Packages changed: AppStream Mesa Mesa-drivers PackageKit branding-openSUSE (84.87.20210910 -> 84.87.20230227) ffmpeg-5 flac git (2.39.2 -> 2.40.0) grub2 iso-codes (4.12.0 -> 4.13.0) kbd (2.4.0 -> 2.5.1) kernel-firmware (20230210 -> 20230313) keylime (6.6.0 -> 6.7.0) lame libcamera libjpeg-turbo libstorage-ng (4.5.83 -> 4.5.85) libvorbis microos-tools (2.18 -> 2.19) mozilla-nss (3.87 -> 3.88.1) mozjs102 (102.8.0 -> 102.9.0) mutter ncurses (6.4.20230225 -> 6.4.20230311) nftables (1.0.6 -> 1.0.7) openexr (3.1.5 -> 3.1.6) osinfo-db (20221130 -> 20230308) pam-config (1.8 -> 1.9) pam_kwallet python-cryptography (39.0.1 -> 39.0.2) python310 python310-core sqlite3 vim xz yast2-add-on (4.6.0 -> 4.6.1) yast2-installation (4.6.0 -> 4.6.1) yast2-storage-ng (4.6.0 -> 4.6.1) zvbi (0.2.39 -> 0.2.41) === Details === ==== AppStream ==== Subpackages: libAppStreamQt2 libappstream4 - Add upstream fix for new glib-2.76: * bfa8fa6ac4ef645368a93384a6c16ac551a40922.patch ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - U_glx-Remove-pointless-GLX_INTEL_swap_event-paranoia.patch * reverse apply this patch to fix a regression caused by this commit, which resulted in gnome-shell constantly crashing, which is making a GNOME/X11 session impossible (boo#1209005) ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva - U_glx-Remove-pointless-GLX_INTEL_swap_event-paranoia.patch * reverse apply this patch to fix a regression caused by this commit, which resulted in gnome-shell constantly crashing, which is making a GNOME/X11 session impossible (boo#1209005) ==== PackageKit ==== Subpackages: PackageKit-backend-dnf PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0 - Add PackageKit-fix-pkcon-permission.patch: trivial: Drop unnecessary x permission (gh#PackageKit/PackageKit/commit/47b7f97bc, bsc#1209138) ==== branding-openSUSE ==== Version update (84.87.20210910 -> 84.87.20230227) Subpackages: grub2-branding-openSUSE plymouth-branding-openSUSE wallpaper-branding-openSUSE yast2-qt-branding-openSUSE - Make title QToolButton backgrounds transparent - Drop optipng requirement ==== ffmpeg-5 ==== Subpackages: libavcodec59 libavfilter8 libavformat59 libavutil57 libpostproc56 libswscale6 - Add soname.diff to get libswresample4 nonconflicting with ffmpeg-6. - Actually enable libjxl backend ==== flac ==== - Build AVX2 enabled hwcaps library for x86_64-v3 ==== git ==== Version update (2.39.2 -> 2.40.0) - git 2.40.0: * backward incompatible change: The format.attach configuration variable lacked a way to override a value defined in a lower-priority configuration file (e.g. the system one) by redefining it in a higher-priority configuration file. Now, setting format.attach to an empty string means show the patch inline in the e-mail message, without using MIME attachment. * multiple commands and workflows gained additional options, compatible functionality, or more helpful output * "grep -P" learned to use Unicode Character Property to grok character classes when processing \b and \w etc. * under-the-hood improvements and bug fixes - The scripted "git add -p/-i" implementation was removed upstream. The openSUSE package already preferred the C implementation. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Discard cached key from grub shell and editor mode * 0001-clean-up-crypttab-and-linux-modules-dependency.patch * 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch ==== iso-codes ==== Version update (4.12.0 -> 4.13.0) Subpackages: iso-codes-lang - update to version 4.13.0: + ISO 3166-1: Add missing common names for Laos, Iran, and Syria. + ISO 3166-3: Fix withdrawal dates of AN, CS and YU. + Updated translations. ==== kbd ==== Version update (2.4.0 -> 2.5.1) Subpackages: kbd-legacy - Update to version 2.5.1 - Add Irish keyboard map - Add PinePhone keyboard keymap - Added braces to IT keyboard map - Add Euro at Portuguese keyboards - Fix