1187165 CVE-2021-3588) - The gatt-Make-use-of-gatt_db_attribute_set_fixed_length.patch be merged to bluez-5.56 in 2021. (bsc#1187165 CVE-2021-3588) - Add JIRA-SLE-18497 number to 5.60, 5.61 and 5.62 update log to sync with bluez.changes in SLE15-SP5. - Install modprobe.conf files to %_modprobedir This change already in bluez.sepc in openSUSE:Factory/bluez. Sync the change log here. (bsc#1196275, jsc#SLE-20639) ==== breeze ==== Version update (5.26.1 -> 5.26.2) Subpackages: breeze5-cursors breeze5-decoration breeze5-style breeze5-style-lang breeze5-wallpapers libbreezecommon5-5 - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== breeze-gtk ==== Version update (5.26.1 -> 5.26.2) Subpackages: gtk2-metatheme-breeze gtk3-metatheme-breeze metatheme-breeze-common - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== btrfsprogs ==== Version update (5.19.1 -> 6.0) Subpackages: btrfsprogs-udev-rules libbtrfs0 - update to 6.0 * fi usage: in tabular output, print total size and slack size * mkfs: * option -O now accepts values from -R to unify the interface (-R will continue to work) * zone reset and discard is done in parallel on all devices * removed option --leafsize, deprecated long time ago * corrupt-block: recalculate checksum when changing generation * fixes: * convert: fix reserved range detection and overlaps * mkfs: fix creating files with reserved inode numbers with --rootdir * receive: escape filenames in command attributes * fix extent buffer leaks after transaction abort * experimental: * mkfs: support for block-group-tree (kernel 6.1) * fsverity in send (protocol v3, WIP) * btrfstune -b converts to block-group-tree * other: * cleanups, refactoring * new and updated tests * update documentation ==== conmon ==== - Add patch to fix build with make >= 4.4: * 0001-Fix-tools-Makefile-with-GNU-make-4.4.patch ==== coreutils ==== Subpackages: coreutils-doc - coreutils-tests-workaround-make-fdleak.patch: Add patch to work around a GNU make bug which leaks file descriptors when using the jobserver; this makes some tests fail. - coreutils.spec: Reference the patch. ==== curl ==== Version update (7.85.0 -> 7.86.0) Subpackages: libcurl4 - Update to 7.86.0: * Security fixes: - POST following PUT confusion [bsc#1204383, CVE-2022-32221] - .netrc parser out-of-bounds access [bsc#1204384, CVE-2022-35260] - HTTP proxy double-free [bsc#1204385, CVE-2022-42915] - HSTS bypass via IDN [bsc#1204386, CVE-2022-42916] * Changes: - NPN: remove support for and use of - Websockets: initial support * Bugfixes: - altsvc: reject bad port numbers - autotools: reduce brute-force when detecting recv/send arg list - aws_sigv4: fix header computation - cli tool: do not use disabled protocols - connect: change verbose IPv6 address:port to [address]:port - connect: fix builds without AF_INET6 - connect: fix Curl_updateconninfo for TRNSPRT_UNIX - connect: fix the wrong error message on connect failures - content_encoding: use writer struct subclasses for different encodings - cookie: reject cookie names or content with TAB characters - curl/add_file_name_to_url: use the libcurl URL parser - curl/get_url_file_name: use libcurl URL parser - curl: warn for --ssl use, considered insecure - docs/libcurl/symbols-in-versions: add several missing symbols - ftp: ignore a 550 response to MDTM - functypes: provide the recv and send arg and return types - getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled - header: define public API functions as extern c - headers: reset the requests counter at transfer start - hostip: guard PF_INET6 use - hostip: lazily wait to figure out if IPv6 works until needed - http, vauth: always provide Curl_allow_auth_to_host() functionality - http2: make nghttp2 less picky about field whitespace - http: try parsing Retry-After: as a number first - http_proxy: restore the protocol pointer on error - lib: add missing limits.h includes - lib: prepare the incoming of additional protocols - lib: sanitize conditional exclusion around MIME - libssh: if sftp_init fails, don't get the sftp error code - mprintf: reject two kinds of precision for the same argument - mqtt: return error for too long topic - netrc: compare user name case sensitively - netrc: replace fgets with Curl_get_line - netrc: use the URL-decoded user - ngtcp2: fix build errors due to changes in ngtcp2 library - noproxy: support proxies specified using cidr notation - openssl: make certinfo available for QUIC - resolve: make forced IPv4 resolve only use A queries - schannel: ban server ALPN change during recv renegotiation - schannel: don't reset recv/send function pointers on renegotiation - schannel: when importing PFX, disable key persistence - setopt: use the handler table for protocol name to number conversions - setopt: when POST is set, reset the 'upload' field - single_transfer: use the libcurl URL parser when appending query parts - smb: replace CURL_WIN32 with WIN32 - tool: avoid generating ambiguous escaped characters in --libcurl - tool_main: exit at once if out of file descriptors - tool_operate: more transfer cleanup after parallel transfer fail - tool_operate: prevent over-queuing in parallel mode - tool_paramhelp: asserts verify maximum sizes for string loading - tool_xattr: save the original URL, not the final redirected one - url: a zero-length userinfo part in the URL is still a (blank) user - url: allow non-HTTPS HSTS-matching for debug builds - url: rename function due to name-clash in Watt-32 - url: use IDN decoded names for HSTS checks - urlapi: detect scheme better when not guessing - urlapi: fix parsing URL without slash with CURLU_URLENCODE - urlapi: reject more bad characters from the host name field * Remove patch upstream: - connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch ==== dbus-1 ==== Version update (1.14.0 -> 1.14.4) Subpackages: dbus-1-common dbus-1-daemon dbus-1-tools libdbus-1-3 - update to 1.14.4 (bsc#1204111, CVE-2022-42010, bsc#1204112, CVE-2022-42011, bsc#1204113, CVE-2022-42012): This is a security update for the dbus 1.14.x stable branch, fixing denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying security hardening (dbus#416). Behaviour changes: * On Linux, dbus-daemon and other uses of DBusServer now create a path-based Unix socket, unix:path=..., when asked to listen on a unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to unix:dir=... on all platforms. Previous versions would have created an abstract socket, unix:abstract=..., in this situation. This change primarily affects the well-known session bus when run via dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring dbus with --enable-user-session and running it on a systemd system, already used path-based Unix sockets and is unaffected by this change. This behaviour change prevents a sandbox escape via the session bus socket in sandboxing frameworks that can share the network namespace with the host system, such as Flatpak. This change might cause a regression in situations where the abstract socket is intentionally shared between the host system and a chroot or container, such as some use-cases of schroot(1). That regression can be resolved by using a bind-mount to share either the D-Bus socket, or the whole /tmp directory, with the chroot or container. (dbus#416, Simon McVittie) * Denial of service fixes: - Evgeny Vereshchagin discovered several ways in which an authenticated local attacker could cause a crash (denial of service) in dbus-daemon --system or a custom DBusServer. In uncommon configurations these could potentially be carried out by an authenticated remote attacker. - An invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element would cause an assertion failure in debug builds or an out-of-bounds read in production builds. This was a regression in version 1.3.0. (dbus#413, CVE-2022-42011; Simon McVittie) - A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical example. (dbus#418, CVE-2022-42010; Simon McVittie) - A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption in production builds, or an assertion failure in debug builds. This was a regression in version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie) - Preserve errno on failure to open /proc/self/oom_score_adj (dbus!285, Gentoo#834725; Mike Gilbert) - On Linux, don't log warnings if oom_score_adj is read-only but does not need to be changed (dbus!291, Simon McVittie) - Slightly improve error-handling for inotify (dbus!235, Simon McVittie) - Don't crash if dbus-daemon is asked to watch more than 128 directories for changes (dbus!302, Jan Tojnar) ==== dbus-1-glib ==== - Try to guard against incomplete update stacks (boo#1202241): + Add split-provides to libdbus-1-glib and bash-completion sub-package. + Add explicit conflict to bash-completion subpackage against dbus-1-glib < 0.112 (when the package split happened) + Ensure dbus-1-glib-tool gets the correct library version installed. ==== dbus-1-x11 ==== Version update (1.14.0 -> 1.14.4) - update to 1.14.4 (bsc#1204111, CVE-2022-42010, bsc#1204112, CVE-2022-42011, bsc#1204113, CVE-2022-42012): This is a security update for the dbus 1.14.x stable branch, fixing denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying security hardening (dbus#416). Behaviour changes: * On Linux, dbus-daemon and other uses of DBusServer now create a path-based Unix socket, unix:path=..., when asked to listen on a unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to unix:dir=... on all platforms. Previous versions would have created an abstract socket, unix:abstract=..., in this situation. This change primarily affects the well-known session bus when run via dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring dbus with --enable-user-session and running it on a systemd system, already used path-based Unix sockets and is unaffected by this change. This behaviour change prevents a sandbox escape via the session bus socket in sandboxing frameworks that can share the network namespace with the host system, such as Flatpak. This change might cause a regression in situations where the abstract socket is intentionally shared between the host system and a chroot or container, such as some use-cases of schroot(1). That regression can be resolved by using a bind-mount to share either the D-Bus socket, or the whole /tmp directory, with the chroot or container. (dbus#416, Simon McVittie) * Denial of service fixes: - Evgeny Vereshchagin discovered several ways in which an authenticated local attacker could cause a crash (denial of service) in dbus-daemon --system or a custom DBusServer. In uncommon configurations these could potentially be carried out by an authenticated remote attacker. - An invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element would cause an assertion failure in debug builds or an out-of-bounds read in production builds. This was a regression in version 1.3.0. (dbus#413, CVE-2022-42011; Simon McVittie) - A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical example. (dbus#418, CVE-2022-42010; Simon McVittie) - A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption in production builds, or an assertion failure in debug builds. This was a regression in version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie) - Preserve errno on failure to open /proc/self/oom_score_adj (dbus!285, Gentoo#834725; Mike Gilbert) - On Linux, don't log warnings if oom_score_adj is read-only but does not need to be changed (dbus!291, Simon McVittie) - Slightly improve error-handling for inotify (dbus!235, Simon McVittie) - Don't crash if dbus-daemon is asked to watch more than 128 directories for changes (dbus!302, Jan Tojnar) ==== discover ==== Version update (5.26.1 -> 5.26.2) Subpackages: discover-backend-flatpak discover-backend-fwupd discover-backend-packagekit discover-lang discover-notifier - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - Changes since 5.26.1: * flatpak: make sure we look up the correct resource (kde#460365) * flatpak: Only show the beta information for apps (kde#459131) * flatpak: Properly render if the beta package is too old * snap: Port away from Kirigami.ItemViewHeader (kde#460391) ==== dolphin ==== Version update (22.08.2 -> 22.08.3) Subpackages: dolphin-part libdolphinvcs5 - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== drkonqi5 ==== Version update (5.26.1 -> 5.26.2) Subpackages: drkonqi5-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - Changes since 5.26.1: * check telemetrymode * Use qdbus to query for the hostname * allow using debuginfod for symbol resolution with gdb12 (kde#454063) ==== evince ==== Version update (43.0 -> 43.1) Subpackages: evince-plugin-pdfdocument libevdocument3-4 libevview3-3 typelib-1_0-EvinceDocument-3_0 typelib-1_0-EvinceView-3_0 - Update to version 43.1: + build: Disable nautilus extension by default. + comics: - Avoid critical when pixbuf can't be rendered. - Better debug on archive error. - Fix crash that can happen if archive is damaged. - Still try to open broken comics. + shell: Fix use-after-free on a modified document. + Fix incorrect link in README.md. + Use https URL for libarchive.org in README.md. + Updated translations. ==== expat ==== Version update (2.4.9 -> 2.5.0) Subpackages: libexpat1 - Update to 2.5.0: (bsc#1204708) * Security fixes: - CVE-2022-43680 -- Fix heap use-after-free after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations. Expected impact is denial of service or potentially arbitrary code execution. * Bug fixes: - Fix curruption from undefined entities - Fix case when parsing was suspended while processing nested entities - Stop leaking opening tag bindings after a closing tag mismatch error where a parser is reset through XML_ParserReset and then reused to parse - CMake: Fix generation of pkg-config file - MinGW|CMake: Fix static library name * Other changes: - Protect header expat_config.h from multiple inclusion - examples: Make use of XML_GetBuffer and be more consistent across examples - Address compiler warnings - Version info bumped from 9:9:8 to 9:10:8; see https://verbump.de/ for what these numbers do ==== ffmpegthumbs ==== Version update (22.08.2 -> 22.08.3) - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== firewalld ==== Version update (1.2.0 -> 1.2.1) Subpackages: firewalld-bash-completion python3-firewall - Update to 1.2.1: * fix(modules): don't error if /proc/modules is missing (a1f091d) * fix(readme): format optional (03e61f2) * docs: add protocols to rich and zones (191cea4) * docs(policy): add priority attribute to rule (616ed7c) * fix(runtimeToPermanent): errors for interfaces not in zone (6b5a70b) * fix(failsafe): log exception on fatal failure (af1b8f0) * fix(ipset): defer native ipset creation if nftables (ae0ded4) * fix(nftables): drop invalid packets before zone dispatch (dc972ae) * fix(iptables): drop invalid packets before zone dispatch (83a4608) * fix(policies): Splitting interfaces with wildcards (3806e79) * fix(ipset): exception on overlap checking empty set (bfe827f) * fix(bash): fix ipset commands autocompletion (742669b) * docs(README): fix typo (e40b100) * fix(treewide): misc typos (d121f0c) * fix: firewalld.conf: trim trailing whitespace (21809ed) ==== fwupd ==== Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - For pushing fwupd-1.8.6 to 15-SP5 (fwupd-1.7.3), sync change log: (jsc#PED-1232) - fwupd-bsc1193921-nvme-ignore-non-PCI-NVMe-devices.patch be merged to fwupd-1.7.3 ==== gcr3 ==== Subpackages: gcr3-data gcr3-prompter gcr3-ssh-agent gcr3-ssh-askpass libgck-1-0 libgcr-3-1 - Have libgcr-3-1 require gcr3-ssh-askpass when gnome-keyring is present: gnome-keyring interacts deeper with this library, which justifies a hard dep in this case (boo#1204071). ==== gdb ==== - Patches added (swo#29277): * gdb-fix-assert-in-handle_jit_event.patch - Maintenance script qa.sh: * Add PR29706 and PR28617 kfails. ==== gdk-pixbuf ==== Version update (2.42.9 -> 2.42.10) Subpackages: gdk-pixbuf-query-loaders gdk-pixbuf-thumbnailer libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0 - Update to version 2.42.10: + Search for rst2man.py. + Update the memory size limit for JPEG images. + Updated translations. - Drop patch fixed upstream (with different limit): + 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch ==== gdm ==== Subpackages: gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Update gdm-sysconfig-settings.patch: Fix gdm doesn't start if /etc/sysconfig/displaymanager is missing (bsc#1204578). ==== gettext-runtime ==== Version update (0.21 -> 0.21.1) Subpackages: libtextstyle0 - update keyring for the last version update - Update to Version 0.21.1 * Runtime behaviour: - On AIX, locale names with a script or with an uppercase language are now supported. For example, sr_Cyrl_RS.UTF-8 is treated like sr_RS.UTF-8@cyrillic, and EN_US.UTF-8 is treated like en_US.UTF-8. * The base Unicode standard is now updated to 14.0.0. * Portability: - Building on macOS 11/arm64 is now supported. - Building on Linux/powerpc64le with glibc ≥ 2.35 is now supported. ==== gjs ==== Version update (1.74.0 -> 1.74.1) Subpackages: libgjs0 typelib-1_0-GjsPrivate-1_0 - Update to version 1.74.1: + Closed bugs and merge requests: - Problem calling promisified D-Bus wrappers with callback. - docs: . Fix link in issue template. . Document Gio.FileEnumerator iteration. . Fix Markdown formatting in README.MSVC.md. ==== glib2 ==== Version update (2.74.0 -> 2.74.1) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Add a1151bc1.patch: gio/gdesktopappinfo: Free the wrapped argv array on launch failure. - Add ca905744.patch: Revert "Handling collision between standard i/o file descriptors and newly created ones". The user-visible problem this solves is gnome-keyring-daemon eating 100% CPU. - Update to version 2.74.1: + Update Unicode data to version 15 + Fix