Packages changed: AppStream (0.16.0 -> 0.16.1) Mesa (22.3.5 -> 23.0.0) Mesa-drivers (22.3.5 -> 23.0.0) apparmor (3.1.2 -> 3.1.3) brotli curl (7.87.0 -> 7.88.1) enchant flatpak (1.14.2 -> 1.14.3) gd kernel-source (6.1.12 -> 6.2.0) kexec-tools libapparmor (3.1.2 -> 3.1.3) libcbor (0.10.1 -> 0.10.2) libcontainers-common libdnf (0.69.0 -> 0.70.0) libheif (1.14.2 -> 1.15.1) liburing openblas_pthreads openexr patterns-base patterns-fonts pinentry pinentry-gui python-apipkg python-pexpect python-pycurl qemu strace (6.1 -> 6.2) sudo (1.9.13p1 -> 1.9.13p2) vim (9.0.1307 -> 9.0.1357) xorg-x11-fonts xorg-x11-fonts-converted === Details === ==== AppStream ==== Version update (0.16.0 -> 0.16.1) Subpackages: libAppStreamQt2 libappstream4 - Update to version 0.16.1: Specification: * docs: Clarify the locations where catalog icons should be placed * spec: Expand documentation for elements * spec: Mention that is not part of the description * spec: Give some guidance about tone in release descriptions Bugfixes: * Fix binding helper macro to behave correctly if a function is passed directly * Override-merge icons and provided items correctly * tests: Ensure locale is C.UTF-8 in pool tests Miscellaneous: * release: Add sanity checks at beginning of each function - Add ldconfig_scriptlets for libappstream-compose ==== Mesa ==== Version update (22.3.5 -> 23.0.0) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Add patch to fix GLX with indirect rendering: * n_Revert-glx-Only-compute-client-GL-extensions-for-ind.patch - Update to version 23.0.0 * first stable release of 2023 - refreshed patches * n_drirc-disable-rgb10-for-chromium-on-amd.patch * n_stop-iris-flicker.patch * u_dep_xcb.patch * u_fix-build-on-ppc64le.patch - adjusted n_no-sse2-on-ix86-except-for-intel-drivers.patch - meson: added -Dxmlconfig=enabled to fix link errors (missing "-lexpat") ==== Mesa-drivers ==== Version update (22.3.5 -> 23.0.0) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Add patch to fix GLX with indirect rendering: * n_Revert-glx-Only-compute-client-GL-extensions-for-ind.patch - Update to version 23.0.0 * first stable release of 2023 - refreshed patches * n_drirc-disable-rgb10-for-chromium-on-amd.patch * n_stop-iris-flicker.patch * u_dep_xcb.patch * u_fix-build-on-ppc64le.patch - adjusted n_no-sse2-on-ix86-except-for-intel-drivers.patch - meson: added -Dxmlconfig=enabled to fix link errors (missing "-lexpat") ==== apparmor ==== Version update (3.1.2 -> 3.1.3) Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - update to AppArmor 3.1.3 - add support for more audit.log formats in libapparmor - add abstractions/groff (boo#1065388) - various additions in abstractions and profiles - several bug fixes in parser and utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.3 for the detailed upstream changelog - drop upstreamed patches: - abstractions-openssl-1_1.diff - dnsmasq-cpu-possible.diff - nscd-systemd-userdb.diff ==== brotli ==== Subpackages: libbrotlicommon1 libbrotlidec1 libbrotlienc1 - add 32bit devel package for Wine development. ==== curl ==== Version update (7.87.0 -> 7.88.1) Subpackages: libcurl4 - Update to 7.88.1: * Bugfix release - Drop upstreamed patch: * curl-fix-uninitialized-value-in-tests.patch - Update to 7.88.0: [bsc#1207990, CVE-2023-23914] [bsc#1207991, CVE-2023-23915] [bsc#1207992, CVE-2023-23916] * Security fixes: - CVE-2023-23914: HSTS ignored on multiple requests - CVE-2023-23915: HSTS amnesia with --parallel - CVE-2023-23916: HTTP multi-header compression denial of service * Changes: - curl.h: add CURL_HTTP_VERSION_3ONLY - share: add sharing of HSTS cache among handles - src: add --http3-only - tool_operate: share HSTS between handles - urlapi: add CURLU_PUNYCODE - writeout: add %{certs} and %{num_certs} * Bugfixes: - cf-socket: keep sockaddr local in the socket filters - cfilters:Curl_conn_get_select_socks: use the first