incorrect acentuation pt-latin9 - fa.map: drop high codepoint character that chokes loadkeys - data/keymaps/i386/neo: use Delete instead of Backspace - Fix documentation for a few program options - Fix some memory leaks - Update translations - autogen.sh missing from release tarball, copy from git - Remove upstreamed patches - 0001-libkfont-Initialize-kfont_context-options.patch - kbd-1.15.2-dumpkeys-C-opt.patch - kbd-2.0.2-comment-typo-qwerty.patch ==== kernel-firmware ==== Version update (20230210 -> 20230313) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20230313 (git commit 5bc279fb161d): * iwlwifi: update core69 and core72 firmwares for So device * qat: update licence text * rtl_bt: Update RTL8822C BT USB firmware to 0x0CC6_D2E3 * rtl_bt: Update RTL8822C BT UART firmware to 0x05C6_D2E3 * WHENCE: remove duplicate File entries * WHENCE: remove trailing white space * linux-firmware: add fw for qat_4xxx (jsc#PED-3699) * Fix symlinks for Intel firmware * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * linux-firmware: update firmware for MT7921 WiFi device * iwlwifi: update core69 and core72 firmwares for Ty device * rtlwifi: Add firmware v16.0 for RTL8710BU aka RTL8188GU * brcm: Add nvram for the Lenovo Yoga Book X90F / X90L convertible * brcm: Fix Xiaomi Inc Mipad2 nvram/.txt file macaddr * brcm: Add nvram for the Advantech MICA-071 tablet * rtl_bt: Update RTL8852C BT USB firmware to 0xD7B8_FABF * rtl_bt: Add firmware and config files for RTL8821CS * rtw89: 8852b: update fw to v0.29.29.0 * rtw89: 8852b: update fw to v0.29.26.0 * liquidio: remove lio_23xx_vsw.bin * intel: avs: Add AudioDSP base firmware for CNL-based platforms * intel: avs: Add AudioDSP base firmware for APL-based platforms * intel: avs: Add AudioDSP base firmware for SKL-based platforms * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 * ath11k: WCN6855 hw2.0: update board-2.bin * ath11k: WCN6750 hw1.0: update board-2.bin * ath11k: IPQ5018 hw1.0: add to WLAN.HK.2.6.0.1-00861-QCAHKSWPL_SILICONZ-1 * ath11k: IPQ5018 hw1.0: add board-2.bin * ath10k: QCA6174 hw3.0: update firmware-sdio-6.bin to version WLAN.RMH.4.4.1-00174 * ath10k: WCN3990 hw1.0: update board-2.bin * cnm: update chips&media wave521c firmware. * amdgpu: Update GC 11.0.1 firmware * intel: catpt: Add AudioDSP base firmware for BDW platforms - Update topics for catpt/avs - Update aliases - Update spec template ==== keylime ==== Version update (6.6.0 -> 6.7.0) Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python310-keylime - Update to version v6.7.0: * codestyle: Define RuntimePolicyType and use it * ima: Move type defitions from ima_dm.py to types.py * docs: fix docs * End of term for @mpeters + propose @maugustosilva * verifier: Activate every m-th agent starting at the n-th agent on a worker * verifier: Read list of agents early on * create_policy: read the hashes from filelists-ext * tests: remove restful test and simplify test scripts * tests: config move agent config example to verifier * Update source code mapping in codecov.yml * ima: do not validate against the allowlist if signature was already validated * Disable e2e on Rawhide due to RHBZ#2171376 * roadmap: update for 2023 * readme: remove installation instructions, update outdated information * db: switch to pessimistic disconnect handling * Add timestamp of last successful attestation to verifier API * tpm: improve logging for tpm and measured boot policy * da: fixes for breakages on durable Attestation * codestyle: Fully annotate cloud_verifier_tornado and add to mypy * create_policy: clarify IMA on links * create_policy: be explicit on opening binary files * create_policy: use public variants for RPM flags * create_policy: remote repository IMA extraction * create_policy: local RPM repository IMA extraction * create_policy: remove the experimental status * create_policy: print into stderr * signing: small refactor on the code * Add missing e2e tests and reordering tests based on alphabetical order * verifier,tenant : fix IMA runtime policy bug (issue #1306) * e2e tests: Fix test name (#1307) * verifier: fixing type issues (#1272) * config: improve support for (log-based) debugging * Fix stray references to "IMA policies" in conversion script * tests: only keep test specific packages in test-requirements.txt * codestyle: Have pyright ignore assignments of values to DB columns * codestyle: Call type conversion functions on agent's DB columns * codestyle: Fully annotate cloud_verifier_common.py and add to mypy * codestyle: Have pyright ignore the parameter passed to the update() function * codestyle: Have pyright ignore fields used to select columns to load * codestyle: Add an assert to the returned update_agent to avoid pyright errors * codesyle: Fix annotations of notify functions in revocation_notifier.py ==== lame ==== - Build AVX2 enabled hwcaps library for x86_64-v3 ==== libcamera ==== Subpackages: libcamera-base0_0_4 libcamera0_0_4 - Disable warning in silent-Werror_dangling-reference.patch based compiler version. - Add silent-Werror_dangling-reference.patch that addressed a false-positive warning in GCC: https://bugs.libcamera.org/show_bug.cgi?id=185. ==== libjpeg-turbo ==== - Build AVX2 enabled hwcaps library for x86_64-v3 ==== libstorage-ng ==== Version update (4.5.83 -> 4.5.85) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#918 - allow trailing space when parsing btrfs version (bsc#1209252) - 4.5.85 - merge gh#openSUSE/libstorage-ng#917 - extended error logging - 4.5.84 ==== libvorbis ==== Subpackages: libvorbis0 libvorbisenc2 libvorbisfile3 - Build AVX2 enabled hwcaps library for x86_64-v3 - Small spec file cleanup ==== microos-tools ==== Version update (2.18 -> 2.19) - Update URL - Update to version 2.19: - configure.ac: Run autoupdate to fix some deprecation warnings - Clean up selinux-autorelabel-generator and make it compatible with systemd 253 ==== mozilla-nss ==== Version update (3.87 -> 3.88.1) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs - update to NSS 3.88.1 * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types - update to NSS 3.88 * bmo#1815870 - use a different treeherder symbol for each docker image build task * bmo#1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker images * bmo#1810702 - remove nested table in rst doc * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag. * bmo#1812671 - build failure while implicitly casting SECStatus to PRUInt32 * bmo#1212915 - Add check for ClientHello SID max length * bmo#1771100 - Added EarlyData ALPN test support to BoGo shim * bmo#1790357 - ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * bmo#1714245 - On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * bmo#1789410 - ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * bmo#1771100 - Added Bogo ECH rejection test support * bmo#1771100 - Added ECH 0Rtt support to BoGo shim * bmo#1747957 - RSA OAEP Wycheproof JSON * bmo#1747957 - RSA decrypt Wycheproof JSON * bmo#1747957 - ECDSA Wycheproof JSON * bmo#1747957 - ECDH Wycheproof JSON * bmo#1747957 - PKCS#1v1.5 wycheproof json * bmo#1747957 - Use X25519 wycheproof json * bmo#1766767 - Move scripts to python3 * bmo#1809627 - Properly link FuzzingEngine for oss-fuzz. * bmo#1805907 - Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * bmo#1804091 - NSS needs to move off of DSA for integrity checks * bmo#1805815 - Add initial testing with ACVP vector sets using acvp-rust * bmo#1806369 - Don't clone libFuzzer, rely on clang instead ==== mozjs102 ==== Version update (102.8.0 -> 102.9.0) - Update to version 102.9.0: + Various security fixes. + CVE-2023-25751: Incorrect code generation during JIT compilation. + CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation. + CVE-2023-28162: Invalid downcast in