various build failures in different situations + Fix over-eager deprecated property warnings for construct properties + Fix a crash calling `g_param_value_is_valid()` on a `GParamSpecParam` + Fix floating `GVariant` leaks with GObject properties + Add inline optimised version of `g_str_equal()` + Fix `GVariant` type depths checks on text format variants + Fix regression with int64 and double hashing functions on big-endian architectures + Build the API documentation only when building GLib as a shared library + Ignore weird `/etc/localtime` configurations generated by toolbx + Avoid `EINTR` races when closing FDs in `g_spawn_*()` + Bugs fixed: glgo#GNOME/GLib#16, glgo#GNOME/GLib#333, glgo#GNOME/GLib#2735, glgo#GNOME/GLib#2740, glgo#GNOME/GLib#2742, glgo#GNOME/GLib#2748, glgo#GNOME/GLib#2758, glgo#GNOME/GLib#2759, glgo#GNOME/GLib#2766, glgo#GNOME/GLib#2767, glgo#GNOME/GLib#2770, glgo#GNOME/GLib#2774, glgo#GNOME/GLib#2775, glgo#GNOME/GLib#2782, glgo#GNOME/GLib#2787, glgo#GNOME/GLib#2788, glgo#GNOME/GLib!2852, glgo#GNOME/GLib!2857, glgo#GNOME/GLib!2864, glgo#GNOME/GLib!2866, glgo#GNOME/GLib!2880, glgo#GNOME/GLib!2885, glgo#GNOME/GLib!2892, glgo#GNOME/GLib!2896, glgo#GNOME/GLib!2899, glgo#GNOME/GLib!2901, glgo#GNOME/GLib!2903, glgo#GNOME/GLib!2904, glgo#GNOME/GLib!2905, glgo#GNOME/GLib!2907, glgo#GNOME/GLib!2911, glgo#GNOME/GLib!2913, glgo#GNOME/GLib!2915, glgo#GNOME/GLib!2916, glgo#GNOME/GLib!2920, glgo#GNOME/GLib!2922, glgo#GNOME/GLib!2924, glgo#GNOME/GLib!2928, glgo#GNOME/GLib!2931, glgo#GNOME/GLib!2933, glgo#GNOME/GLib!2938, glgo#GNOME/GLib!2939, glgo#GNOME/GLib!2946, glgo#GNOME/GLib!2948, glgo#GNOME/GLib!2949, glgo#GNOME/GLib!2958, glgo#GNOME/GLib!2960, glgo#GNOME/GLib!2973, glgo#GNOME/GLib!2975, glgo#GNOME/GLib!2982, glgo#GNOME/GLib!2983, glgo#GNOME/GLib!2988, glgo#GNOME/GLib!2989, glgo#GNOME/GLib!2995, glgo#GNOME/GLib!2996, glgo#GNOME/GLib!2998, glgo#GNOME/GLib!3010. + Updated translations. - Rebase patches with quilt. - Drop f0dd96c28751f15d0703b384bfc7c314af01caa8.diff: Fixed upstream. ==== glibc ==== Subpackages: glibc-extra glibc-locale glibc-locale-base nscd - dl-debug-bindings.patch: elf: Reinstate on DL_DEBUG_BINDINGS _dl_lookup_symbol_x (bsc#1204710) ==== gnome-keyring ==== Subpackages: gnome-keyring-pam libgck-modules-gnome-keyring - Use %_pam_moduledir instead of %{_lib}/security (boo#1191034). ==== gnome-shell ==== Subpackages: gnome-extensions gnome-shell-calendar - Add gnome-shell-disable-offline-update-dialog.patch : Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832). ==== gnome-software ==== - Add gnome-software-disable-offline-update.patch: Disable offline update in SLE and openSUSE Leap(bsc#944832). ==== gnome-terminal ==== Version update (3.46.2 -> 3.46.3) Subpackages: gnome-shell-search-provider-gnome-terminal nautilus-extension-terminal - Update to version 3.46.3: * client: More env vars to filter. * desktop: Use Preferences icon. * icons: Add separate icons for Preferences. * l10n: Remove mjw from LINGUAS. * metainfo: Remove XML namespaces. * prefs: - Use different wm class. - Use new icon. * profile: Use correct schema source for the profiles list schema. * Updated translations. ==== gpgme ==== Version update (1.16.0 -> 1.18.0) Subpackages: libgpgme11 libgpgmepp6 python310-gpg - gpgme 1.18.0 * New keylist mode to force refresh via external methods * The keylist operations now create an import result to report the result of the locate keylist modes * core: Return BAD_PASSPHRASE error code on symmetric decryption failure * cpp, qt: Do not export internal symbols anymore * cpp, qt: Support revocation of own OpenPGP keys * qt: The file name of (signed and) encrypted data can now be set * cpp, qt: Support setting the primary user ID * python: Fix segv(NULL) when inspecting contect after exeception - includes changes from version 1.17.1: * qt: Fix a bug in the ABI compatibility of 1.17.0 - includes changes from 1.17.0: * New context flag "key-origin" * New context flag "import-filter" * New export mode to export secret subkeys * Detect errors during the export of secret keys * New function gpgme_op_receive_keys to import keys from a keyserver without first running a key listing * Detect bad passphrase error in certificate import * Allow setting --key-origin when importing keys * Support components "keyboxd", "gpg-agent", "scdaemon", "dirmngr", "pinentry", and "socketdir" in gpgme_get_dirinfo * Under Unix use poll(2) instead of select(2), when available. * Fix results returned by gpgme_data_* functions * Support closefrom also for glibc (drop upstream gpgme-use-glibc-closefrom.patch * cpp,qt: Add support for export of secret keys and secret subkeys. * cpp,qt: Support for adding existing subkeys to other keys * qt: Extend ChangeExpiryJob to change expiration of primary key and of subkeys at the same time * qt: Support WKD lookup without implicit import * qt: Allow specifying an import filter when importing keys * qt: Allow retrieving the default value of a config entry - drop patches included upstream * gpgme-1.16.0-Use-after-free-in-t-edit-sign-test.patch * gpgme-1.16.0-t-various-testSignKeyWithExpiration-32-bit.patch - add patches to fix tests: * gpgme-1.18.0-T6137-qt_test.patch ==== graphviz ==== Subpackages: libcdt5 libcgraph6 libgvc6 libpathplan4 - add swig-4.1.0.patch to work around graphviz's incompatibility with swig-4.1.0. ==== gstreamer ==== Version update (1.20.3 -> 1.20.4) Subpackages: libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.20.4: + Highlighted bugfixes in 1.20.4: - avaudiodec: fix playback issue with WMA files, would throw an error at EOS with FFmpeg 5.x - Fix deadlock when loading gst-editing-services plugin - Fix input buffering capacity in live mode for aggregator, video/audio aggregator subclasses, muxers - glimagesink: fix crash on Android - subtitle handling and subtitle overlay fixes - matroska-mux: allow width + height changes for avc3|hev1|vp8|vp9 - rtspsrc: fix control url handling for spec compliant servers and add fallback for incompliant servers - WebRTC fixes - RTP retransmission fixes - video: fixes for formats with 4x subsampling and horizontal co-sited chroma (Y41B, YUV9, YVU9 and IYU9) - Fix consuming of the macOS package as a framework in XCode - Performance improvements - Miscellaneous bug fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - buffer: drop parent meta in deep copy/foreach_metadata - devicemonitor: Use a sync bus handler for the provider to avoid accumulating all messages until the provider is stopped - element: Fix requesting of pads with string templates - gst: . Protect initialization state with a recursive mutex . Add missing define guard for build without gstreamer debug logging support - gst_init: Initialize static plugins just before dynamic plugins - info: Parse "NONE" as a valid level name - meta: Set the parent refcount of the GstStructure correctly - pluginloader: Don't hang on short reads/writes - tracers: leaks: . Fix potentially invalid memory access when trying to detect object type . Fix object-refings.class flags - uri: When setting the same string again do nothing - value: Don't loop forever when serializing invalid flag + Base Libraries: - aggregator: . Fix input buffering in live mode (was too low before in many cases) . Fix reversed active/flushing arguments in debug log output . Reset EOS flag after receiving a stream-start event + Core Elements: queue2: - Hold the lock when modifying sinkresult - Fix deadlock when deactivate is called in pull mode ==== gstreamer-plugins-bad ==== Version update (1.20.3 -> 1.20.4) Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 - Update to version 1.20.4: + amcvideodec: fix GstAmcSurfaceTexture segfault. + audiobuffersplit: Fix drift that was introduced by wrong calculations in gapless mode. + audiovisualizer: fix buffer mapping to not increase refcount. + avfvideosrc: Fix wrong default framerate value. + d3d11decoder: Check 16K resolution support. + d3d11videosink: Fix for force-aspect-ratio setting when rendering on shared texture. + GstPlay: missing cleanup for g_autoptr. + mxfdemux: Always calculate BlockAlign of raw audio to work around files with broken BlockAlign field in the headers. + nvdec: Fix for HEVC decoding when coded resolution is larger than display resolution. + openh264enc: Fix constrained-high encoding. + openh264: Register debug categories earlier. + openmpt: update from now deprecated api. + player/play: Fix object construction and various leaks. + player: Plug a memory leak. + proxysink: Make sure stream-start and caps events are forwarded, and fix memory leak. + tests: skip unit tests for dependency-less elements that have been disabled. + tsdemux: Don't trigger a program change when falling back to ignore-pcr behaviour. + va: - allocator: Fix translation of VADRMPRIMESurfaceDescriptor. - h265dec: Fix a crash because of missing reference frame. - vah265dec: Decoder segfaults on seek. + wasapi2: Fix initial mute/volume setting. + wasapi: Implement default audio channel mask. + webrtcbin: - Fix pointer dereference before null check. - Limit sink query to sink pads. + webrtc: Make sure to return NULL when validating TURN server fails. - Drop va-allocator-fix.patch: fixed upstream. ==== gstreamer-plugins-base ==== Version update (1.20.3 -> 1.20.4) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstTag-1_0 - Update to version 1.20.4: + decodebin3: - Fix mutex leaks - Fix memory issues with active selection list - uridecodebin3, urisourcebin: Event handling fixes - Fix EOS event sequence + parsebin: - Avoid crash with unknown streams - SIGSEGV during HLS stream using souphttpsrc + glimagesink: - Only allow setting the GL display/context if it is a valid value - Segfault on android devices + gstgl: Fix several memory leaks in macOS + opusenc: improve inband-fec property documentation + playsink: Hold a reference to the soft volume element + pbutils: descriptions: fix gst_pb_utils_get_caps_description_flags() + rtspurl: Use gst_uri_join_strings() in gst_rtsp_url_get_request_uri_with_control() instead of a hand-crafted, wrong version + rtspconnection: protect cancellable by a mutex + sdpmessage: Don't set SDP medias from caps without media/payload/clock-rate fields + samiparse: fix handling of self-closing tags + ssaparse: include required system headers for isspace() and sscanf() functions + subparse: fix crash when parsing invalid timestamps in mpl2 + subparse fixes + textoverlay: Don't miscalculate text running times + videoaggregator: always convert when user provides converter-config + video: Fix scaling in 4x horizontal co-sited chroma (Y41B, YUV9, YVU9 and IYU9) + xmptag: register musicbrainz tags during init to fix critical in jpegparse + xvimagesink: fix image leaks in error code path + tests: skip unit tests for dependency-less elements that have been disabled ==== gstreamer-plugins-good ==== Version update (1.20.3 -> 1.20.4) Subpackages: gstreamer-plugins-good-gtk - Update to version 1.20.4: + alpha: fix stride issue when out buffer has padding on right + isoff: Fix earliest pts field parse issue + matroska-mux: allow width + height changes for avc3|hev1|vp8|vp9 + qt: Fix another instance of Qt/GStreamer both defining GLsync differently + qtdemux: - Avoid crash on reconfiguring. - Guard against timestamp calculation overflow in gap event loop - Don't use invalid values from failed trex parsing - Possible endless loop + rtpjitterbuffer: - Only unschedule timers for late packets if they're not RTX packets and only once - Remove lost timer for out of order packets + rtspsrc: - SETUP generates 400 Bad Request - Retry SETUP with non-compliant URL resolution on "Bad Request" and "Not found" + rtpst2022-1-fecenc: Drain column packets on EOS + rtpvp8depay: If configured to wait for keyframes after packet loss, also do that if incomplete frames are detected + splitmuxsink: Don't crash on EOS without buffer + splitmuxsrc: - Stop pad task before cleanup - Don't consider unlinked pads when deactivating part + soup: libsoup3 makes audio streaming stop + v4l2: fix critical when unreferencign buffer with no data + v4l2bufferpool: Fix debug trace + v4l2object: Add support for Apple's full-range bt709 colorspace variant 1:3:5:1 + v4l2videocodec: workaround for failure to fully drain frames preceding MIDSTREAM renegotiation + v4l2allocator: Fix invalid imported dmabuf fd + videoflip: Fix caps negotiation when method is selected + build failure trying to build jack examples + examples: don't try and build jack examples if jack was disabled + tests: skip unit tests for dependency-less elements that have been disabled ==== gtk4 ==== Version update (4.8.1 -> 4.8.2) Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.8.2: + Input: - Give input methods more control over resets and allow them to preserve state. - Align interpretation of modifiers in key events in X11 and Wayland. + GtkColumnView: Fixes to focus handling. + GtkPopover: - Fix problems with focus when dismissing popovers. - Fix problems with focusing editable labels in popovers. + Build: - Fix build problems with resources and non-gnu linkers. - Fix gi-docgen detection in cross builds. - Require meson 0.60. + Debugging: - Make more debug options available in no-debug builds. - Improve consistency of debug logging. - Give names to all sources. + Accessibility: Introduce GtkAccessibleRange. + Wayland: - Make monitor bounds handling more robust. - Prevent shrinking clients due to wrong toplevel bounds. + Broadway: Return correct pointer coordinates from device queries. + Updated translations. ==== highway ==== Version update (1.0.1 -> 1.0.2) - Update to release 1.0.2 * Add ExclusiveNeither, FindKnownFirstTrue, Ne128 * Add 16-bit SumOfLanes/ReorderWidenMulAccumulate/ReorderDemote2To * Faster sort for low-entropy input, improved pivot selection * Support static dispatch to SVE2_128 and SVE_256 - Leap just needs a modern gcc, no need for clang - Fix build on openSUSE Leap by using clang ==== irqbalance ==== Subpackages: irqbalance-ui - run tests - add Avoid-double-free-on-deinit_thermal.patch (bsc#1204607) ==== kaccounts-integration ==== Version update (22.08.2 -> 22.08.3) Subpackages: libkaccounts2 - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== kaccounts-providers ==== Version update (22.08.2 -> 22.08.3) - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== kactivitymanagerd ==== Version update (5.26.1 -> 5.26.2) Subpackages: kactivitymanagerd-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== kate ==== Version update (22.08.2 -> 22.08.3) Subpackages: kate-plugins - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== kcm_sddm ==== Version update (5.26.1 -> 5.26.2) Subpackages: kcm_sddm-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== kde-cli-tools5 ==== Version update (5.26.1 -> 5.26.2) - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== kde-gtk-config5 ==== Version update (5.26.1 -> 5.26.2) Subpackages: kde-gtk-config5-gtk3 - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 - Require gsettings-desktop-schemas otherwise the kded module throws a fatal error in glib ==== kde-print-manager ==== Version update (22.08.2 -> 22.08.3) - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== kdegraphics-thumbnailers ==== Version update (22.08.2 -> 22.08.3) - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== kdenetwork-filesharing ==== Version update (22.08.2 -> 22.08.3) - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== kdialog ==== Version update (22.08.2 -> 22.08.3) - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== kernel-firmware ==== Version update (20220930 -> 20221031) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20221031 (git commit 8bb75626e9dd): * linux-firmware: Add firmware for Cirrus CS35L41 on new ASUS Laptop * iwlwifi: add new PNVM binaries from core74-44 release * iwlwifi: add new FWs from core69-81 release * qcom: update venus firmware files for VPU-2.0 * qcom: remove split SC7280 venus firmware images * qcom: update venus firmware file for v5.4 * qcom: replace split SC7180 venus firmware images with symlink * rtw89: 8852b: update fw to v0.27.32.1 * rtlwifi: update firmware for rtl8192eu to v35.7 * rtlwifi: Add firmware v4.0 for RTL8188FU * i915: Add HuC 7.10.3 for DG2 * linux-firmware: Add firmware for Cirrus CS35L41 on ASUS Laptops * linux-firmware: Add firmware for Cirrus CS35L41 on Lenovo Laptops * linux-firmware: Add firmware for Cirrus CS35L41 on HP Laptops - Drop the CS35L41 firmware tarball that has been merged - Drop obsoleted cirrus-WHENCE-update.patch - Update to version 20221017 (git commit 48407ffd7adb): * cnm: update chips&media wave521c firmware. * brcm: add symlink for Pi Zero 2 W NVRAM file * rtw89: 8852b: add initial fw v0.27.32.0 * iwlwifi: add new FWs from core72-129 release * iwlwifi: update 9000-family firmwares to core72-129 * rtl_bt: Update RTL8852C BT USB firmware to 0xD5B8_A40A * amdgpu: update GC 10.3.6 RLC firmware * amdgpu: update GC 10.3.7 RLC firmware * amdgpu: update Yellow Carp RLC firmware * amdgpu: update Beige Goby RLC firmware * amdgpu: update Dimgrey Cavefish RLC firmware * amdgpu: update Navy Flounder RLC firmware * amdgpu: update Sienna Cichlid RLC firmware * mediatek: Update mt8195 SOF firmware to v0.4.1 * qcom: add squashed version of a530 zap shader * rtw89: 8852c: update fw to v0.27.56.1 * rtw89: 8852c: update fw to v0.27.56.0 * mediatek: Update mt8186 SCP firmware - Update Cirrus CS35L41 firmware (bsc#1203699) cirrus-WHENCE-update.patch - Update aliases from 6.1-rc1 kernel ==== kernel-source ==== Version update (6.0.3 -> 6.0.7) - Update config files. - commit bd8c959 - Linux 6.0.7 (bsc#1012628). - platform/x86/amd: pmc: remove CONFIG_DEBUG_FS checks (bsc#1012628). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (bsc#1012628). - can: kvaser_usb: Fix possible completions during init_completion (bsc#1012628). - can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive (bsc#1012628). - can: rcar_canfd: fix channel specific IRQ handling for RZ/G2L (bsc#1012628). - ALSA: Use del_timer_sync() before freeing timer (bsc#1012628). - ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 (bsc#1012628). - ALSA: control: add snd_ctl_rename() (bsc#1012628). - ALSA: hda/realtek: Use snd_ctl_rename() to rename a control (bsc#1012628). - ALSA: emu10k1: Use snd_ctl_rename() to rename a control (bsc#1012628). - ALSA: ac97: Use snd_ctl_rename() to rename a control (bsc#1012628). - ALSA: usb-audio: Use snd_ctl_rename() to rename a control (bsc#1012628). - ALSA: ca0106: Use snd_ctl_rename() to rename a control (bsc#1012628). - ALSA: au88x0: use explicitly signed char (bsc#1012628). - ALSA: rme9652: use explicitly signed char (bsc#1012628). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (bsc#1012628). - usb: gadget: uvc: limit isoc_sg to super speed gadgets (bsc#1012628). - Revert "usb: gadget: uvc: limit isoc_sg to super speed gadgets" (bsc#1012628). - usb: gadget: uvc: fix dropped frame after missed isoc (bsc#1012628). - usb: gadget: uvc: fix sg handling in error case (bsc#1012628). - usb: gadget: uvc: fix sg handling during video encode (bsc#1012628). - usb: gadget: aspeed: Fix probe regression (bsc#1012628). - usb: dwc3: gadget: Stop processing more requests on IMI (bsc#1012628). - usb: dwc3: gadget: Don't set IMI for no_interrupt (bsc#1012628). - usb: dwc3: gadget: Force sending delayed status during soft disconnect (bsc#1012628). - usb: dwc3: gadget: Don't delay End Transfer on delayed_status (bsc#1012628). - usb: typec: ucsi: Check the connection on resume (bsc#1012628). - usb: typec: ucsi: acpi: Implement resume callback (bsc#1012628). - usb: dwc3: st: Rely on child's compatible instead of name (bsc#1012628). - usb: dwc3: Don't switch OTG -> peripheral if extcon is present (bsc#1012628). - usb: bdc: change state when port disconnected (bsc#1012628). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (bsc#1012628). - mtd: rawnand: tegra: Fix PM disable depth imbalance in probe (bsc#1012628). - mtd: spi-nor: core: Ignore -ENOTSUPP in spi_nor_init() (bsc#1012628). - mtd: parsers: bcm47xxpart: Fix halfblock reads (bsc#1012628). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (bsc#1012628). - squashfs: fix read regression introduced in readahead code (bsc#1012628). - squashfs: fix extending readahead beyond end of file (bsc#1012628). - squashfs: fix buffer release race condition in readahead code (bsc#1012628). - xhci: Add quirk to reset host back to default state at shutdown (bsc#1012628). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (bsc#1012628). - xhci: Remove device endpoints from bandwidth list when freeing the device (bsc#1012628). - tools: iio: iio_utils: fix digit calculation (bsc#1012628). - iio: light: tsl2583: Fix module unloading (bsc#1012628). - iio: temperature: ltc2983: allocate iio channels once (bsc#1012628). - iio: adxl372: Fix unsafe buffer attributes (bsc#1012628). - iio: adxl367: Fix unsafe buffer attributes (bsc#1012628). - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (bsc#1012628). - fbdev: smscufx: Fix several use-after-free bugs (bsc#1012628). - cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1012628). - cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1012628). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (bsc#1012628). - exec: Copy oldsighand->action under spin-lock (bsc#1012628). - mac802154: Fix LQI recording (bsc#1012628). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1012628). - drm/i915: Extend Wa_1607297627 to Alderlake-P (bsc#1012628). - drm/amdgpu: Remove ATC L2 access for MMHUB 2.1.x (bsc#1012628). - drm/amdgpu: disallow gfxoff until GC IP blocks complete s2idle resume (bsc#1012628). ... changelog too long, skipping 551 lines ... - commit c41533c ==== kexec-tools ==== - add kexec-tools-riscv64.patch ==== keylime ==== Version update (6.5.1 -> 6.5.3) Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python310-keylime - Update to version v6.5.3: * crypto: Provide input as bytes to encrypt * Revert "Revert "Revert "tenant: open file to send utf-8 encoded" (#1136)" (#1141)" * Update runtime_ima.rst - Update to version v6.5.2: * Back to 6.5.1 * This PR fixes a bug that prevented 6.5.x verifiers from interacting with 6.2. agents * Revert "Revert "tenant: open file to send utf-8 encoded" (#1136)" (#1141) * Revert "tenant: open file to send utf-8 encoded" (#1136) * ca_util: allow users in the same group to read the created certificates and keys (#1138) * Update sample ima-policy to exclude overlayfs * installer: remove tarball option ==== kgamma5 ==== Version update (5.26.1 -> 5.26.2) Subpackages: kgamma5-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== khelpcenter5 ==== Version update (22.08.2 -> 22.08.3) - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== khotkeys5 ==== Version update (5.26.1 -> 5.26.2) Subpackages: khotkeys5-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== kinfocenter5 ==== Version update (5.26.1 -> 5.26.2) Subpackages: kinfocenter5-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - Changes since 5.26.1: * CommandOutputKCM: Fix text sizing and make it selectable ==== kio ==== Subpackages: kio-core - Add kio-mr1008-fix-webdav.diff * Fixes WebDAV upload (kde#460717) * https://invent.kde.org/frameworks/kio/-/merge_requests/1008 ==== kio-extras5 ==== Version update (22.08.2 -> 22.08.3) Subpackages: libkioarchive5 - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== kmenuedit5 ==== Version update (5.26.1 -> 5.26.2) Subpackages: kmenuedit5-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== konsole ==== Version update (22.08.2 -> 22.08.3) Subpackages: konsole-part konsole-part-lang - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== kpipewire ==== Version update (5.26.1 -> 5.26.2) Subpackages: kpipewire-imports libKPipeWire5 libKPipeWireRecord5 - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== kscreen5 ==== Version update (5.26.1 -> 5.26.2) Subpackages: kscreen5-lang kscreen5-plasmoid - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== kscreenlocker ==== Version update (5.26.1 -> 5.26.2) Subpackages: kscreenlocker-lang libKScreenLocker5 - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== ksshaskpass5 ==== Version update (5.26.1 -> 5.26.2) Subpackages: ksshaskpass5-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== ksystemstats5 ==== Version update (5.26.1 -> 5.26.2) - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== kwalletmanager5 ==== Version update (22.08.2 -> 22.08.3) - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== kwayland-integration ==== Version update (5.26.1 -> 5.26.2) - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== kwin5 ==== Version update (5.26.1 -> 5.26.2.1) Subpackages: kwin5-lang - Add patch to fix redraw issues with window scaling (kde#461032): * 0001-x11window-revert-more-from-3a28c02f.patch - Update to 5.26.2.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - Changes since 5.26.1: * fix compile * x11window: partially revert 3a28c02f * Replace some manual floored QPointF->QPoint conversion with flooredPoint calls * DecorationInputFilter: Use QPointF instead of QPoint for events * Window: Floor rather than round when doing hitTest for the decoration (kde#460686) * Add a helper function to convert QPointF to QPoint using floor instead of round * wayland: Fix missing relative motion events (kde#444510) * Implement a enableRequested signal for text-input-v3 * kcmkwin/kwindecoration: use Kirigami.ActionToolBar for the footer actions (kde#460793) * autotests/integration: make inputmethodtest more realstic * inputpanelv1window: never hide overlay panels * inputmethod: reset m_shouldShowPanel when the tracked window changes * inputpanelv1window: show window when client maps it after setting the mode (kde#460537) * x11window: don't change size for centering windows with maximization * output: don't round geometry as often * effects/blur: Fix clipping when sliding virtual desktops (kde#460382) * Fix potential race condition when text input state change and focus change happened at the same time * Fix wording in action 'Switch to Screen' * backends/drm: don't crash if connector has no modes ==== kwrited5 ==== Version update (5.26.1 -> 5.26.2) - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== layer-shell-qt ==== Version update (5.26.1 -> 5.26.2) - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== libXext ==== Version update (1.3.4 -> 1.3.5) - Update to version 1.3.5 * Fix spelling/wording issues * gitlab CI: add a basic build test * Xge.c, Xge.h: convert from ISO-8859-1 to UTF-8 * Add extutilP.h header for xgeExtRegister() prototype * Remove unnecessary casts of malloc/calloc results * Remove unnecessary (char *) casts from Xfree() arguments * Use calloc instead of malloc if we may not initialize all the bytes * Import reallocarray() from libX11 * Convert calls to Xmalloc arrays to use Xmallocarray instead * configure: Use AC_USE_SYSTEM_EXTENSIONS to set GNU_SOURCE & other defines * Remove "All rights reserved" from Oracle copyright notices. * COPYING: Add info for Xge.* and reallocarray.* files * add ACLOCAL_AMFLAGS = -I m4 to make aclocal pick ax_gcc_builtin.m4 ==== libXinerama ==== Version update (1.1.4 -> 1.1.5) - Update to version 1.1.6 * Update README for gitlab migration * Update configure.ac bug URL for gitlab migration * Fix spelling/wording issues * gitlab CI: add a basic build test * XineramaQueryScreens: fix -Wsign-compare warning * Remove "register" type qualifier from variable declarations ==== libavif ==== - Remove unused BuildRequires on nasm - Remove indirect/incorrect Buildrequires on zlib - add direct glib Buildrequires ==== libdrm ==== Version update (2.4.113 -> 2.4.114) Subpackages: libdrm2 libdrm_amdgpu1 libdrm_nouveau2 libdrm_radeon1 - Update to 2.4.114 * amdgpu.ids: use consistent formatting for RID * amdgpu.ids: sort the file * amdgpu.ids: update to the latest marketing name * amdgpu_ids: add MI marketing names * amdgpu: Add a default marketing name if none is found * meson: fast-fail on unsupported OSes * include/drm/drm_fourcc.h: Update from Linux v6.0-rc7 * include/drm/i915_drm.h: Update from Linux v6.0-rc7 * tests/util: add imx-lcdif driver * intel: move declarations to top in drm_intel_gem_bo_unreference() * build: automatically disable Intel if pciaccess is not found * xf86drm: handle DRM_FORMAT_BIG_ENDIAN in drmGetFormatName() * amdgpu: silence uninitialized variable warning * xf86drmMode: add helpers for dumb buffers * modetest: drop unused offset field in struct bo * modetest: use sized integers in struct bo * modetest: use dumb buffer helpers ==== libepoxy ==== - needed by jira#PED-1174 (Mesa needs sync with Xserver, which then needs updated libepoxy) ==== libffi ==== Version update (3.4.3 -> 3.4.4) - Update to libffi 3.4.4 * Important aarch64 fixes, including support for linux builds with Link Time Optimization (-flto). * Fix x86 stdcall stack alignment. * Fix x86 Windows msvc assembler compatibility. * Fix moxie and or1k small structure args. - drop riscv64-handle-big-structures.patch - reenable LTO ==== libidn2 ==== Version update (2.3.3 -> 2.3.4) - update to 2.3.4: * Support for Unicode 15.0.0 * Uses IDNA2008 from tables from unicode.org rather than IANA for consistency with other implementation and support for Unicode versions 12 through 15. This breaks backwards- compatibility regarding U+19DA and recent releases ==== libkdcraw ==== Version update (22.08.2 -> 22.08.3) - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== libkdecoration2 ==== Version update (5.26.1 -> 5.26.2) Subpackages: libkdecorations2-5 libkdecorations2-5-lang libkdecorations2private9 - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - Changes since 5.26.1: * Floor mouse positions rather than rounding ==== libkexiv2 ==== Version update (22.08.2 -> 22.08.3) - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== libkscreen2 ==== Version update (5.26.1 -> 5.26.2) Subpackages: libKF5Screen7 libkscreen2-plugin - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - Changes since 5.26.1: * Make error messages translatable - Use %autosetup - Use %fdupes with hardlinks ==== libksysguard5 ==== Version update (5.26.1 -> 5.26.2) Subpackages: ksysguardsystemstats-data libKSysGuardSystemStats1 libksysguard5-imports libksysguard5-lang libksysguard5-plugins - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== libmysofa ==== Version update (1.2.1 -> 1.3.1) - Update to 1.3.1: * added a memory loader for HRTFs * supporting strange head geometrics from MeshHRTF - Enable test suite ==== libnvme ==== Version update (1.1 -> 1.2) - Update to version 1.2: * Add more details for return code of MI admin cmds * Parse dhchap_host_key on controller level * Update json config schema for missing dhchap host key * fabrics: Add new TP8010 definitions * fabrics: Add nvmf_get_discovery_wargs() * fabrics: Duplicate strings when merging configs * fabrics: Filter out empty strings in add_argument() * fabrics: Use fallthrough statement * ioctl: Set log page offset for nvme_get_log_telemetry_host * json-schema: add dhchap_key details to host section * json: Enforce correctly formatted JSON config files * json: Verify JSON config file starts with an array * mi: Add Get Log Page helpers * mi: Add Identify function for secondary controller list * mi: Add Identify helper for ns-descs and primary-ctrl-caps * mi: Add firmware download and commit commands * mi: Add identify helper for nsid-capable Controller List * mi: Add identify helpers for namespace lists * mi: Add identify helpers for namespaces * mi: Allow Admin-message sized More Processing Required responses * mi: Distinguish MI status from NVMe (CDW3) status * mi: Fix C++ compiler errors * mi: Implement Format NVM command * mi: Implement Get & Set Features Admin commands * mi: Implement NS attach command and helpers * mi: Implement Namespace Management command and create/delete helpers * mi: Implement Sanitize command * mi: Init ctrl_id within xfer * mi: Introduce a helper for response status, unify values with ioctls * mi: Set log page offset for nvme_get_log_telemetry_host * mi: add nvme_mi_status_to_string() * mi: fix a memory leak in nvme_mi_open_mctp() * mi: fix get_log_page chunked offset check * nvme-tree: avoid segfault if auth keys are unavailable * python: Use nvmf_get_discovery_wargs() * tree: rename controller 'dhchap_key' to 'dhchap_ctrl_key' * types: Move enum nvme_data_tfr to types * util: Add LINE_MAX define * util: Add get feature length 2 API to support direction parameter * util: Add simple UUID type * util: Do not expose fallthrough defines - Make man page build conditiional. Install man page location has been fixed upstream. - Mark the Python directory own by the libnvme3-python package - Use fixed manpage build date (boo#1047218) ==== libosinfo ==== Subpackages: libosinfo-1_0-0 - jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management ==== libqt5-qtbase ==== Version update (5.15.6+kde177 -> 5.15.7+kde167) Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3 - Update to version 5.15.7+kde167, rebased upstream: * offer an opt out of automatic xdg-desktop-portal use * Send string to Atspi DBus interface on name/description changed * Send string to Atspi DBus interface on value changed for comboboxes * iOS: Use generic simulator device for building apps via xcodebuild * xcode: Allow automatic provisioning updates when calling xcodebuild * Revert "[Android] Remove signal and slot mechanism to listen states in editor's" * Android: fix error when signing bundles * Doc: Fix notes in QObject * Allow dragging of a floating dockwidget on macOS with a custom titlebar * Http/2 - handle PADDED flag correctly * QTlsBackend (OpenSSL) : detect incompatible versions * Reduce the width of a hfw-widget if scrollbar would be flipping * QCocoaWindow: Make window key if the app's modal window is hidden * Doc: clarify case sensitivity in QCompleter * Doc: Note that qmake's CONFIG values are case-sensitive * Clear up QWindow::isActive() documentation * QWinRtFunctions::await() - introduce early exit condition * rhi: metal: Use the layer as the single source of truth * Include explicitly * Update PCRE2 to 10.38 * Add testing of QPdfWriter output to QPainter lancelot test * Update the COPYRIGHT.txt file * QTranslator: Fix loading of meta catalogs from absolute .qm path * tst_qtranslator: Simplify extraction of test data * Cocoa: Don't call makeKeyAndOrderFront for native app-modal dialogs * Fix querying font aliases that share name with other fonts * Update bundled libjpeg-turbo to version 2.1.1 * macOS: Compute NSWindow background color without checking styleMask * SQLite: Update SQLite to v3.36.0 * Android: Fix path of qmake_qmake_immediate.qrc in single_abi with qmake * qmake: Print error when iOS simulator device could not be found * Fix loading of OpenSSL on macOS versions that ship its own OpenSSL * QWidgetWindow: Stabilize test on Xcb * Blacklist flaky test * Fix license information for libjpeg-turbo * Don't unload libraries on Darwin-based operating systems * QThreadPool: Fix restarting of expired threads * Make test pass on machines with many cores * Blacklist tst_QSocks5SocketEngine::simpleConnectToIMAP() because of flakiness * Blacklist tst_qgl:closeAndThenShow() because of flakiness * Update Android default SDK from 29 to 30 * Make clear why QTestLog::addB?XFail() don't add to counters * Fix .qm file name calculation in lrelease.prf * qmake/xcode: Do not create OBJECTS_DIR * QSslCertificate(OpenSSL plugin): fix memory leaks in extension 'parser' * OpenSSL: Let people opt-in to use TLS 1.3 PSK callback * tst_http2: Fix flaky authentication test * Cocoa: Make