non-connected filter - curl.h: allow up to 10M buffer size - curl.h: mark CURLSSLBACKEND_MESALINK as deprecated - curl/websockets.h: extend the websocket frame struct - curl: output warning at --verbose output for debug-enabled version - curl_free.3: fix return type of `curl_free` - curl_log: for failf/infof and debug logging implementations - dict: URL decode the entire path always - docs/DEPRECATE.md: deprecate gskit - easyoptions: fix header printing in generation script - haxproxy: send before TLS handhshake - hsts.d: explain hsts more - hsts: handle adding the same host name again - HTTP/[23]: continue upload when state.drain is set - http: decode transfer encoding first - http_aws_sigv4: remove typecasts from HMAC_SHA256 macro - http_proxy: do not assign data->req.p.http use local copy - lib: connect/h2/h3 refactor - libssh2: try sha2 algos for hostkey methods - md4: fix build with GnuTLS + OpenSSL v1 - ngtcp2: replace removed define and stop using removed function - noproxy: support for space-separated names is deprecated - nss: implement data_pending method - openldap: fix missing sasl symbols at build in specific configs - openssl: adapt to boringssl's error code type - openssl: don't ignore CA paths when using Windows CA store (redux) - openssl: don't log raw record headers - openssl: make the BIO_METHOD a local variable in the connection filter - openssl: only use CA_BLOB if verifying peer - openssl: remove attached easy handles from SSL instances - openssl: store the CA after first send (ClientHello) - setopt: use >, not >=, when checking if uarg is larger than uint-max - smb: return error on upload without size - socketpair: allow localhost MITM sniffers - strdup: name it Curl_strdup - tool_getparam: fix hiding of command line secrets - tool_operate: fix error codes on bad URL & OOM - tool_operate: repair --rate - transfer: break the read loop when RECV is cleared - typecheck: accept expressions for option/info parameters - urlapi: avoid Curl_dyn_addf() for hex outputs - urlapi: skip path checks if path is just "/" - urlapi: skip the extra dedotdot alloc if no dot in path - urldata: cease storing TLS auth type - urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP - urldata: make set.http200aliases conditional on HTTP being present - urldata: move the cookefilelist to the 'set' struct - urldata: remove unused struct fields, made more conditional - vquic: stabilization and improvements - vtls: fix hostname handling in filters - vtls: manage current easy handle in nested cfilter calls - vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used * Rebase libcurl-ocloexec.patch * Fix regression tests: f1d09231adfc695d15995b9ef2c8c6e568c28091 - runtests: fix "uninitialized value $port" - Add curl-fix-uninitialized-value-in-tests.patch ==== enchant ==== Subpackages: enchant-2-backend-hunspell enchant-data libenchant-2-2 - Use %bcond_without aspell, ref ALP push for as few mandatory dependencies as possible/ability to turn off dependencies. ==== flatpak ==== Version update (1.14.2 -> 1.14.3) Subpackages: flatpak-remote-flathub libflatpak0 system-user-flatpak - Update to version 1.14.3: + When splitting an upgrade into two steps (download without installing, and then upgrade without allowing further downloads) like GNOME Software does, if an app is marked EOL and superseded by a replacement, don't remove the superseded app in the first step, which would result in the replacement incorrectly not being installed. + Fix a crash when --socket=gpg-agent is used. + Fix a crash when listing apps if one of them is broken or misconfigured. + If an app has invalid syntax in its overrides or metadata, mention the filename in the error message. + Unset $GDK_BACKEND for apps, ensuring GTK apps with - -socket=fallback-x11 can work. + Never try to export a parent of reserved directories as a - -filesystem, for example /run, which