Worklets. + CVE-2023-25752: Potential out-of-bounds when accessing throttled streams. + CVE-2023-28163: Windows Save As dialog resolved environment variables. + CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9. ==== mutter ==== - Add mutter-prevent-newly-focused-windows-to-steal-focus-from-shell.patch: Revert wrong commit and try a third approach to fix focus (bsc#1208494). ==== ncurses ==== Version update (6.4.20230225 -> 6.4.20230311) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20230311 + improve manpage description for addch versus unctrl format used for non-printable characters. + modify version-check for gcc/g++, now works for msys2. + modify check in _nc_write_entry() for multiply defined aliases to report problems within the current runtime of tic rather than for conflicts with pre-existing terminal descriptions. + allow for MinGW32-/64-bit configurations to use _DEFAULT_SOURCE + clarify interaction of -R option versus -C, -I and -r in infocmp manpage. + build-fix in lib_win32con.c (cf: 20230211). ==== nftables ==== Version update (1.0.6 -> 1.0.7) Subpackages: libnftables1 python3-nftables - Update to release 1.0.7 * Support for vxlan/geneve/gre/gretap matching * auto-merge support for partial set element deletion * Allow for NAT mapping with concatenation and ranges * Support for quota in sets ==== openexr ==== Version update (3.1.5 -> 3.1.6) Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30 - update to 3.1.6: * NEON optimizations for ZIP reading * Enable fast Huffman & Huffman zig-zag transform for Arm Neon * Support relative and absolute libdir/includedir in pkg-config generation * Fix for reading memory mapped files with DWA compression * Enable SSE4 support on Windows * Fast huf decoder - Drop gcc13-fix.patch ==== osinfo-db ==== Version update (20221130 -> 20230308) - Update to database version 20230308 osinfo-db-20230308.tar.xz ==== pam-config ==== Version update (1.8 -> 1.9) - Update to version 1.9 - Add support for pam_lastlog2 ==== pam_kwallet ==== Subpackages: pam_kwallet-common - Add patches for handling edge cases and hardening: * 0001-Verify-that-XDG_RUNTIME_DIR-is-usable.patch * 0002-Don-t-do-anything-if-the-password-is-empty.patch * 0003-Exit-early-if-the-target-user-is-root.patch * 0004-Don-t-call-pam_sm_open_session-within-pam_sm_authent.patch ==== python-cryptography ==== Version update (39.0.1 -> 39.0.2) - update to 39.0.2: * Fixed a bug where the content type header was not properly encoded for PKCS7 signatures when using the ``Text`` option and ``SMIME`` encoding. ==== python310 ==== Subpackages: python310-curses python310-dbm - Add invalid-json.patch fixing invalid JSON in Doc/howto/logging-cookbook.rst (somehow similar to gh#python/cpython#102582). ==== python310-core ==== Subpackages: libpython3_10-1_0 python310-base - Add invalid-json.patch fixing invalid JSON in Doc/howto/logging-cookbook.rst (somehow similar to gh#python/cpython#102582). ==== sqlite3 ==== Subpackages: libsqlite3-0 sqlite3-tcl - Build AVX2 enabled hwcaps library for x86_64-v3 ==== vim ==== Subpackages: vim-data vim-data-common vim-small - Update spec.skeleton to use autosetup in place of setup macro. ==== xz ==== Subpackages: liblzma5 - Build AVX2 enabled hwcaps library for x86_64-v3 ==== yast2-add-on ==== Version update (4.6.0 -> 4.6.1) - Removed unnecessary executable flag from file add-on-workflow.rb (bsc#1209094) - 4.6.1 ==== yast2-installation ==== Version update (4.6.0 -> 4.6.1) - Removed unnecessary executable flag from file security_proposal.rb (bsc#1209094) - 4.6.1 ==== yast2-storage-ng ==== Version update (4.6.0 -> 4.6.1) - Removed unnecessary executable flags from files (bsc#1209094) - 4.6.1 ==== zvbi ==== Version update (0.2.39 -> 0.2.41) - update to 0.2.41: * src/libzvbi.h: In libzvbi.h, remove #include version.h and replace with version number macros * po/*.po: Update Project-Id-Version.