sure we can display multiple sheets for the same NSWindow * Fix QTextCodec::canEncode() for ICU codec * wasm: fix network data URI scheme * Doc: add more notes about full screen windows on macOS * macOS: Don't rely on invalidateCursorRectsForView when mouse is over view * Doc: add note that hiding a window doesn't close a full screen space * qlocale_win: Fix non-standalone month names * androiddeployqt: Check if apk is already aligned * Fix corner case in QTimeZonePrivate::dataForLocalTime() * Improve lancelot test of dashed line painting * qmake: Add support for C17/C18 * qmake/vcxproj: Read C language standard from QMAKE_CFLAGS * qmake/vcxproj generator: Handle C standard compiler flags * qmake: Make it possible to set CONFIG += c11 with MSVC 19.28 * qmake: Recognize MSVC 16.x as VS 2019 in the VS project generator * Doc: Replace the example for QFileInfo::setFile * QMetaEnum: avoid quadratic behavior in valueToKeys() * QGraphicsProxyWidget: forward Window(De)Activate events * QDashStroker: cap the number of repetitions of the pattern * Fix bug with NoFontMerging when font does not support script * Android: Fix unnecessary clipboard data access * macOS: Don't wipe NSWindowStyleMaskFullSizeContentView if set manually * Fix broken build when LTTng tracing is enabled * Attempt to unwedge tst_QThread::wait3_slowDestructor() * macOS: close popups on mousedown within the window frame * Use a scope-guard to take care of process deletion in a test * QVarLengthArray: add missing default-ctor documentation - Commits dropped by the rebase: * Fix compile of tst_qimage in Qt5 - Update to version 5.15.6+kde178: * ANGLE: Fix compilation on GCC 11 ==== libqt5-qtdeclarative ==== Version update (5.15.6+kde20 -> 5.15.7+kde18) - Update to version 5.15.7+kde18, rebased upstream: * Revert "Fix ListView.isCurrentItem when used with DelegateModel" * Stop using QHash::unite() in storage model manual test * SaveableUnitPointer::saveToDisk restores flags incorrectly at cleanup * Document that clearComponentCache() does not clear existing objects * Doc: Replace return `0` with nullptr * Doc: Fix QtQuick::Keys::forwardTo generic list type * Doc: QQmlContext: make it more readable * Fix ListView.isCurrentItem when used with DelegateModel * Fix documentation on JavaScript imports * doc: Remove bogus PinchHandler.minimumTouchPoints prop; improve actual * tst_grabImage: Fix the cases were visually comparing invisible items * Reinitialize shader data structure when effect changes * Doc: mention that clipping can affect performance and link to page * Ensure init of m_current_projection_matrix in single-clipped-item scene * Canvas: Add a means to override the DPR used via an environment variable * Fix regression in ListView/Flickable event delivery * qquicktextinput: Clear pre-edit text after input method reset - Rebase qtdeclarative-5.15.0-FixMaxXMaxYExtent.patch ==== libqt5-qtgraphicaleffects ==== Version update (5.15.6+kde0 -> 5.15.7+kde0) - Update to version 5.15.7+kde0, rebased upstream: * No code changes ==== libqt5-qtimageformats ==== Version update (5.15.6+kde4 -> 5.15.7+kde5) - Update to version 5.15.7+kde5, rebased upstream: * Reject tiled tiffs with corrupt tile size early * Update bundled libwebp to version 1.2.1 ==== libqt5-qtlocation ==== Version update (5.15.6+kde3 -> 5.15.7+kde3) - Update to version 5.15.7+kde3, rebased upstream: * No code changes ==== libqt5-qtmultimedia ==== Version update (5.15.6+kde1 -> 5.15.7+kde1) - Update to version 5.15.7+kde1, rebased upstream: * PulseAudio: Call pa_stream_flush() with PulseDaemonLocker lock held * Fix incorrectly generated CMake files for the QNX audio plugin ==== libqt5-qtquickcontrols ==== Version update (5.15.6+kde0 -> 5.15.7+kde0) - Update to version 5.15.7+kde0, rebased upstream: * No code changes ==== libqt5-qtquickcontrols2 ==== Version update (5.15.6+kde5 -> 5.15.7+kde6) Subpackages: libQt5QuickControls2-5 libQt5QuickTemplates2-5 - Update to version 5.15.7+kde6, rebased upstream: * implement a11y pressing of qquickabstractbutton * Blacklist some flaky tst_qquickpopup functions on openSUSE * Fix memory leak in Qt Quick Controls icon ==== libqt5-qtsensors ==== Version update (5.15.6+kde0 -> 5.15.7+kde0) Subpackages: libQt5Sensors5 libQt5Sensors5-imports - Update to version 5.15.7+kde0, rebased upstream: * No code changes ==== libqt5-qtspeech ==== Version update (5.15.6+kde1 -> 5.15.7+kde1) Subpackages: libQt5TextToSpeech5 libqt5-qtspeech-plugin-speechd - Update to version 5.15.7+kde1, rebased upstream: * Android: Protect against a null Locale object when calling getLocale ==== libqt5-qtsvg ==== Version update (5.15.6+kde9 -> 5.15.7+kde9) - Update to version 5.15.7+kde9, rebased upstream: * No code changes ==== libqt5-qttools ==== Version update (5.15.6+kde1 -> 5.15.7+kde1) Subpackages: libqt5-qdbus libqt5-qtpaths - Update to version 5.15.7+kde1, rebased upstream: * qdoc: Fix warnings about generatelist arguments * qdoc: Fix Section::reduce() omitting sections with obsolete members * macdeployqt: detect debug libs by using “_debug” suffix * Fix extensions without leading period having first character dropped * Doc: Remove mention of custom filters, part 2 ==== libqt5-qttranslations ==== Version update (5.15.6+kde2 -> 5.15.7+kde0) - Update to version 5.15.7+kde0, rebased upstream: * Update simplified chinese translation * update dutch translations * Update Catalan translations for Qt 5.15.2 ==== libqt5-qtvirtualkeyboard ==== Version update (5.15.6+kde1 -> 5.15.7+kde0) Subpackages: libQt5HunspellInputMethod5 libQt5VirtualKeyboard5 libqt5-qtvirtualkeyboard-hunspell - Update to version 5.15.7+kde0, rebased upstream: * No code changes ==== libqt5-qtwayland ==== Version update (5.15.6+kde49 -> 5.15.7+kde49) Subpackages: libQt5WaylandClient5 libQt5WaylandCompositor5 - Update to version 5.15.7+kde49, rebased upstream: * Hold surface read lock throughout QWaylandEglWindow::updateSurface * Keep reference to buffer until it has been replaced * Implement wp_viewporter support for video buffer formats * Ignore viewporter buffer size when buffer is null ==== libqt5-qtwebchannel ==== Version update (5.15.6+kde3 -> 5.15.7+kde3) Subpackages: libQt5WebChannel5 libQt5WebChannel5-imports - Update to version 5.15.7+kde3, rebased upstream: * No code changes ==== libqt5-qtwebview ==== Version update (5.15.6+kde0 -> 5.15.7+kde0) Subpackages: libQt5WebView5 libQt5WebView5-imports - Update to version 5.15.7+kde0, rebased upstream: * No code changes ==== libqt5-qtx11extras ==== Version update (5.15.6+kde0 -> 5.15.7+kde0) - Update to version 5.15.7+kde0, rebased upstream: * No code changes ==== libqt5-qtxmlpatterns ==== Version update (5.15.6+kde0 -> 5.15.7+kde0) Subpackages: libQt5XmlPatterns5 libqt5-qtxmlpatterns-imports - Update to version 5.15.7+kde0, rebased upstream: * No code changes ==== libstorage-ng ==== Version update (4.5.47 -> 4.5.48) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#901 - set used feature flag for quota (bsc#1204773) - 4.5.48 ==== libva ==== Subpackages: libva-drm2 libva-x11-2 libva2 - needed for jira#PED-1174 (Video decoding/encoding support (VA-API, ...) for Intel GPUs is outside of Mesa) ==== libva-gl ==== - needed for jira#PED-1174 (Video decoding/encoding support (VA-API, ...) for Intel GPUs is outside of Mesa) ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ==== libxshmfence ==== Version update (1.3 -> 1.3.1) - Update to version 1.3.1 * Update README for gitlab migration * Update configure.ac bug URL for gitlab migration * Fix spelling/wording issues * gitlab CI: add a basic build test * alloc: prefer atomic close-on-exec without O_TMPFILE as well * alloc: prefer SHM_ANON on FreeBSD a la memfd_create ==== libyuv ==== Version update (20220713+d248929c -> 20220920+f9fda6e) - Update to version 20220920+f9fda6e: * Fix shift amount for SSSE3 assembly for I012 format conversions * 10/12 bit YUV replicate upper bits to low bits before converting to RGB * Fix immediate offsets for row_neon build on gcc - Update to version 20220920+248172e: * I422ToRGB24, I422ToRAW, I422ToRGB24MatrixFilter conversion functions added. * Remove include resource.h for Fuchsia build * I420ToRGB24MatrixFilter function added * SSE2 MM21->YUY2 conversion * MM21ToYUY2 and ABGRToJ420 conversion * AB64ToARGB fix for inplace conversion * Bump up version to 1838 * Add I422ToRGB565Matrix * RAWToJ400 require multiple of 16 pixels for NEON * row_neon*: Explicitly initialize pad in RgbConstants * Fix MSVC warnings by adding casts * Define _CRT_SECURE_NO_WARNINGS if MSVC CRT is used * Reduce cmake verbosity and update min version * Set IMPORT_PREFIX to "lib" on Windows * Android.bp: Remove reference to LICENSE_THIRD_PARTY * Fix SSE2 version of ScalePlaneUp2_16_Bilinear * Disable bilinear 16 bit scale up for SSE2 * Add .vpython3 to libyuv. * Switch from python to python3. ==== llvm15 ==== Version update (15.0.2 -> 15.0.3) - Update to version 15.0.3. * This release contains bug-fixes for the LLVM 15.0.0 release. This release is API and ABI compatible with 15.0.0. - Add llvm-armv7-fix-vector-compare-with-zero-lowering.patch: Fix lowering of non-canonical vector comparison with zero on armv7, preventing a crash (boo#1204267, gh#llvm/llvm-project#58514). - Add lldb-swig-4.1.0-build-fix.patch: Fix build with Swig 4.1.0. - Rebase llvm-do-not-install-static-libraries.patch. ==== lsof ==== Version update (4.95.0 -> 4.96.4) - update to 4.96.4 * fix hash functions used for finding local tcp/udp IPCs * Show copyright notice in --version output. * Avoid some easy collissions for udp/udp6 sockets when hashing * Changing the number of ipcbuckets to 4096 * obtain correct information of memory-mapped file. - drop remove-hostname.patch now upstream ==== luit ==== Version update (20201003 -> 20221028) - Update to version 20221028 * fix a few compiler-warnings * updated plink.sh, from xterm. * updated configure script, to work around regression in grep 3.8 * updated configure macros for compiler-warning fixes. * update config.guess, config.sub, install-sh ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074) - in lvm2.spec, change device_mapper_version from 1.02.185 to %{lvm2_version}_1.02.185 ==== lvm2-device-mapper ==== Version update (1.02.185 -> 2.03.16_1.02.185) Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074) - in lvm2.spec, change device_mapper_version from 1.02.185 to %{lvm2_version}_1.02.185 ==== milou5 ==== Version update (5.26.1 -> 5.26.2) Subpackages: milou5-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== mobipocket ==== Version update (22.08.2 -> 22.08.3) - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== mpg123 ==== Version update (1.30.2 -> 1.31.1) Subpackages: libmpg123-0 mpg123-openal - Update to version 1.31.1 * Fix largefile aliases for the case of a largefile-insensitive build that still does define _FILE_OFFSET_BITS from the outside (sys/feature_tests.h on Illumos). - Update to version 1.31.0 mpg123: * The --control / -C switch will make mpg123 abort now if terminal control cannot be enabled. * Revert to internal network code for plain HTTP to ensure continued support for original shoutcast servers that do not talk proper HTTP. External backends are built at the same time and can be enforced using --network . * Try-witout-port for internal network code is gone. We do not need to keep each ancient hack for specific hosts. * Handle redirections independently of the backend behind net123. * Set proxy environment variables when --proxy is specified, for net123 backends to use. * Continue reading for long commands in generic control, avoiding unnecessary unfinished command errors. * Change error message from 'unknown command' to 'unknown command with arguments' to avoid confusion why 'help foo' is unknown, as opposed to 'help'. * Reduce CPU load while just waiting for terminal input. * Condense terminal control help output and excessive vertical whitespace in printouts. * Fix interaction of pause (looping) with buffer, adding - -pauseloop to set the loop interval. * Numeric option arguments are strictly checked now for conversion errors. This also catches -devbuffer, which was interpretd as -d 0 before. This also applies to out123. libout123: * Add same interruption handling to out123_write() as to unintr_write(), adding EAGAIN to fix bug 342 for certain ALSA setups. * Fix race condition to deadlock on buffer_sync_param() where parameters after the command byte got read as more commands. This got triggered easily by using the pause key in terminal mode with buffer (which was discouraged before because of buffer flushing). Generally, changing parameters with active buffer process was dangerous since libout123 entered the scene. other: * some build fixes for compiler pickyness * Disable largefile renames also for non-sensitive POSIX systems ==== multipath-tools ==== Version update (0.9.1+52+suse.be8809e -> 0.9.2+59+suse.ac8942d) Subpackages: kpartx libmpath0 - Update to version 0.9.2+59+suse.ac8942d: * Fix segfault in "multipath -t" command (boo#1204731) - Update to version 0.9.2+57+suse.cf3c1e9: * Fix multipathd authorization bypass and symlink attack (bsc#1202739 CVE-2022-41973 CVE-2022-41974) * add multipath-dracut.conf: dracut config file to install tmpfiles.d/multipath.conf in initramfs * Use "queue_mode bio" for NVMeoF/TCP devices * Upstream bug fixes and hwtable updates - Drop recompress.service, it just slows down build ==== ntfs-3g_ntfsprogs ==== Version update (2022.5.17 -> 2022.10.3) Subpackages: libntfs-3g89 ntfs-3g ntfsprogs - update to 2022.10.3 (bsc#1204734 CVE-2022-40284): * Rejected zero-sized runs. * Avoided merging runlists with no runs. ==== nvme-cli ==== Version update (2.1.2 -> 2.2.1) Subpackages: nvme-cli-bash-completion - Update to version 2.2.1: * Added parsing for Solidigm telemetry observable data. * add item ddr_ecc_err_cnt in smart-log-add * build: Drop dependency on libuuid * build: Fix endian check for cross build * build: Remove unused uuid.wrap file * build: Remove unusned uuid.h include * completions: Add show-topology tab completion * fabrics: Honor JSON config file in connect-all command * fabrics: Trigger auto connect if config.json exists * fabrics: fix 'persistent' handling during connect-all with JSON file * fabrics: nvme config --modify depends on -n and -t argument * fabrics: re-read the discovery log page when a discovery controller reconnected * json: Support uint64 types serialization for older json-c versions * nvme, plugins: fix __u64 -> unsigned long long assumptions * nvme-print: Add missing values in id-ctrl for JSON output * nvme-print: Handle NULL hostid in JSON output * nvme-print: Output 128bit values as uint128 type instead of double * nvme-print: Print fguid as a UUID * nvme-print: Use uint128 JSON function for media_units_written * nvme-print: decode MI status values * nvme-print: decode status types * nvme-print: fix wrong json key * nvme: Add helper function to parse 16-bit comma separated list * nvme: Add nvme_cmd wrapper for get_features * nvme: Add show-topology command * nvme: Add wrapper for Format NVM * nvme: Add wrapper for Sanitize NVM * nvme: Add wrappers for Get Log page helpers * nvme: Add wrappers for Identify controller lists * nvme: Add wrappers for NS attach/detach * nvme: Add wrappers for NS management functions * nvme: Add wrappers for basic NS identify * nvme: Add wrappers for firmware commands * nvme: Fix set feature command to get feature identifier 0Dh length as zero * nvme: Introduce a union in struct nvme_dev for different transport types * nvme: Introduce nvme_cli_ wrappers, wrap identify and identify_ctrl * nvme: Make static nvme_dev private to open_dev(), use locals elsewhere * nvme: Masks SSTAT in sanize-log output * nvme: Remove static nvme_dev, allocate on open instead * nvme: Use correct print format specifier for sizeof arguments * nvme: Use local struct nvme_dev for show_registers & map_registers * nvme: check if cfg.metadata is NULL before passing it to strlen() * nvme: use helpers for checking status types * plugins/innogrit: Include timer.h * plugins/innogrit: add smart items for smart-log-add * plugins/micron-nvme: Use correct print format specifier for sizeof arguments * plugins/ocp: Include timer.h * plugins/ocp: Output 128bit values as uint128 type instead of double * plugins/ocp: pass struct nvme_dev to internal functions * plugins/seagate: Add support for OCP * plugins/toshiba: pass struct nvme_dev rather than fd + name * plugins/virtium: Output 128bit values as uint128 type instead of double * plugins/wdc: Add support for SN660 drive * plugins/wdc: Add type case for feature id * plugins/wdc: Output 128bit values as uint128 type instead of double * plugins/wdc: pass a struct nvme_dev around rather than a fd * plugins/wdc: pass struct nvme_dev rather than using global nvme_dev * plugins/ytmc: pass struct nvme_dev rather than fd + name * plugins: Use PRIu64 format specifier for 64bit types * print: Add Controller Ready Timeout Exceeded HW error code * solidgm: fix initialization warning * solidigm: Added parsing for telemetry customer screenable data * solidigm: Fix printf format for size_t variable * solidigm: Updated Telemetry parsing code to MIT license. * subprojects/libnvme: update for MI admin command coverage * tests: Update license to GPL-2.0-or-later * tree: Add NVMe-MI support * tree: Add dev_fd() helper * tree: Change nvme_dev from global to static * tree: Combine NVMe file descriptor into struct nvme_dev * tree: Move global device info to a single struct * tree: fail on non-negative return values from parse_and_open * udev: Add HOST_IFACE to udev rule * util/json.h: Add json_object_get_uint64 fallback implementation * util/json: Add 128 bit JSON helpers * util/types: Add 128 bit conversion helpers * util: Fix le128_to_cpu on big-endian * util: Fix le128_to_cpu on little-endian * util: Move common type conversion helpers into util section * utils/json: Add json_object_new_uint64 for json-c < 0.14 * utils: Fix uint128_t usage * wdc: OCP Log page updates and fixes * zns.c: report zones should be started after retrieved zone - Handle suse-missing-rclink lint warnings by providing the symlinks - Drop rpmlintrc as it is not needed anymore ==== open-lldp ==== Version update (1.1+44.0f781b4162d3 -> 1.1+58.8ca361bab766) Subpackages: liblldp_clif1 - Update to version v1.1+58.8ca361bab766: * clif: Include string.h for mem* function prototypes * basman: use return address when pulling address * Revert "Use interface index instead of name in libconfig" * 8021Qaz: check for rx block validity * 8021qaz: squelch initialization errors * macvtap: fix error condition * vdp22: convert command parsing to null term ==== openSUSE-build-key ==== - add the SUSE Container key in PEM format too to new /usr/share/pki/containers/ directory. (bsc#1204706) ==== openldap2 ==== Subpackages: libldap-data libldap2 openldap2-client - bsc#1202931 - CVE-2022-31253 - Openldap start script allowed the ldap user to privilege escalate to root due to unbound chown commands. ==== openldap2-contrib-src ==== - bsc#1202931 - CVE-2022-31253 - Openldap start script allowed the ldap user to privilege escalate to root due to unbound chown commands. ==== openslp ==== Subpackages: libslp1 - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ==== openssl ==== Version update (1.1.1q -> 1.1.1s) - updated to 1.1.s release ==== openssl-1_1 ==== Version update (1.1.1q -> 1.1.1s) Subpackages: libopenssl1_1 - Updated openssl.keyring with key A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C - Update to 1.1.1s: * Fixed a regression introduced in 1.1.1r version not refreshing the certificate data to be signed before signing the certificate. - Update to 1.1.1r: * Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that platform. * Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was causing incorrect results in some cases as a result. * Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to report correct results in some cases * Fixed a regression introduced in 1.1.1o for re-signing certificates with different key sizes * Added the loongarch64 target * Fixed a DRBG seed propagation thread safety issue * Fixed a memory leak in tls13_generate_secret * Fixed reported performance degradation on aarch64. Restored the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower and the silicon errata only affects 32bit targets. The new algorithm is still used for 32 bit targets. * Added a missing header for memcmp that caused compilation failure on some platforms ==== openssl-3 ==== Version update (3.0.5 -> 3.0.7) - Temporary disable tests test_ssl_new and test_sslapi because they are failing in openSUSE_Tumbleweed - Update to 3.0.7: [bsc#1204714, CVE-2022-3602,CVE-2022-3786] * Fixed two buffer overflows in punycode decoding functions. A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. An attacker can craft a malicious email address to overflow an arbitrary number of bytes containing the `.` character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). ([CVE-2022-3786]) An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution depending on stack layout for any given platform/compiler. ([CVE-2022-3602]) * Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT parameters in OpenSSL code. Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR, OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT. Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead. Using these invalid names may cause algorithms to use slower methods that ignore the CRT parameters. * Fixed a regression introduced in 3.0.6 version raising errors on some stack operations. * Fixed a regression introduced in 3.0.6 version not refreshing the certificate data to be signed before signing the certificate. * Added RIPEMD160 to the default provider. * Ensured that the key share group sent or accepted for the key exchange is allowed for the protocol version. - Update to 3.0.6: [bsc#1204226, CVE-2022-3358] * OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. * OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. * Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. ([CVE-2022-3358]) * Fix LLVM vs Apple LLVM version numbering confusion that caused build failures on MacOS 10.11 * Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that platform. * Fix handling of a ticket key callback that returns 0 in TLSv1.3 to not send a ticket * Correctly handle a retransmitted ClientHello in DTLS * Fixed detection of ktls support in cross-compile environment on Linux * Fixed some regressions and test failures when running the 3.0.0 FIPS provider against 3.0.x * Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to report correct results in some cases * Fix UWP builds by defining VirtualLock * For known safe primes use the minimum key length according to RFC 7919. Longer private key sizes unnecessarily raise the cycles needed to compute the shared secret without any increase of the real security. This fixes a regression from 1.1.1 where these shorter keys were generated for the known safe primes. * Added the loongarch64 target * Fixed EC ASM flag passing. Flags for ASM implementations of EC curves were only passed to the FIPS provider and not to the default or legacy provider. * Fixed reported performance degradation on aarch64. Restored the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower and the silicon errata only affects 32bit targets. The new algorithm is still used for 32 bit targets. * Added a missing header for memcmp that caused compilation failure on some platforms ==== osinfo-db ==== Version update (20220830 -> 20221018) - Update to database version 20221018 osinfo-db-20221018.tar.xz - jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management ==== oxygen5-sounds ==== Version update (5.26.1 -> 5.26.2) - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== pam-config ==== Version update (1.7 -> 1.8) - Update to Version 1.8 - Move systemd_home after all optional modules (#13) - Add pam_u2f support [bsc#1115512] ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - cups-pk-helper shouldn't be linked to PackageKit, as "pk" stands for PolicyKit in this case (boo#1204949) - Add gcr3-ssh-askpass as it's also needed with latest GNOME ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Fix regression with Dell WD15 Dock and others (bsc#1204719): 0002-spa-support-the-speakers-output-only-case-in-report_.patch ==== pkcs11-helper ==== Version update (1.28.0 -> 1.29.0) Subpackages: libpkcs11-helper1 - Update to 1.29.0: * build: do not fail if slot evnets are disabled, thanks to Fabrice Fontaine. * core: do not assume standard objects supported by provider. * openssl: set back key into EVP for openssl-3 to work, thanks to apollo13. ==== plasma-browser-integration ==== Version update (5.26.1 -> 5.26.2) Subpackages: plasma-browser-integration-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== plasma-nm5 ==== Version update (5.26.1 -> 5.26.2) Subpackages: plasma-nm5-lang plasma-nm5-openvpn - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== plasma5-addons ==== Version update (5.26.1 -> 5.26.2) Subpackages: plasma5-addons-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - Changes since 5.26.1: * runners/spellchecker: Fix config group name mismatch (kde#460899) ==== plasma5-desktop ==== Version update (5.26.1 -> 5.26.2) Subpackages: plasma5-desktop-emojier - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - Changes since 5.26.1: * kcms/tablet: Fix dragging components (kde#460376) * Revert "applets/taskmanager: make it harder to accidentally start a drag" (kde#460809) * [applets/digitalclock] Fix font size change when migrating from 5.25 (kde#460415) * kcms/mouse: Set preventStealing on the button capture * Use KeySequenceItem.captureFinished to notify a binding has been entered ==== plasma5-disks ==== Version update (5.26.1 -> 5.26.2) - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== plasma5-integration ==== Version update (5.26.1 -> 5.26.2) Subpackages: plasma5-integration-plugin plasma5-integration-plugin-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== plasma5-openSUSE ==== Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE plasma5-workspace-branding-openSUSE sddm-theme-openSUSE - Update to 5.26.2 ==== plasma5-pa ==== Version update (5.26.1 -> 5.26.2) Subpackages: plasma5-pa-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== plasma5-systemmonitor ==== Version update (5.26.1 -> 5.26.2) - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== plasma5-thunderbolt ==== Version update (5.26.1 -> 5.26.2) - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== plasma5-workspace ==== Version update (5.26.1 -> 5.26.2) Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-lang plasma5-workspace-libs xembedsniproxy - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - Changes since 5.26.1: * Revert "applets/notifications: allow screen reader to read notification body in FullRepresentation" (kde#460895) * runners/kill: Fix config group name mismatch (kde#460899) * [kcms/kcm_regionandlanguage] fix config not saved after clicking 'defaults' and 'save' (kde#460842) * disable automatic portal launching early on (kde#458865) * wallpapers/image: disable animated wallpaper on X11 * wallpapers/image: fall back to default wallpaper when url is empty (kde#460692) * systemtray: Avoid dbus calls after exit (kde#460814) * Save layout immediately after a resolution change triggered relayout * Remove unnecessary heuristic relayout function call * Use KeySequenceItem.captureFinished to notify a binding has been entered (kde#459322) ==== plymouth ==== Version update (22.02.122+77.c09c651 -> 22.02.122+94.4bd41a3) Subpackages: libply-splash-core5 libply-splash-graphics5 libply5 plymouth-dracut plymouth-lang plymouth-plugin-label plymouth-plugin-two-step plymouth-scripts plymouth-theme-bgrt plymouth-theme-spinner - Update to version 22.02.122+94.4bd41a3: * plugins: label-freetype: Fixes calculation of line width. * plugins: label-freetype: Fix font alignment. * populate-initrd: Install label-freetype plugin into initrd if available. * plugins: Add FreeType-based label plugin. * ply-label: Don't crash if label plugin fails. * details: Don't replay boot buffer on serial consoles. * main: Add "reload" command. * ply-device-manager: Add plymouth.force-frame-buffer-on-boot parameter, allow to choose force framebuffer mode. * systemd: Add mkinitcpio support to plymouth-switch-root-initramfs.service. * Rebase plymouth-only_use_fb_for_cirrus_bochs.patch; for build success. * Rebase plymouth-watermark-config.patch; for build success. * Drop 0001-Add-label-ft-plugin.patch; for already merged by upstream. * Drop 0002-Install-label-ft-plugin-into-initrd-if-available.patch for already merged by upstream. * Drop 0003-fix_null_deref.patch for already merged by upstream. * Drop 0004-label-ft-fix-alignment.patch for already merged by upstream. ==== polkit-default-privs ==== Version update (1550+20221018.7616c25 -> 1550+20221102.9f111fa) - Update to version 1550+20221102.9f111fa: * allow local logged in users to change NetworkManager configuration, keyboard layout and locale settings without entering a password (in the easy profile). ==== polkit-kde-agent-5 ==== Version update (5.26.1 -> 5.26.2) Subpackages: polkit-kde-agent-5-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== powerdevil5 ==== Version update (5.26.1 -> 5.26.2) Subpackages: powerdevil5-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== protobuf ==== Version update (21.6 -> 21.9) - update to 21.9: * Ruby * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++ * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private "parsing constructor" to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. ==== python-Deprecated ==== - Provid canonicalized lowercase name - Don't catchall files section ==== python-PyJWT ==== Version update (2.5.0 -> 2.6.0) - Clean up SPEC file. - Update to 2.6.0 Changed * bump up cryptography >= 3.4.0 by @jpadilla in #807 * Remove types-cryptography from crypto extra by @lautat in #805 Fixed * Invalidate token on the exact second the token expires #797 * fix: version 2.5.0 heading typo by @c0state in #803 Added * Adding validation for issued_at when iat > (now + leeway) as ImmatureSignatureError by @sriharan16 in #794 ==== python-SQLAlchemy ==== Version update (1.4.41 -> 1.4.42) - update to version 1.4.42: * orm + The Session.execute.bind_arguments dictionary is no longer mutated when passed to Session.execute() and similar; instead, it’s copied to an internal dictionary for state changes. Among other things, this fixes and issue where the “clause” passed to the Session.get_bind() method would be incorrectly referring to the Select construct used for the “fetch” synchronization strategy, when the actual query being emitted was a Delete or Update. This would interfere with recipes for “routing sessions”. References: #8614 + A warning is emitted in ORM configurations when an explicit remote() annotation is applied to columns that are local to the immediate mapped class, when the referenced class does not include any of the same table columns. Ideally this would raise an error at some point as it’s not correct from a mapping point of view. References: #7094 + A warning is emitted when attempting to configure a mapped class within an inheritance hierarchy where the mapper is not given any polymorphic identity, however there is a polymorphic discriminator column assigned. Such classes should be abstract if they never intend to load directly. References: #7545 + Fixed regression for 1.4 in contains_eager() where the “wrap in subquery” logic of joinedload() would be inadvertently triggered for use of the contains_eager() function with similar statements (e.g. those that use distinct(), limit() or offset()), which would then lead to secondary issues with queries that used some combinations of SQL label names and aliasing. This “wrapping” is not appropriate for contains_eager() which has always had the contract that the user-defined SQL statement is unmodified with the exception of adding the appropriate columns to be fetched. References: #8569 + Fixed regression where using ORM update() with synchronize_session=’fetch’ would fail due to the use of evaluators that are now used to determine the in-Python value for expressions in the the SET clause when refreshing objects; if the evaluators make use of math operators against non-numeric values such as PostgreSQL JSONB, the non-evaluable condition would fail to be detected correctly. The evaluator now limits the use of math mutation operators to numeric types only, with the exception of “+” that continues to work for strings as well. SQLAlchemy 2.0 may alter this further by fetching the SET values completely rather than using evaluation. References: [#8507] * engine + Fixed issue where mixing “*” with additional explicitly-named column expressions within the columns clause of a select() construct would cause result-column targeting to sometimes consider the label name or other non-repeated names to be an ambiguous target. References: #8536 * asyncio + Improved implementation of asyncio.shield() used in context managers as added in #8145, such that the “close” operation is enclosed within an asyncio.Task which is then strongly referenced as the operation proceeds. This is per Python documentation indicating that the task is otherwise not strongly referenced. References: #8516 * postgresql + aggregate_order_by now supports cache generation. References: [#8574] * mysql + Adjusted the regular expression used to match “CREATE VIEW” when testing for views to work more flexibly, no longer requiring the special keyword “ALGORITHM” in the middle, which was intended to be optional but was not working correctly. The change allows view reflection to work more completely on MySQL-compatible variants such as StarRocks. Pull request courtesy John Bodley. References: #8588 * mssql + Fixed yet another regression in SQL Server isolation level fetch (see #8231, #8475), this time with “Microsoft Dynamics CRM Database via Azure Active Directory”, which apparently lacks the system_views view entirely. Error catching has been extended that under no circumstances will this method ever fail, provided database connectivity is present. References: #8525 - Also remove the conditional definition of python_module. ==== python-Twisted ==== Version update (22.4.0 -> 22.10.0) Subpackages: python310-Twisted python310-Twisted-tls - Update to 22.10.0: * Features + twisted.internet.defer.maybeDeferred will now schedule a coroutine result as asynchronous operation and return a Deferred that fires with the result of the coroutine. + Twisted now works with Cryptography versions 37 and above, and as a result, its minimum TLS protocol version has been upgraded to TLSv1.2. + The systemd: endpoint parser now supports "named" file descriptors. This is a more reliable mechanism for choosing among several inherited descriptors. * Bugfixes + twisted.internet.base.DelayedCall.