would prevent the app from starting. + Never try to export a --filesystem below /run/flatpak or /run/host, which could similarly prevent the app from starting. + The above change also fixes apps not starting if a --filesystem is a symlink to the root directory. + Show a warning when the --filesystem exists but cannot be shared with the sandbox. - Drop flatpak-fix-gpg-agent-double-free.patch: Fixed upstream. ==== gd ==== - add %bcond for avif - fix dejavu fonts package name in BR ==== kernel-source ==== Version update (6.1.12 -> 6.2.0) - Update to 6.2 final - refresh configs - commit 28fe266 - Update config files. Disable CONFIG_BLK_CGROUP_IOPRIO. io.prio.class is a misdesigned mechanism that doesn't fit well with the cgroup (especially v2): - it's not properly hierarchical - cgroup-wise: parent cgroup has no contol over child cgroup - task-wise: priority impact outside of a cgroup (i.e. affects cousins competition) - it's not device dependent (device oblivious) Disable it in openSUSE Tumbleweed (and future products) so that we don't teach users to use it and force ourselves to support it. - commit 35713cd ==== kexec-tools ==== - kexec-bootloader: Add -a argument to load using kexec_load_file() when available (boo#1202820). ==== libapparmor ==== Version update (3.1.2 -> 3.1.3) - update to AppArmor 3.1.3 - add support for more audit.log formats in libapparmor - add abstractions/groff (boo#1065388) - various additions in abstractions and profiles - several bug fixes in parser and utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.3 for the detailed upstream changelog - drop upstreamed patches: - abstractions-openssl-1_1.diff - dnsmasq-cpu-possible.diff - nscd-systemd-userdb.diff ==== libcbor ==== Version update (0.10.1 -> 0.10.2) - Update to 0.10.2: * Fixed minor test bug causing failures for x86 Linux * Made tests platform-independent ==== libcontainers-common ==== - Add registry.suse.com to the unqualified-search-registries ==== libdnf ==== Version update (0.69.0 -> 0.70.0) Subpackages: libdnf-repo-config-zypp libdnf2 - libdnf 0.70.0: * Allow change of architecture for packages during security updates with noarch involved * "dnf_keyring_add_public_keys": reset localError to NULL after free * context: Get RPM db path from RPM * Fix memory leak of SolvUserdata ==== libheif ==== Version update (1.14.2 -> 1.15.1) Subpackages: gdk-pixbuf-loader-libheif libheif1 - update to 1.15.1 * fix compilation without plugins - update to 1.15.0 * codec plugin system now also works with Windows * heif_convert: manually choose which decoder should be used * support for CLLI (content light level box), MDCV (mastering display colour volume), PASP (pixel aspect) information * ICC profile support in gdk-pixbuf loader * various fixes - build with plugins enabled on Tumbleweed - remove upstreamed patches - 2ca02a128b2f76f7f293aa86a2ce1e04a8306c65.patch - b6812284a2d70f29a5121ec3dbe652da07fdbbb7.patch ==== liburing ==== - add 0001-Do-not-always-expect-multishot-recv-to-stop-posting-.patch fixes tests with kernel 6.2 ==== openblas_pthreads ==== - Recreate old library scheme for existing products: It turned out the new scheme on existing systems has been causing package breakages. - Do not generate baselibs.conf for HPC builds. - Add support for gcc11 & 12. - For SLE/Leap on x86_64 and s390x do not mix compiler versions as this will make the gfortran ABI version inconsistent. Instead use the stock compiler and set the list of kernels for x86_64 cores explicitly as Cooperlake requires compiler intrinsics which are not provided by gcc 7. - Require at least 7G of disk space for building. ==== openexr ==== Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30 - fltk not needed (openexr-3.1.5/ASWF/tsc-meetings/2021-01-14.md) ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-documentation patterns-base-enhanced_base patterns-base-minimal_base patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced - enhanced_base: + Drop systemd-sysvinit recommends: that package has been renamed to systemd-sysvcompat, but should not be needed on modern systems anymore. + Add systemd-coredump recommends: if already we see crashes, it'd be good if users can report usable bugs (boo#1208713). ==== patterns-fonts ==== Subpackages: patterns-fonts-fonts patterns-fonts-fonts_opt - Switch efont-unicode-bitmap-fonts with babelstone-han-fonts * The efonts have not been updated since 2004 * Babelstone Han fonts just got another update on Jan 1 2023 ==== pinentry ==== - add %bcond option to disable fltk backend ==== pinentry-gui ==== Subpackages: pinentry-gnome3 pinentry-qt5 - add %bcond option to disable fltk backend ==== python-apipkg ==== - Don't use fdupes -s, it hurts. ==== python-pexpect ==== - Clean up SPEC file ==== python-pycurl ==== - Disable http3 tests if it's not supported ==== qemu ==== - Fix build issue with Linux 6.2's headers (bsc#1208657) by dropping linux-user-add-more-compat-ioctl-definit.patch and adding Revert-linux-user-fix-compat-with-glibc-.patch - Patches meson-enforce-a-minimum-Linux-kernel-hea.patch and linux-user-drop-conditionals-for-obsolet.patch were added as downstream patches as they were part of a series, but they never made it upstream, so we don't want them here either * Patches dropped: linux-user-add-more-compat-ioctl-definit.patch linux-user-drop-conditionals-for-obsolet.patch meson-enforce-a-minimum-Linux-kernel-hea.patch * Patches added: Revert-linux-user-fix-compat-with-glibc-.patch - Fixes bsc#1197653, CVE-2022-1050 * Patches added: block-Handle-curl-7.55.0-7.85.0-version-.patch hw-pvrdma-Protect-against-buggy-or-malic.patch ==== strace ==== Version update (6.1 -> 6.2) - Update to strace 6.2 * Implemented collision resolution for overlapping ioctl commands from tty and snd subsystems. * Implemented decoding of IFLA_BRPORT_MAB and IFLA_DEVLINK_PORT netlink attributes. * Updated lists of ALG_*, BPF_*, IFLA_*, KEY_*, KVM_*, LANDLOCK_*, MEMBARRIER_*, NFT_*, NTF_*, and V4L2_* constants. * Updated lists of ioctl commands from Linux 6.2. ==== sudo ==== Version update (1.9.13p1 -> 1.9.13p2) Subpackages: sudo-plugin-python - Update to 1.9.13p2: Fixed the --enable-static-sudoers option, broken in sudo 1.9.13. GitHub issue #245. Fixed a potential double-free bug when matching a sudoers rule that contains a per-command chroot directive (CHROOT=dir). This bug was introduced in sudo 1.9.8. [bsc#1208595] ==== vim ==== Version update (9.0.1307 -> 9.0.1357) Subpackages: vim-data vim-data-common vim-small - Updated to version 9.0.1357, fixes the following problems * Setting 'formatoptions' with :let doesn't check for errors. * The code for setting options is too complicated. * Scrolling two lines with even line count and 'scrolloff' set. * 'splitkeep' test has failures. * Coverity warns for using a NULL pointer. * Cursor position wrong when splitting window in insert mode. * Some settings use the current codepage instead of 'encoding'. * :messages behavior depends on 'fileformat' of current buffer. * Escaping for completion of map command not properly tested. * Crash when using an unset object variable. * Code style test fails. * PRQL files are not recognized. * Checking the type of a null object causes a crash. * vimscript test fails where using {expr} syntax. * Crash when indexing "any" which is an object. * Build failure with +eval feature. * "gj" and "gk" do not move correctly over a closed fold. * 'colorcolumn' highlight wrong with virtual text above. * Relative line number not updated with virtual text above. * Cursor in wrong position below line with virtual text below ending in multi-byte character. * Error when using "none" for GUI color is confusing. * Completion of map includes simplified ones. * Handling new value of an option has a long "else if" chain. * Illegal memory access when using :ball in Visual mode. * Crash when using buffer-local user command in cmdline window. (Karl Yngve Lervåg) * When redo'ing twice may not get the script ID. * Using tt_member for the class leads to mistakes. * No test for bad use of spaces in help files. * Functions without arguments are not always declared properly. * Yuck files are not recognized. * :defcompile and :disassemble can't find class method. (Ernie Rael) * No test for :disassemble with class function. * Coverity warns for using NULL pointer. * Build error with mzscheme but without GUI. * Check for OSC escape sequence doesn't work. * Too many "else if" statements for handling options. * Starlark files are not recognized. * "gr CTRL-O" stays in Insert mode. (Pierre Ganty) * Un-grammar files are not recognized. * "gr" with a count fails. * CPON files are not recognized. * Dhall files are not recognized. * "ignore" files are outdated. * Too many "else if" statements to handle option values. * "gr CTRL-G" stays in virtual replace mode. (Pierre Ganty) * No error when declaring a class twice. (Ernie Rael) * Cannot cancel "gr" with Esc. * Using null_object results in an internal error. (Ernie Rael) ==== xorg-x11-fonts ==== Subpackages: xorg-x11-fonts-core xorg-x11-fonts-legacy - encodings-1.0.7 font-adobe-75dpi-1.0.4 font-adobe-utopia-100dpi-1.0.5 font-adobe-utopia-75dpi-1.0.5 font-adobe-utopia-type1-1.0.5 font-alias-1.0.5 font-arabic-misc-1.0.4 font-bh-100dpi-1.0.4 font-bh-75dpi-1.0.4 font-bh-lucidatypewriter-100dpi-1.0.4 font-bh-lucidatypewriter-75dpi-1.0.4 font-bh-ttf-1.0.4 font-bh-type1-1.0.4 font-bitstream-100dpi-1.0.4 font-bitstream-75dpi-1.0.4 font-bitstream-type1-1.0.4 font-cronyx-cyrillic-1.0.4 font-cursor-misc-1.0.4 font-daewoo-misc-1.0.4 font-dec-misc-1.0.4 font-ibm-type1-1.0.4 font-isas-misc-1.0.4 font-jis-misc-1.0.4 font-micro-misc-1.0.4 font-misc-cyrillic-1.0.4 font-misc-ethiopic-1.0.5 font-misc-meltho-1.0.4 font-misc-misc-1.1.3 font-mutt-misc-1.0.4 font-schumacher-misc-1.1.3 font-screen-cyrillic-1.0.5 font-sony-misc-1.0.4 font-sun-misc-1.0.4 font-winitzki-cyrillic-1.0.4 font-xfree86-type1-1.0.5 * These releases bundle up the last twelve years worth of build system improvements, including making the configure script more efficient and using the -n flag to gzip to improve build reproducibility. - font-adobe-100dpi 1.0.4 * This release bundles up the last twelve years worth of build system improvements, including making the configure script more efficient and using the -n flag to gzip to improve build reproducibility. ==== xorg-x11-fonts-converted ==== - encodings-1.0.7 font-adobe-75dpi-1.0.4 font-adobe-utopia-100dpi-1.0.5 font-adobe-utopia-75dpi-1.0.5 font-adobe-utopia-type1-1.0.5 font-alias-1.0.5 font-arabic-misc-1.0.4 font-bh-100dpi-1.0.4 font-bh-75dpi-1.0.4 font-bh-lucidatypewriter-100dpi-1.0.4 font-bh-lucidatypewriter-75dpi-1.0.4 font-bh-ttf-1.0.4 font-bh-type1-1.0.4 font-bitstream-100dpi-1.0.4 font-bitstream-75dpi-1.0.4 font-bitstream-type1-1.0.4 font-cronyx-cyrillic-1.0.4 font-cursor-misc-1.0.4 font-daewoo-misc-1.0.4 font-dec-misc-1.0.4 font-ibm-type1-1.0.4 font-isas-misc-1.0.4 font-jis-misc-1.0.4 font-micro-misc-1.0.4 font-misc-cyrillic-1.0.4 font-misc-ethiopic-1.0.5 font-misc-meltho-1.0.4 font-misc-misc-1.1.3 font-mutt-misc-1.0.4 font-schumacher-misc-1.1.3 font-screen-cyrillic-1.0.5 font-sony-misc-1.0.4 font-sun-misc-1.0.4 font-winitzki-cyrillic-1.0.4 font-xfree86-type1-1.0.5 * These releases bundle up the last twelve years worth of build system improvements, including making the configure script more efficient and using the -n flag to gzip to improve build reproducibility. - font-adobe-100dpi 1.0.4 * This release bundles up the last twelve years worth of build system improvements, including making the configure script more efficient and using the -n flag to gzip to improve build reproducibility.