__repr__ will no longer raise AttributeError if the DelayedCall was created before debug mode was enabled. As a side-effect, twisted.internet.base.DelayedCall.creator is now defined as None in cases where previously it was undefined. + twisted.internet.iocpreactor.udp now properly re-queues its listener when there is a failure condition on the read from the socket. + twisted.internet.defer.inlineCallbacks no longer causes confusing StopIteration tracebacks to be added to the top of tracebacks originating in triggered callbacks. + The typing of twisted.internet.task.react no longer constrains the type of argv. + ContextVar.reset() now works correctly inside inlineCallbacks functions and coroutines. + Implement twisted.python.failure._Code.co_positions for compatibility with Python 3.11. + twisted.pair.tuntap._TUNSETIFF and ._TUNGETIFF values are now correct parisc, powerpc and sparc architectures. + twisted.web.vhost.NameVirtualHost will no longerreturn a NoResource error. (bsc#1204781, CVE-2022-39348) * Deprecations and Removals + Python 3.6 is no longer supported. + Twisted 22.4.0 was the last version with support for Python 3.6. + twisted.protocols.dict, which was deprecated in 17.9, has been removed. - Remove Python 3.6 Requires. - Drop patch skip-namespacewithwhitespace.patch, no longer required. - Refresh all patches. ==== python-charset-normalizer ==== Version update (2.1.1 -> 3.0.0) - Update to 3.0.0 Added * Extend the capability of explain=True when cp_isolation contains at most two entries (min one), will log in details of the Mess-detector results Support for alternative language frequency set in charset_normalizer.assets.FREQUENCIES Add parameter language_threshold in from_bytes, from_path and from_fp to adjust the minimum expected coherence ratio normalizer --version now specify if current version provide extra speedup (meaning mypyc compilation whl) * Changed Build with static metadata using 'build' frontend Make the language detection stricter Optional: Module md.py can be compiled using Mypyc to provide an extra speedup up to 4x faster than v2.1 * Fixed CLI with opt --normalize fail when using full path for files TooManyAccentuatedPlugin induce false positive on the mess detection when too few alpha character have been fed to it Sphinx warnings when generating the documentation * Removed Coherence detector no longer return 'Simple English' instead return 'English' Coherence detector no longer return 'Classical Chinese' instead return 'Chinese' Breaking: Method first() and best() from CharsetMatch UTF-7 will no longer appear as "detected" without a recognized SIG/mark (is unreliable/conflict with ASCII) Breaking: Class aliases CharsetDetector, CharsetDoctor, CharsetNormalizerMatch and CharsetNormalizerMatches Breaking: Top-level function normalize Breaking: Properties chaos_secondary_pass, coherence_non_latin and w_counter from CharsetMatch Support for the backport unicodedata2 ==== python-cryptography ==== Version update (38.0.1 -> 38.0.3) - update to 38.0.3: - Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.7, which resolves CVE-2022-3602 and CVE-2022-3786. ==== python-lark ==== Version update (1.1.2 -> 1.1.3) - Update to v1.1.3 Various fixes and refactors * Add user to cache filename; better handle cache load/save failures by @klauer in #1179 * refactor: add 'usedforsecurity=False' arg to hashlib.md5 usage by @cquick01 in #1190 * Create lark/grammars/init.py by @chanicpanic in #1171 * Adjust imports for Python 3.11 by @The-Compiler in #1140 * Fix for issue #1173 by @erezsh in #1198 * Add match stmt support to python.lark by @joseph-e-k in #1123 * Added match stmt support to python.lark by @MegaIng in #1016 * Linting to fix minor issues by @Erotemic in #1128 * Simplify lexer: Use Match.lastgroup instead of lastindex by @erezsh in #1129 * Fix confusing import in examples by @JonasLoos in #1138 * Move iter_subtrees_topdown into standalone by @camgunz in #1137 * Fix 1146: use the class's get instead of the instance's get by @MegaIng in #1147 * fix: remove Python 2 legacy packaging code by @henryiii in #1148 * Fix for PR #1149 by @erezsh in #1150 * Old link for sppf is no longer valid. Point to web archive instead. by @patrickhuber in #1159 * Fix ForestToPyDotVisitor by @chanicpanic in #1167 * Close file-like objects to address ResourceWarning. by @shawnbrown in #1183 * Minor adjustments to PR #1179 by @erezsh in #1189 * Adjustments for PR #1152 by @erezsh in #1191 * Remove trailing whitespace by @bcr in #1196 ==== python-numpy ==== Version update (1.21.6 -> 1.23.4) - Update to 1.23.4 * NumPy 1.23.4 is a maintenance release that fixes bugs discovered after the 1.23.3 release and keeps the build infrastructure current. The main improvements are fixes for some annotation corner cases, a fix for a long time nested_iters memory leak, and a fix of complex vector dot for very large arrays. The Python versions supported for this release are 3.8-3.11. - Revert some spec-cleaner "Verschlimmbesserungen" - Remove old unused directives for Python <=3.6 from specfile - specfile: * remove patch numpy-fix-cpu_asimdfhm.patch, included upstream * update line numbers for other patches * require c++ compiler - update to version 1.23.3: * #22136: BLD: Add Python 3.11 wheels to aarch64 build * #22148: MAINT: Update setup.py for Python 3.11. * #22155: CI: Test NumPy build against old versions of GCC(6, 7, 8) * #22156: MAINT: support IBM i system * #22195: BUG: Fix circleci build * #22214: BUG: Expose heapsort algorithms in a shared header * #22215: BUG: Support using libunwind for backtrack * #22216: MAINT: fix an incorrect pointer type usage in f2py * #22220: BUG: change overloads to play nice with pyright. * #22221: TST,BUG: Use fork context to fix MacOS savez test * #22222: TYP,BUG: Reduce argument validation in C-based __class_getitem__ * #22223: TST: ensure np.equal.reduce raises a TypeError * #22224: BUG: Fix the implementation of numpy.array_api.vecdot * #22230: BUG: Better report integer division overflow (backport) - changes from version 1.23.2: * #22030: ENH: Add __array_ufunc__ typing support to the nin=1 ufuncs * #22031: MAINT, TYP: Fix np.angle dtype-overloads * #22032: MAINT: Do not let _GenericAlias wrap the underlying classes'... * #22033: TYP,MAINT: Allow einsum subscripts to be passed via integer... * #22034: MAINT,TYP: Add object-overloads for the np.generic rich comparisons * #22035: MAINT,TYP: Allow the squeeze and transpose method to... * #22036: BUG: Fix subarray to object cast ownership details * #22037: BUG: Use Popen to silently invoke f77 -v * #22038: BUG: Avoid errors on NULL during deepcopy * #22039: DOC: Add versionchanged for converter callable behavior. * #22057: MAINT: Quiet the anaconda uploads. * #22078: ENH: reorder includes for testing on top of system installations... * #22106: TST: fix test_linear_interpolation_formula_symmetric * #22107: BUG: Fix skip condition for test_loss_of_precision[complex256] * #22115: BLD: Build python3.11.0rc1 wheels. - changes from version 1.23.1: * #21866: BUG: Fix discovered MachAr (still used within valgrind) * #21867: BUG: Handle NaNs correctly for float16 during sorting * #21868: BUG: Use keepdims during normalization in np.average and... * #21869: DOC: mention changes to max_rows behaviour in np.loadtxt * #21870: BUG: Reject non integer array-likes with size 1 in delete * #21949: BLD: Make can_link_svml return False for 32bit builds on x86_64 * #21951: BUG: Reorder extern "C" to only apply to function declarations... * #21952: BUG: Fix KeyError in crackfortran operator support - changes from version 1.23.0: * long changelog https://github.com/numpy/numpy/blob/main/doc/changelog/1.23.0-changelog.rst - changes from version 1.22.4: * #21191: TYP, BUG: Fix np.lib.stride_tricks re-exported under the... * #21192: TST: Bump mypy from 0.931 to 0.940 * #21243: MAINT: Explicitly re-export the types in numpy._typing * #21245: MAINT: Specify sphinx, numpydoc versions for CI doc builds * #21275: BUG: Fix typos * #21277: ENH, BLD: Fix math feature detection for wasm * #21350: MAINT: Fix failing simd and cygwin tests. * #21438: MAINT: Fix failing Python 3.8 32-bit Windows test. * #21444: BUG: add linux guard per #21386 * #21445: BUG: Allow legacy dtypes to cast to datetime again * #21446: BUG: Make mmap handling safer in frombuffer * #21447: BUG: Stop using PyBytesObject.ob_shash deprecated in Python 3.11. * #21448: ENH: Introduce numpy.core.setup_common.NPY_CXX_FLAGS * #21472: BUG: Ensure compile errors are raised correclty * #21473: BUG: Fix segmentation fault * #21474: MAINT: Update doc requirements * #21475: MAINT: Mark npy_memchr with no_sanitize("alignment") on clang * #21512: DOC: Proposal - make the doc landing page cards more similar... * #21525: MAINT: Update Cython version to 0.29.30. * #21536: BUG: Fix GCC error during build configuration * #21541: REL: Prepare for the NumPy 1.22.4 release. * #21547: MAINT: Skip tests that fail on PyPy. - changes from version 1.22.3: * #21048: MAINT: Use "3.10" instead of "3.10-dev" on travis. * #21106: TYP,MAINT: Explicitly allow sequences of array-likes in np.concatenate * #21137: BLD,DOC: skip broken ipython 8.1.0 ... changelog too long, skipping 70 lines ... https://github.com/numpy/numpy/blob/main/doc/changelog/1.22.0-changelog.rst ==== python-oauthlib ==== Version update (3.2.1 -> 3.2.2) - update to version 3.2.2: * OAuth2.0 Provider: * CVE-2022-36087 - Also remove the conditional definition of python_module. ==== python-psutil ==== Version update (5.9.2 -> 5.9.3) - update to version 5.9.3: * Enhancements + 2040, [macOS]: provide wheels for arm64 architecture. (patch by Matthieu Darbois) * Bug fixes + 2116, [macOS], [critical]: `psutil.net_connections`_ fails with RuntimeError. + 2135, [macOS]: Process.environ() may contain garbage data. Fix out-of-bounds read around sysctl_procargs. (patch by Bernhard Urban-Forster) + 2138, [Linux], [critical]: can't compile psutil on Android due to undefined ethtool_cmd_speed symbol. + 2142, [POSIX]: net_if_stats() 's flags on Python 2 returned unicode instead of str. (patch by Matthieu Darbois) + 2147, [macOS] Fix disk usage report on macOS 12+. (patch by Matthieu Darbois) + 2150, [Linux] Process.threads() may raise NoSuchProcess. Fix race condition. (patch by Daniel Li) + 2153, [macOS] Fix race condition in test_posix.TestProcess.test_cmdline. (patch by Matthieu Darbois) ==== python-pyOpenSSL ==== Version update (22.0.0 -> 22.1.0) - Upstream post-release doc fix (gh#pyca/pyopenssl#1150) * The minimum cryptography version is now 38.0.x (and we now pin releases against cryptography major versions to prevent future breakage) - Add pyOpenSSL-pr1158-conditional-__all__.patch gh#pyca/pyopenssl#1158 - update to 22.1.0: * Remove support for SSLv2 and SSLv3. * The minimum ``cryptography`` version is now 37.0.2. * The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored, changing its internal attributes. * Add ``OpenSSL.SSL.Connection.set_verify`` and ``OpenSSL.SSL.Connection.get_verify_mode`` to override the context object's verification flags. * Add ``OpenSSL.SSL.Connection.use_certificate`` and ``OpenSSL.SSL.Connection.use_privatekey`` to set a certificate per connection (and not just per context) ==== python-pymongo ==== Version update (4.2.0 -> 4.3.2) - Update to 4.3.2 Complete Changelog https://pymongo.readthedocs.io/en/4.3.2/changelog.html ==== python-pytz ==== Version update (2022.4 -> 2022.5) - Update to 2022.5 * IANA 2022e Squashed 'tz/' changes from 0fc8f915a..16bd7a384 c4eb3fcf2 Release 2022e 842ad565d Add Jordan URL from Brian Inglis 3aa74b7f7 Jordan to switch from +02/+03 with DST to plain +03 59aa97e8e Syria to switch from +02/+03 with DST to plain +03 f29068291 Prefer UT for whole-hour UT transitions 7f860c0fe Circa-1922 Mexico fixes ff2e2a09a Treat 1931 changes in Mexico as DST ==== python-requests ==== - allow using newest version of charset-normalizer (3.0+) * requests-allow-charset-normalizer-3.patch ==== python-typing_extensions ==== Version update (4.3.0 -> 4.4.0) - Clean specfile from old cruft. - Requires Python 3.7+ - Fix testsuite: Must test as module; don't need multibuild. - Update Summary and Description - Update to version 4.4.0 * Add `typing_extensions.Any` a backport of python 3.11's Any class which is subclassable at runtime. (backport from python/cpython#31841, by Shantanu and Jelle Zijlstra). Patch by James Hilton-Balfe (@Gobot1234). * Add initial support for TypeVarLike `default` parameter, PEP 696. Patch by Marc Mueller (@cdce8p). * Runtime support for PEP 698, adding `typing_extensions.override`. Patch by Jelle Zijlstra. * Add the `infer_variance` parameter to `TypeVar`, as specified in PEP 695. Patch by Jelle Zijlstra. ==== python-urllib3 ==== - Fix pycache when undbundling six ==== python-zope.interface ==== Version update (5.4.0 -> 5.5.0) - Update to version 5.5.0 * Add support for Python 3.10 and 3.11 (as of 3.11.0rc2). * Add missing Trove classifier showing support for Python 3.9. * Add some more entries to zope.interface.interfaces.__all__. * Disable unsafe math optimizations in C code. See pull request 262. ==== python310 ==== Version update (3.10.7 -> 3.10.8) Subpackages: python310-curses python310-dbm - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid CVE-2022-42919 (bsc#1204886) avoiding Linux specific local privilege escalation via the multiprocessing forkserver start method. - Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). - Update to 3.10.8: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). - os.sched_yield() now release the GIL while calling sched_yield(2). - Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference. - Fixed a missing incref/decref pair in Exception.__setstate__(). - Fix overly-broad source position information for chained comparisons used as branching conditions. - Fix undefined behaviour in _testcapimodule.c. - At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which requested to drop the GIL, whereas the thread already exited. To fix the race condition, the thread which requested the GIL drop now resets its request before exiting. - Fix a possible assertion failure, fatal error, or SystemError if a line tracing event raises an exception while opcode tracing is enabled. - Fix undefined behaviour in C code of null pointer arithmetic. - Do not expose KeyWrapper in _functools. - When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted. - Disable incorrect pickling of the C implemented classmethod descriptors. - Fix AttributeError missing name and obj attributes in . object.__getattribute__() bpo-42316: Document some places . where an assignment expression needs parentheses . - Wrap network errors consistently in urllib FTP support, so the test suite doesn’t fail when a network is available but the public internet is not reachable. - Fixes AttributeError when subprocess.check_output() is used with argument input=None and either of the arguments encoding or errors are used. - Avoid spurious tracebacks from asyncio when default executor cleanup is delayed until after the event loop is closed (e.g. as the result of a keyboard interrupt). - Avoid a crash in the C version of asyncio.Future.remove_done_callback() when an evil argument is passed. - Remove tokenize.NL check from tabnanny. - Make Semaphore run faster. - Fix generation of the default name of tkinter.Checkbutton. Previously, checkbuttons in different parent widgets could have the same short name and share the same state if arguments “name” and “variable” are not specified. Now they are globally unique. - Update bundled libexpat to 2.4.9 - Fix race condition in asyncio where process_exited() called before the pipe_data_received() leading to inconsistent output. - Fixed check in multiprocessing.resource_tracker that guarantees that the length of a write to a pipe is not greater than PIPE_BUF. - Corrected type annotation for dataclass attribute pstats.FunctionProfile.ncalls to be str. - Fix the faulthandler implementation of faulthandler.register(signal, chain=True) if the sigaction() function is not available: don’t call the previous signal handler if it’s NULL. - In inspect, fix overeager replacement of “typing.” in formatting annotations. - Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to the created task, so that it’s not garbage collected - Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) in codeop.compile_command() when checking for incomplete input. Previously it emitted warnings and raised a SyntaxError. Now it always returns None for incomplete input without emitting any warnings. - Fixed flickering of the turtle window when the tracer is turned off. - Allow asyncio.StreamWriter.drain() to be awaited concurrently by multiple tasks. - Fix broken asyncio.Semaphore when acquire is cancelled. ... changelog too long, skipping 14 lines ... - Remove upstreamed test-int-timing.patch. ==== python310-core ==== Version update (3.10.7 -> 3.10.8) Subpackages: libpython3_10-1_0 python310-base - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid CVE-2022-42919 (bsc#1204886) avoiding Linux specific local privilege escalation via the multiprocessing forkserver start method. - Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). - Update to 3.10.8: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). - os.sched_yield() now release the GIL while calling sched_yield(2). - Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference. - Fixed a missing incref/decref pair in Exception.__setstate__(). - Fix overly-broad source position information for chained comparisons used as branching conditions. - Fix undefined behaviour in _testcapimodule.c. - At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which requested to drop the GIL, whereas the thread already exited. To fix the race condition, the thread which requested the GIL drop now resets its request before exiting. - Fix a possible assertion failure, fatal error, or SystemError if a line tracing event raises an exception while opcode tracing is enabled. - Fix undefined behaviour in C code of null pointer arithmetic. - Do not expose KeyWrapper in _functools. - When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted. - Disable incorrect pickling of the C implemented classmethod descriptors. - Fix AttributeError missing name and obj attributes in . object.__getattribute__() bpo-42316: Document some places . where an assignment expression needs parentheses . - Wrap network errors consistently in urllib FTP support, so the test suite doesn’t fail when a network is available but the public internet is not reachable. - Fixes AttributeError when subprocess.check_output() is used with argument input=None and either of the arguments encoding or errors are used. - Avoid spurious tracebacks from asyncio when default executor cleanup is delayed until after the event loop is closed (e.g. as the result of a keyboard interrupt). - Avoid a crash in the C version of asyncio.Future.remove_done_callback() when an evil argument is passed. - Remove tokenize.NL check from tabnanny. - Make Semaphore run faster. - Fix generation of the default name of tkinter.Checkbutton. Previously, checkbuttons in different parent widgets could have the same short name and share the same state if arguments “name” and “variable” are not specified. Now they are globally unique. - Update bundled libexpat to 2.4.9 - Fix race condition in asyncio where process_exited() called before the pipe_data_received() leading to inconsistent output. - Fixed check in multiprocessing.resource_tracker that guarantees that the length of a write to a pipe is not greater than PIPE_BUF. - Corrected type annotation for dataclass attribute pstats.FunctionProfile.ncalls to be str. - Fix the faulthandler implementation of faulthandler.register(signal, chain=True) if the sigaction() function is not available: don’t call the previous signal handler if it’s NULL. - In inspect, fix overeager replacement of “typing.” in formatting annotations. - Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to the created task, so that it’s not garbage collected - Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) in codeop.compile_command() when checking for incomplete input. Previously it emitted warnings and raised a SyntaxError. Now it always returns None for incomplete input without emitting any warnings. - Fixed flickering of the turtle window when the tracer is turned off. - Allow asyncio.StreamWriter.drain() to be awaited concurrently by multiple tasks. - Fix broken asyncio.Semaphore when acquire is cancelled. ... changelog too long, skipping 14 lines ... - Remove upstreamed test-int-timing.patch. ==== qca-qt5 ==== Version update (2.3.4 -> 2.3.5) Subpackages: libqca-qt5-2 qca-qt5-plugins - BR ca-certificates-mozilla for the testsuite - Have the devel package require the library - Drop qca-2.3.0-fixDSA.patch, that was fixed in 2014 already by just disabling DSA - Add upstream change: * 0001-hashunittest-run-sha384longtest-only-for-providers-t.patch - Update to 2.3.5 * find dependencies of Qca when the cmake package is used by a project * Handle openssl without case5 support * Update rootcerts.pem * SafeSocketNotifier: fix socket FD type and remove signal argument - Drop patch, merged upstream: * 0001-Make-filewatchunittest-much-quicker.patch ==== qemu ==== - qtests test are not realiable when run inside OBS builders, so let's disable that part of the testsuite for now. There is work ongoing to run it somewhere else (on dedicated hosts) to avoid loosing coverage. (bsc#1204566) - Improve dependency handling (e.g., what's recommended vs. what's required. - Add a subpackage (qemu-headless) that brings in all the packages that are needed for creating VMs with tools like virt-install or VirtManager, run either locally or from a remote host. (bsc#1202166) - Build fails due to exceeding 10 GB disk limit (10430 MB): raise disk space contraint to 12 GB ==== raspberrypi-firmware ==== Version update (2022.10.18 -> 2022.10.26) - Update to 13691cee9 (2022-10-26): * firmware: arm_loader: Add vcmailbox support for 256bit OTP customer device key See: raspberrypi/usbboot#163 * firmware: il: video_encode: MJPEG is not conditional on being RASPBERRYPI_FULL ==== raspberrypi-firmware-config ==== Version update (2022.10.18 -> 2022.10.26) - Update to 13691cee9 (2022-10-26): * firmware: arm_loader: Add vcmailbox support for 256bit OTP customer device key See: raspberrypi/usbboot#163 * firmware: il: video_encode: MJPEG is not conditional on being RASPBERRYPI_FULL ==== raspberrypi-firmware-dt ==== Version update (2022.10.03 -> 2022.10.26) - Update to 692039799e78 (2022-10-26) ==== redis ==== - Fix CVE-2022-3647, crash in sigsegvHandler debug function (CVE-2022-3647, bsc#1204633) * cve-2022-3647.patch ==== rgb ==== Version update (1.0.6 -> 1.1.0) - Update to version 1.1.0 * This release adds a new configure option --with-rgb-db-library to allow builders more control over which dbm or ndbm compatible library is used if --with-rgb-db-type is set to one of the non-default database options instead of the default of "text". The --with-rgb-db-library option can allow use of libraries that are not normally searched for (gdbm_compat) or to bypass libraries we do normally search for (like Berkeley db). ==== rubygem-nokogiri ==== Version update (1.13.8 -> 1.13.9) updated to version 1.13.9 see installed CHANGES.md ==== rust-keylime ==== Version update (0.1.0+git.1664480840.0ea0492 -> 0.1.0+git.1666019359.f5de47b) - Add cargo-audit service per policy - Update to version 0.1.0+git.1666019359.f5de47b: * README: mark Rust agent as the official one, fix cargo run command ==== samba ==== Version update (4.17.1+git.270.17afe7cb6b -> 4.17.2+git.273.a55a83528b9) Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-libs samba-libs samba-libs-python3 samba-python3 - Update to 4.17.2 * CVE-2022-3592 [SECURITY] samba: Wide links protection broken; (bso#15207); (bsc#1204499). * CVE-2022-3437 [SECURITY] samba: Buffer overflow in Heimdal unwrap_des3();(bso#15134); (bsc#1204254). ==== sddm ==== Subpackages: sddm-branding-openSUSE - Add patch to avoid launching xdg-desktop-portal by accident: * 0001-disable-automatic-portal-launching.patch ==== sessreg ==== Version update (1.1.2 -> 1.1.3) - Update to version 1.1.3 * Fix spelling/wording issues * gitlab CI: add a basic build test * gitlab CI: stop requiring Signed-off-by in commits * Fix -Wstringop-truncation warnings in safe_strncpy() ==== sg3_utils ==== Version update (1.47+5.d13bc56 -> 1.48~20221101.6d3bd26) - Update to new upstream version 1.48~20221101.6d3bd26: (pre-release sg3_utils-1.48 [20221101] [svn: r978]) * sg_read_block_limits: fix granularity value, add --mloi option; sg_lib: add sg_ll_read_block_limits_v2(); sg_logs: json work * sg_stream_ctl: --get fix better; sg_rem_rest_elem: cleanup * sg_stream_ctl: fix --get indexing; fix some './configure --enable-debug' issues * sg_inq+sg_vpd: JSON updates * rescan-scsi-bus: speed large multipath scans * rescan-scsi-bus.sh speed testonline() * rescan-scsi-bus.sh: add option --no-lip-scan * rescan-scsi-bus: sgdevice26: do not traverse sg class if scsi_device isnot added * rescan-scsi-bus.sh: fix handling of '-I ' option * Prepare for removing /proc/scsi from the Linux kernel * sg_inq+sg_vpd: merge VPD page processing * sg_get_elem_status: change '--maxlen=' option default to 1056 (was 32), other cleanups * sg_rep_zones: add experimental --json[=JO] option and generation * sg_logs: add --exclude and --undefined options * zoned disk man page improvements * sg_rep_zones: add --statistics option * sg_read_buffer: add --eh_code= and --no_output options * sg_format: allow disk formats on ZBC (zoned) disks * sg_rep_zones: add --brief option and --find ZT option * sg_rep_density: new utility for decoding the response of Report density support command [ssc (tape)] * Zoned block device characteristics VPD page support ==== shadow ==== Subpackages: libsubid4 login_defs - bsc#1204811: Fix chage date format string regression * Add shadow-chage-format.patch - Add shadow-prefix-overflow.patch: Fix buffer overflow when calling useradd with --prefix See https://github.com/shadow-maint/shadow/pull/588 ==== signon-kwallet-extension ==== Version update (22.08.2 -> 22.08.3) - Update to 22.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.08.3/ ==== sqlite3 ==== Version update (3.39.3 -> 3.39.4) Subpackages: libsqlite3-0 sqlite3-tcl - update to 3.39.4: * Fix a long-standing problem in the btree balancer that might, in rare cases, cause database corruption if the application uses an application-defined page cache * Enhance SQLITE_DBCONFIG_DEFENSIVE so that it disallows CREATE TRIGGER statements if one or more of the statements in the body of the trigger write into shadow tables * Fix a possible integer overflow in the size computation for a memory allocation in FTS3. * Fix a misuse of the sqlite3_set_auxdata() interface in the ICU Extension ==== strace ==== Version update (5.19 -> 6.0) - Update to strace 6.0 * Enhanced decoding of PTP_* ioctl commands. * Updated decoding of setns syscall. * Updated lists of BPF_*, BTRFS_*, FAN_*, ETH_P_*, KVM_*, NDTPA_*, NT_*, PERF_*, and TLS_INFO_* constants. * Updated lists of ioctl commands from Linux 6.0. ==== sudo ==== Version update (1.9.11p3 -> 1.9.12) Subpackages: sudo-plugin-python - Added sudo-CVE-2022-43995.patch * CVE-2022-43995 * bsc#1204986 * Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend. - Update to 1.9.12: * Dropped sudo-1.9.10-update_sudouser_to_utf8.patch * Changes in Sudo 1.9.12: * Fixed a bug when logging the command’s exit status in intercept mode. The wrong command could be logged with the exit status. * For ptrace-based intercept mode, sudo will now attempt to verify that the command path name, arguments and environment have not changed from the time when they were authorized by the security policy. The new intercept_verify sudoers setting can be used to control this behavior. * Fixed running commands with a relative path (e.g. ./foo) in intercept mode. Previously, this would fail if sudo’s current working directory was different from that of the command. * Sudo now supports passing the execve(2) system call the NULL pointer for the argv and/or envp arguments when in intercept mode. Linux treats a NULL pointer like an empty array. * The sudoers LDAP schema now allows sudoUser, sudoRunasUser and sudoRunasGroup to include UTF-8 characters, not just 7-bit ASCII. * Fixed a problem with sudo -i on SELinux when the target user’s home directory is not searchable by sudo. GitHub issue #160. * Neovim has been added to the list of visudo editors that support passing the line number on the command line. * Fixed a bug in sudo’s SHA384 and SHA512 message digest padding. * Added a new -N (no-update) command line option to sudo which can be used to prevent sudo from updating the user’s cached credentials. It is now possible to determine whether or not a user’s cached credentials are currently valid by running: $ sudo -Nnv and checking the exit value. One use case for this is to indicate in a shell prompt that sudo is “active” for the user. * PAM approval modules are no longer invoked when running sub-commands in intercept mode unless the intercept_authenticate option is set. There is a substantial performance penalty for calling into PAM for each command run. PAM approval modules are still called for the initial command. * Intercept mode on Linux now uses process_vm_readv(2) and process_vm_writev(2) if available. * The XDG_CURRENT_DESKTOP environment variable is now preserved by default. This makes it possible for graphical applications to choose the correct theme when run via sudo. * On 64-bit systems, if sudo fails to load a sudoers group plugin, it will use system-specific heuristics to try to locate a 64-bit version of the plugin. * The cvtsudoers manual now documents the JSON and CSV output formats. GitHub issue #172. * Fixed a bug where sub-commands were not being logged to a remote log server when log_subcmds was enabled. GitHub issue #174. * The new log_stdin, log_stdout, log_stderr, log_ttyin, and log_ttyout sudoers settings can be used to support more fine-grained I/O logging. The sudo front-end no longer allocates a pseudo-terminal when running a command if the I/O logging plugin requests logging of stdin, stdout, or stderr but not terminal input/output. * Quieted a libgcrypt run-time initialization warning. This fixes Debian bug #1019428 and Ubuntu bug #1397663. * Fixed a bug in visudo that caused literal backslashes to be removed from the EDITOR environment variable. GitHub issue #179. * The sudo Python plugin now implements the find_spec method instead of the the deprecated find_module. This fixes a test failure when a newer version of setuptools that doesn’t include find_module is found on the system. * Fixed a bug introduced in sudo 1.9.9 where sudo_logsrvd created the process ID file, usually /var/run/sudo/sudo_logsrvd.pid, as a directory instead of a plain file. The same bug could result in I/O log directories that end in six or more X’s being created literally in addition to the name being used as a template for the mkdtemp(3) function. * Fixed a long-standing bug where a sudoers rule with a command line argument of “”, which indicates the command may be run with no arguments, would also match a literal "" on the command line. GitHub issue #182. * Added the -I option to visudo which only edits the main sudoers file. Include files are not edited unless a syntax error is found. * Fixed sudo -l -U otheruser output when the runas list is empty. Previously, sudo would list the invoking user instead of the list user. GitHub issue #183. * Fixed the display of command tags and options in sudo -l output when the RunAs user or group changes. A new line is started for RunAs changes which means we need to display the command tags and options again. GitHub issue #184. * The sesh helper program now uses getopt_long(3) to parse the command line options. * The embedded copy of zlib has been updated to version 1.2.13. * Fixed a bug that prevented event log data from being sent to the log server when I/O logging was not enabled. This only affected systems without PAM or configurations where the pam_session and pam_setcred options were disabled in the sudoers file. * Fixed a bug where sudo -l output included a carriage return after the newline. This is only needed when displaying to a terminal in raw mode. Bug #1042. ==== suse-module-tools ==== Version update (16.0.23 -> 16.0.26) * Revert "Split kernel scriptlets into separate sub-package" (that change broke some package builds on OBS) - Update to version 16.0.25: * 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423) - Update to version 16.0.24: * Split kernel scriptlets into separate sub-package "suse-module-tools-scriptlets" on Tumbleweed (gh#openSUSE/suse-module-tools#64) ==== syslogd ==== Version update (1.4.1 -> 1.5.1) - Update ot version 1.5.1 ChangeLog for version 1.5.1 Many thanks to Rainer Gerhards, rsyslog project lead, for identifying a problem with how rsyslog's rsyslogd and sysklogd's syslogd check for invalid priority values (CVE-2014-3634). ChangeLog for version 1.5 * Fix file descriptor leak in klogd * Improve argument list processing * Prevent potential buffer overflow in reading messages from the kernel log ringbuffer * Ensure that "len" is not placed in a register, and that the endtty() signal handler is not installed too early which could cause a segmentation fault or worse * klogd will reconnect to the logger (mostly syslogd) after it went away during operation * On heavily loaded system syslog will not spit out error messages anymore when recvfrom() results in EAGAIN * Makefile improvements * Local copy of module.h * Improved manpage * Always log with syslogd's timezone and locale * Remove trailing newline when forwarding messages * Continue working properly if /etc/service is missing and ignore network activity * Continue writing to log files as soon as space becomes available again after a filled up disk * Removed test to detect control characters> 0x20 as this prevented characters encoded in UTF-8 to be properly passed through * Only resolve the local domain when accepting messages from remote * Properly accompany the MARK message with the facility * Improved daemonise routine in klogd to stabilise startup * klogd will not change the console log level anymore unless -c is given * Added back /usr/src/linux/System.map as fall-back location * Rewrite the module symbol parser to read from /proc/kallsyms * Notify the waiting parent process if the client dies * Complete rewrite of the oops kernel module for Linux 2.6 * Only read kernel symbols from /proc/kallsyms if no System.map has been read * Improved symbol lookup * Prevent named pipes from becoming the controlling tty * Fixing a race condition in syslogd discovered in UML * Improved README.linux * Added boundary checks in klogd * Don't block on the network socket in case of packet loss * Don't crash when filesize limit is reached (e.g. without LFS) * Fix spurious hanging syslogd in connection with futex and NPTL introduced in recent glibc versions and Linux 2.6 (details) * Improved syslog.conf(5) manpage * Use socklen_t where appropriate * Use newer query_module function rather than stepping through /dev/kmem. * Remove special treatment of the percent sign in klogd - Remove patches now upstream solved * klogd-obsolete.patch * sysklogd-1.4.1-fileleak.patch * sysklogd-1.4.1-ksym.patch * sysklogd-1.4.1-no_SO_BSDCOMPAT.diff * sysklogd-1.4.1-owl-crunch_list.diff * sysklogd-1.4.1-preserve_percents.patch * sysklogd-1.4.1-utf8.patch - Port patches * sysklogd-1.4.1-CVE-2014-3634.patch * sysklogd-1.4.1-clearing.patch * sysklogd-1.4.1-dgram.patch * sysklogd-1.4.1-dns.patch * sysklogd-1.4.1-dontsleep.patch * sysklogd-1.4.1-forw.patch * sysklogd-1.4.1-klogd24.dif * sysklogd-1.4.1-ksyslogsize.diff * sysklogd-1.4.1-large.patch * sysklogd-1.4.1-nofortify.patch * sysklogd-1.4.1-reload.dif * sysklogd-1.4.1-reopen.patch * sysklogd-1.4.1-showpri.patch * sysklogd-1.4.1-signal.dif * sysklogd-1.4.1-sparc.patch * sysklogd-1.4.1-sysmap-prior-to-2.5.patch * sysklogd-1.4.1-systemd-multi.dif * sysklogd-1.4.1-systemd-sock-name.patch * sysklogd-1.4.1-systemd.dif * sysklogd-1.4.1-unix_sockets.patch * sysklogd-1.4.1.dif * sysklogd-ipv6.diff ==== systemd ==== Version update (251.6 -> 251.7) Subpackages: libsystemd0 libudev1 systemd-doc udev - Import commit c212388f7de8d22a3f7c22b19553548ccc0cdd15 (merge of v251.7) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/f78bba8d037cc26c09bbdd167625b2d7fe1f5a30...c212388f7de8d22a3f7c22b19553548ccc0cdd15 - specfile: reindent comments ==== systemsettings5 ==== Version update (5.26.1 -> 5.26.2) Subpackages: systemsettings5-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - Changes since 5.26.1: * Recognize SystemSettingsExternalApp again - Drop patches, now upstream: * 0001-Recognize-SystemSettingsExternalApp-again.patch ==== tar ==== Subpackages: tar-rmt - Fix unexpected inconsistency when making directory, bsc#1203600 * tar-avoid-overflow-in-symlinks-tests.patch * tar-fix-extract-unlink.patch - Update race condition fix, bsc#1200657 * tar-fix-race-condition.patch - Refresh bsc1200657.patch ==== tigervnc ==== Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module - Release 1.12.0 supersedes the following patches still used with tigervnc 1.10.1 on sle15-sp4/Leap 15.4: * U_0003-Update-Surface_X11.cxx.patch * U_Handle-pending-data-in-TLS-buffers.patch ==== timezone ==== Version update (2022e -> 2022f) - timezone update 2022f: * Mexico will no longer observe DST except near the US border * Chihuahua moves to year-round -06 on 2022-10-30 * Fiji no longer observes DST * Move links to 'backward' * In vanguard form, GMT is now a Zone and Etc/GMT a link * zic now supports links to links, and vanguard form uses this * Simplify four Ontario zones * Fix a Y2438 bug when reading TZif data * Enable 64-bit time_t on 32-bit glibc platforms * Omit large-file support when no longer needed * In C code, use some C23 features if available * Remove no-longer-needed workaround for Qt bug 53071 ==== tracker ==== Version update (3.4.0 -> 3.4.1) Subpackages: libtracker-sparql-3_0-0 tracker-data-files - Update to version 3.4.1: + Fixes to VAPI file. + Fixes to IRI escaping checks in TrackerResource. + Move fts: prefix definition to base ontology. + Improve memory usage of already executed TrackerBatch objects for GC languages. + Replace deprecated egrep tool usage in bash completion script. + Fixes for memory leaks and invalid memory access. + Fix endpoint-side cancellation of client-side D-Bus cancelled queries. + Updated translations. - Drop tracker-no-egrep.patch: Fixed upstream. ==== tracker-miners ==== Version update (3.4.0 -> 3.4.1) Subpackages: tracker-miner-files - Update to version 3.4.1: + Warning fixes to gstreamer extractor. + Silence EXDEV warnings on FANotify monitor failures, likely in some systems. + New handled syscalls in seccomp: set_mempolicy, get_mempolicy, epoll_create1. + Improve performance of lookups of related CUE files for gstreamer media. + Fix memory leaks. + Updated translations. ==== transactional-update ==== Version update (4.0.1 -> 4.1.0) Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit - Version 4.1.0 - t-u: Add a "setup-kdump" command; implements [jsc#PED-1441] - Export TRANSACTIONAL_UPDATE_ROOT (the path to the snapshot) in the update environment; implements [jsc#PED-1078] - Add support for "notify" reboot method for desktop use [gh#openSUSE/transactional-update#93] - Fix kdump initrd recreation detection; the check was performed in the active snapshot instead of the target snapshot - Document register command [bsc#1202900] - Avoid unnecessary snapshots for register command [bsc#1202901] - Various optimizations for register command - Remove bogus error message when triggering reboot - Rework /etc overlay documentation in "The Transactional Update Guide" - Fix incorrect manpage formatting - Remove leftover "salt" reboot method in configuration example file - Replace deprecated std::mem_fn with lambdas ==== usbutils ==== Version update (014 -> 015) - update to 015: * usb-devices: list the root devices in numerical order * usb-devices: use 'local' variable type to handle recursion * lsusb: remove unused wireless check * lsusb: remove wireless descriptor information * usb-devices: fix field width on device speed field * lsusb: fix up Midi Device specification devices * Fix an runtime error reported by undefind sanitizer * lsusb: Improve status display for SuperSpeedPlus hubs * lsusb-t: Fix recursive sorting on child devices. ==== vim ==== Version update (9.0.0709 -> 9.0.0814) Subpackages: vim-data vim-data-common vim-small - Updated to version 9.0.0814, fixes the following problems * Kitty terminal is not recognized. * GUI mouse scrollwheel mappings don't work. * Error if :echowin is preceded by a command modifier * readblob() returns empty when trying to read too much * Test for job writing to buffer fails * sonnet filetype detection has a typo * With 'smoothscroll' typing "0" may not go to the first column * 'langmap' works differently when there are modifiers * Filetype autocmd may cause freed memory access * Crash when trying to divice the largest negative number by -1 * readblob() cannot read from character device. * The modifyOtherKeys flag is set when it should not. * In compiled function ->() on next line not recognized * Clang format configuration files are not recognized. * Order of assert function arguments is reverted. * readblob() always reads the whole file. * At the hit-Enter prompt the End and Home keys may not work. * Dummy buffer ends up in a window * User command does not get number from :tab modifier * Memory leak with empty shell command * ":!" doesn't do anything but does update the previous command. * OpenVPN files are not recognized. * 'scroll' value computed in unexpected location * The libvterm code is outdated. * Quickfix commands may keep memory allocated. * With a Visual block a put command column may go negative. * Indent and option tests fail. * Cannot use 'indentexpr' for Lisp indenting. * Display test for 'listchars' "precedes" fails * Line number not visisble with smoothscroll'', 'nu' and 'rnu' * No autocmd event for changing text in a terminal window * 'scrolloff' does not work well with 'smoothscroll'. * Crash when popup closed in callback * Alloc/free of buffer for each quickfix entry is inefficient * Wrong cursor position when using "gj" and "gk" in a long line. * In script in autoload dir exported variable is not found. - Updated to version 9.0.0743, fixes the following problems * Virtual text "after" not correct with 'nowrap'. * Quitting/unloading/hiding a terminal buffer does not always work properly. * SubStation Alpha files are not recognized. * Wrong column when calling setcursorcharpos() with zero lnum. * of MenuPopup event is expanded like a file name. * With 'nowrap' two virtual text below not displayed correctly. * Wrong argument for append() gives two error messages. * With 'nowrap' virtual text "after" does not scroll left. * Compiler warning for unused variable in tiny build. * Extra empty line between two virtual text "below" when 'wrap' and 'number' are set. * Too many delete() calls in tests. * Virtual text "above" with padding not displayed correctly. * Virtual text "after" does not show with 'list' set. * Extra empty line below virtual text when 'list' is set. * Closure in compiled function gets same variable in block. * Virtual text "after" wraps to next line even when 'wrap' is off and 'list' is set. * Looping over list of lists and changing the list contents works in Vim9 script, not in a compiled function. * Help in the repository differs from patched version too much. * extend() test fails. * The rightleft and arabic features are disabled. * Startup test fails with right-left feature. * clang-tidy configuration files are not recognized. * No check for white space before and after "=<<". (Doug Kearns) * Use of strftime() is not safe. * Cursor position invalid when scrolling with 'smoothscroll' set. (Ernie Rael) * Breakindent and scrolloff tests fail. * Quickfix listing does not handle very long messages. * Lisp word only recognized when a space follows. * Cannot suppress completion "scanning" messages. * Mouse column not correctly used for popup_setpos. * prop_add_list() gives multiple errors for invalid argument. * Cannot specify an ID for each item with prop_add_list(). (Sergey Vlasov) * Starting cscope on Unix does not quote the arguments correctly. (Gary Johnson) ==== vte ==== Version update (0.70.0 -> 0.70.1) - Update to version 0.70.1: + app: - Disconnect signal handlers on dispose. - Filter unwanted environment variables. + build: - Add define for darwin. - Fix netbsd define. + widget: - Don't consume right clicks on gtk4. - Implement clipboard for gtk4. * Updated translations. ==== vulkan-loader ==== Version update (1.3.224.0 -> 1.3.231.0) - Update to release SDK-1.3.231.0 * Don't pass portability bit to ICDs that dont expect it. * Allow implicit layers for all API versions. ==== vulkan-tools ==== Version update (1.3.224.0 -> 1.3.231) - Update to release 1.3.231.0 * Adapt to Vulkan 231 API, but otherwise no interesting changes - Add 0001-cubepp-Fix-presentKHR-assert.patch ==== webkit2gtk3 ==== Version update (2.38.0 -> 2.38.1) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.38.1: + Make xdg-dbus-proxy work if host session bus address is an abstract socket. + Use a single xdg-dbus-proxy process when sandbox is enabled. + Fix high resolution video playback due to unimplemented changeType operation. + Ensure GSubprocess uses posix_spawn() again and inherit file descriptors. + Fix player stucking in buffering (paused) state for progressive streaming. + Do not try to preconnect on link click when link preconnect setting is disabled. + Fix close status code returned when the client closes a WebSocket in some cases. + Fix media player duration calculation. + Fix several crashes and rendering issues. ==== webkit2gtk4 ==== Version update (2.38.0 -> 2.38.1) Subpackages: libjavascriptcoregtk-5_0-0 libwebkit2gtk-5_0-0 webkit2gtk-5_0-injected-bundles - Update to version 2.38.1: + Make xdg-dbus-proxy work if host session bus address is an abstract socket. + Use a single xdg-dbus-proxy process when sandbox is enabled. + Fix high resolution video playback due to unimplemented changeType operation. + Ensure GSubprocess uses posix_spawn() again and inherit file descriptors. + Fix player stucking in buffering (paused) state for progressive streaming. + Do not try to preconnect on link click when link preconnect setting is disabled. + Fix close status code returned when the client closes a WebSocket in some cases. + Fix media player duration calculation. + Fix several crashes and rendering issues. ==== xcb-util-cursor ==== Version update (0.1.3 -> 0.1.4) - Update to version 0.1.4 * Update README for gitlab migration * Add README.md to EXTRA_DIST * Use AC_CONFIG_FILES to replace the deprecated AC_OUTPUT with parameters * Update m4 to xorg/util/xcb-util-m4@c617eee22ae5c285e79e81 * gitlab CI: add a basic build test * configure: Drop AM_MAINTAINER_MODE * autogen.sh: Honor NOCONFIGURE=1 * autogen.sh: use quoted string variables * autogen: add default patch prefix * autogen.sh: use exec instead of waiting for configure to finish * documentation: Call xcb_free_cursor() when done * Fix out-of-source builds ==== xdg-desktop-portal-kde ==== Version update (5.26.1 -> 5.26.2) Subpackages: xdg-desktop-portal-kde-lang - Update to 5.26.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.26.2 - No code changes since 5.26.1 ==== xdg-user-dirs ==== Version update (0.17 -> 0.18) - update to 0.18: + Fixed minor leak + Updated translations + Documentation fixes ==== xmlsec1 ==== Version update (1.2.34 -> 1.2.36) Subpackages: libxmlsec1-1 libxmlsec1-openssl1 - Update to 1.2.36: * Retired the XMLSec mailing list "xmlsec@aleksey.com" and the XMLSec Online Signature Verifier. - Update to 1.2.35: * Migration to OpenSSL 3.0 API (based on PR by @snargit). Note that OpenSSL engines are disabled by default when XMLSec library is compiled against OpenSSL 3.0. To re-enable OpenSSL engines, use "--enable-openssl3-engines" configure flag (there will be a lot of deprecation warnings). * The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of XMLSec Library. * Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled "-Werror" and "-pedantic" flags on CI builds. * Added configure flag to use size_t for xmlSecSize (currently disabled by default for backward compatibility). * Moved all CI builds to GitHub actions. ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - Release 21.1 supersedes the following patches still used with xorg-x11-server 1.20.3 on sle15-sp4/Leap 15.4: * U_0002-DRI2-Add-another-Coffeelake-PCI-ID.patch * U_0002-Fix-crash-on-XkbSetMap.patch * U_0003-Fix-crash-on-XkbSetMap.patch * U_0003-dri2-Sync-i965_pci_ids.h-from-mesa.patch * U_0004-dri2-Set-fallback-driver-names-for-Intel-and-AMD-chi.patch * U_0005-dri2-Sync-i965_pci_ids.h-from-mesa-iris_pci_ids.h.patch * U_build-glx-Lower-gl-version-to-work-with-libglvnd.patch * U_glamor-Make-pixmap-exportable-from-gbm_bo_from_pixma.patch * U_hw_do-not-include-sys-io-with-glibc.patch * U_meson-Fix-another-reference-to-gl-9.2.0.patch * U_modesetting-Fix-broken-manpage-in-autoconf-build.patch * U_present-wnmd-Fix-use-after-free-on-CRTC-removal.patch * U_present-wnmd-Relax-assertion-on-CRTC-on-abort_vblank.patch * U_xfree86-Change-displays-array-to-pointers-array-to-f.patch * U_xfree86-Fix-NULL-pointer-dereference-crash.patch * U_xkbsetdeviceinfo.patch * u_sync-pci-ids-with-Mesa-21.2.4.patch * u_xf86-Accept-devices-with-the-simpledrm-driver.patch * u_xichangehierarchy-CVE-2020-14346.patch * u_xkb-CVE-2020-14345.patch * u_xkb-CVE-2020-14360.patch - removed N_Disable-HW-Cursor-for-cirrus-and-mgag200-kernel-modules.patch * meanwhile cirrus and mgag200 Kernel drivers have been rewritten multiple times and no longer have (broken) hardware cursor - u_xf86-Accept-devices-with-the-kernels-ofdrm-driver.patch * Add workaround to support ofdrm ==== xsetroot ==== Version update (1.1.2 -> 1.1.3) - Update to version 1.1.3 * Update README for gitlab migration * Update configure.ac bug URL for gitlab migration * gitlab CI: add a basic build test * Variable scope reductions as recommended by cppcheck * Handle -Wsign-compare warnings * gitlab CI: stop requiring Signed-off-by in commits ==== xterm ==== Version update (373 -> 375) Subpackages: xterm-bin xterm-resize - update to 375: * improve error-recovery when setting a bitmap font for the VT100 window, e.g., in case OSC 50 failed, restoring the most recent valid font so that a subsequent OSC 50 reports this correctly * exclude MC_XDG_OPEN from environment variables trimmed on startup * check for null pointer in isSelect() - includes changes from 374: * change default for sixelScrolling resource to better match VT330/VT340 DECSDM setting * fix some gcc and coverity warnings. * improve memory usage for OSC 52 * fix regression in xterm-373 change adding resources xftTrackMemUsage to xftMaxGlyphMemory, which did not first cache the server's resource-settings * fix regression in xterm-373 change for status-line vs alternate screen * modify configure checks for egrep/fgrep aliases to work around warning messages from GNU grep 3.8 boo#1203092 ==== xwayland ==== Version update (22.1.3 -> 22.1.5) - Update to version 22.1.5 * This is a follow-up release to address a couple of regressions which found their way into the recent xwayland-22.1.4 release, namely: + Double scroll wheel events with some Wayland compositors https://gitlab.freedesktop.org/xorg/xserver/-/issues/1392 + Key keeps repeating when a window is closed while a key is pressed https://gitlab.freedesktop.org/xorg/xserver/-/issues/1395 - supersedes U_Do-not-ignore-leave-events.patch - U_Do-not-ignore-leave-events.patch * fixes xwayland issue#1397, issue#1395 - Update to version 22.1.4 * xwayland: Aggregate scroll axis events to fix kinetic scrolling * Forbid server grabs by non-WM on *rootless* XWayland * xkb: Avoid length-check failure on empty strings. * ci: remove redundant slash in libxcvt repository url * dix: Skip more code in SetRootClip for ROOT_CLIP_INPUT_ONLY * dix: Fix overzealous caching of ResourceClientBits() * xwayland: Prevent Xserver grabs with rootless * xwayland: Delay wl_surface destruction * build: Bump wayland requirement to 1.18 * xwayland: set tag on our surfaces * xwayland: Clear the "xwl-window" tag on unrealize * xwayland: correct the type for the discrete scroll events * xkb: fix some possible memleaks in XkbGetKbdByName * xkb: length-check XkbGetKbdByName before accessing the fields * xkb: length-check XkbListComponents before accessing the fields * xkb: proof GetCountedString against request length attacks - supersedes security patches: * U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch * U_xkb-proof-GetCountedString-against-request-length-at.patch ==== yast2 ==== Version update (4.5.17 -> 4.5.18) Subpackages: yast2-logs - Improve logging in the ProductControl module, use the new "log.group" call to group logs for each workflow step (bsc#1204625) - 4.5.18 ==== yast2-add-on ==== Version update (4.5.1 -> 4.5.2) - support 'repo' scheme for add-ons (jsc#SLE-22578, jsc#SLE-24584) - 4.5.2 ==== yast2-packager ==== Version update (4.5.5 -> 4.5.6) - support 'repo' scheme for add-ons (jsc#SLE-22578, jsc#SLE-24584) - 4.5.6 ==== yast2-ruby-bindings ==== Version update (4.5.3 -> 4.5.4) - Added "log.group" method for grouping the log messages (bsc#1204625) - Update Rakefile to allow installing the Ruby files in inst-sys using the "yupdate" command - 4.5.4 ==== zchunk ==== Version update (1.2.2 -> 1.2.3) - update to 1.2.3: * Remove meson deprecation warning * Add license scan report and status * test/zck_cmp_uncomp: fix printf format types * meson: add option to build without docs * zck: declare write_data as static