Packages changed: AppStream GraphicsMagick NetworkManager-applet aaa_base (84.87+git20230815.cab7b44 -> 84.87+git20231023.f347d36) apache2 (2.4.57 -> 2.4.58) apache2-manual (2.4.57 -> 2.4.58) apache2-mod_php8 (8.2.11 -> 8.2.12) apache2-prefork (2.4.57 -> 2.4.58) apache2-utils (2.4.57 -> 2.4.58) attica-qt5 (5.110.0 -> 5.111.0) avahi avahi-glib2 baloo5 (5.110.0 -> 5.111.0) bluedevil5 (5.27.8 -> 5.27.9) bluez-qt (5.110.0 -> 5.111.0) breeze (5.27.8 -> 5.27.9) breeze-gtk (5.27.8 -> 5.27.9) breeze5-icons (5.110.0 -> 5.111.0) ceph (16.2.13.66+g54799ee0666 -> 16.2.14.66+g7aa6ce9419f) chromaprint clamav (0.103.9 -> 0.103.11) discover (5.27.8 -> 5.27.9) dracut (059+suse.501.gc44a365d -> 059+suse.503.g41e99e72) drkonqi5 (5.27.8 -> 5.27.9) efivar emacs eog (45.0 -> 45.1) evolution (3.50.0 -> 3.50.1) evolution-data-server (3.50.0 -> 3.50.1) evolution-ews (3.50.0 -> 3.50.1) fde-tools (0.7.0 -> 0.7.1) fftw3 firewalld (2.0.0 -> 2.0.1) frameworkintegration (5.110.0 -> 5.111.0) freerdp (2.11.0 -> 2.11.2) git glib2 (2.78.0 -> 2.78.1) glibc gnome-control-center (45.0+34 -> 45.1) gnome-maps (45.0 -> 45.1) gnome-settings-daemon gnome-shell gnome-software (45.0 -> 45.1) gnome-sudoku (45.1 -> 45.2) gnome-terminal (3.50.0 -> 3.50.1) gnome-user-docs (45.0 -> 45.1) gnu-unifont-fonts (15.1.01 -> 15.1.03) gpg2 gpgme (1.22.0 -> 1.23.0) gpgmeqt (1.22.0 -> 1.23.0) grub2 gvfs (1.52.0 -> 1.52.1) gzip harfbuzz (8.2.1 -> 8.2.2) icewm iptables (1.8.9 -> 1.8.10) java-11-openjdk (11.0.20.1 -> 11.0.21.0) kaccounts-providers kactivities-stats (5.110.0 -> 5.111.0) kactivities5 (5.110.0 -> 5.111.0) kactivitymanagerd (5.27.8 -> 5.27.9) karchive (5.110.0 -> 5.111.0) kauth (5.110.0 -> 5.111.0) kbookmarks (5.110.0 -> 5.111.0) kcalendarcore (5.110.0 -> 5.111.0) kcm_flatpak (5.27.8 -> 5.27.9) kcm_sddm (5.27.8 -> 5.27.9) kcmutils (5.110.0 -> 5.111.0) kcodecs (5.110.0 -> 5.111.0) kcompletion (5.110.0 -> 5.111.0) kconfig (5.110.0 -> 5.111.0) kconfigwidgets (5.110.0 -> 5.111.0) kcontacts (5.110.0 -> 5.111.0) kcoreaddons (5.110.0 -> 5.111.0) kcrash (5.110.0 -> 5.111.0) kdav (5.110.0 -> 5.111.0) kdbusaddons (5.110.0 -> 5.111.0) kde-cli-tools5 (5.27.8 -> 5.27.9) kde-gtk-config5 (5.27.8 -> 5.27.9) kdeclarative (5.110.0 -> 5.111.0) kded (5.110.0 -> 5.111.0) kdelibs4support (5.110.0 -> 5.111.0) kdenetwork-filesharing kdesu (5.110.0 -> 5.111.0) kdnssd-framework (5.110.0 -> 5.111.0) kdoctools (5.110.0 -> 5.111.0) kdump (1.9.6 -> 1.9.7) kernel-firmware (20231006 -> 20231019) kernel-source (6.5.6 -> 6.5.9) kfilemetadata5 (5.110.0 -> 5.111.0) kgamma5 (5.27.8 -> 5.27.9) kglobalaccel (5.110.0 -> 5.111.0) kguiaddons (5.110.0 -> 5.111.0) kholidays (5.110.0 -> 5.111.0) khotkeys5 (5.27.8 -> 5.27.9) khtml (5.110.0 -> 5.111.0) ki18n (5.110.0 -> 5.111.0) kiconthemes (5.110.0 -> 5.111.0) kidletime (5.110.0 -> 5.111.0) kimageformats (5.110.0 -> 5.111.0) kinfocenter5 (5.27.8 -> 5.27.9) kinit (5.110.0 -> 5.111.0) kio (5.110.0 -> 5.111.0) kirigami2 (5.110.0 -> 5.111.0) kitemmodels (5.110.0 -> 5.111.0) kitemviews (5.110.0 -> 5.111.0) kjobwidgets (5.110.0 -> 5.111.0) kjs (5.110.0 -> 5.111.0) kmenuedit5 (5.27.8 -> 5.27.9) kmod (30 -> 31) knewstuff (5.110.0 -> 5.111.0) knotifications (5.110.0 -> 5.111.0) knotifyconfig (5.110.0 -> 5.111.0) kpackage (5.110.0 -> 5.111.0) kparts (5.110.0 -> 5.111.0) kpeople5 (5.110.0 -> 5.111.0) kpipewire (5.27.8 -> 5.27.9) kplotting (5.110.0 -> 5.111.0) kpty (5.110.0 -> 5.111.0) kquickcharts (5.110.0 -> 5.111.0) kross (5.110.0 -> 5.111.0) krunner (5.110.0 -> 5.111.0) kscreen5 (5.27.8 -> 5.27.9) kscreenlocker (5.27.8 -> 5.27.9) kservice (5.110.0 -> 5.111.0) ksshaskpass5 (5.27.8 -> 5.27.9) ktexteditor (5.110.0 -> 5.111.0) ktextwidgets (5.110.0 -> 5.111.0) kunitconversion (5.110.0 -> 5.111.0) kwallet (5.110.0 -> 5.111.0) kwayland (5.110.0 -> 5.111.0) kwayland-integration (5.27.8 -> 5.27.9) kwidgetsaddons (5.110.0 -> 5.111.0) kwin5 (5.27.8 -> 5.27.9) kwindowsystem (5.110.0 -> 5.111.0) kwrited5 (5.27.8 -> 5.27.9) kxmlgui (5.110.0 -> 5.111.0) lastlog2 layer-shell-qt (5.27.8 -> 5.27.9) libKF5ModemManagerQt (5.110.0 -> 5.111.0) libKF5NetworkManagerQt (5.110.0 -> 5.111.0) libdrm (2.4.116 -> 2.4.117) libgcrypt libgpg-error libheif (1.16.2 -> 1.17.1) libkdecoration2 (5.27.8 -> 5.27.9) libksba libkscreen2 (5.27.8 -> 5.27.9) libksysguard5 (5.27.8 -> 5.27.9) libmysofa (1.3.1 -> 1.3.2) libnma libnvme (1.6 -> 1.6+5.g68c6ffb) libp11 libphonenumber (8.13.15 -> 8.13.23) libplacebo (6.338.0 -> 6.338.1) libqt5-qtbase (5.15.11+kde134 -> 5.15.11+kde138) libshumate (1.1.0 -> 1.1.1) libsndfile (1.2.0 -> 1.2.2) libsoup (3.4.3 -> 3.4.4) libstorage-ng (4.5.143 -> 4.5.155) libvirt libxkbcommon (1.5.0 -> 1.6.0) libzypp (17.31.22 -> 17.31.23) llvm17 (17.0.2 -> 17.0.3) man (2.11.2 -> 2.12.0) milou5 (5.27.8 -> 5.27.9) mozilla-nss (3.93 -> 3.94) multipath-tools (0.9.6+71+suse.f07325e -> 0.9.6+115+suse.07776fb) nautilus (45.0 -> 45.1) net-snmp (5.9.3 -> 5.9.4) nftables (1.0.8 -> 1.0.9) nodejs20 oniguruma (6.9.8 -> 6.9.9) open-iscsi open-vm-tools openssh openssl-1_1 openssl-3 (3.1.3 -> 3.1.4) openssl (3.1.3 -> 3.1.4) oxygen5-sounds (5.27.8 -> 5.27.9) p11-kit (0.25.0 -> 0.25.1) pam_kwallet (5.27.8 -> 5.27.9) patterns-base patterns-fonts patterns-media perl-CryptX (0.078 -> 0.80.0) php8 (8.2.11 -> 8.2.12) pipewire (0.3.82 -> 0.3.83) plasma-browser-integration (5.27.8 -> 5.27.9) plasma-framework (5.110.0 -> 5.111.0) plasma-nm5 (5.27.8 -> 5.27.9) plasma5-addons (5.27.8 -> 5.27.9) plasma5-desktop (5.27.8 -> 5.27.9) plasma5-disks (5.27.8 -> 5.27.9) plasma5-integration (5.27.8 -> 5.27.9) plasma5-openSUSE plasma5-pa (5.27.8 -> 5.27.9) plasma5-systemmonitor (5.27.8 -> 5.27.9) plasma5-thunderbolt (5.27.8 -> 5.27.9) plasma5-workspace (5.27.8 -> 5.27.9) policycoreutils polkit-kde-agent-5 (5.27.8 -> 5.27.9) postgresql postgresql16 powerdevil5 (5.27.8 -> 5.27.9) prison-qt5 (5.110.0 -> 5.111.0) psmisc purpose (5.110.0 -> 5.111.0) python-M2Crypto (0.39.0 -> 0.40.0) python-argcomplete python-gssapi (1.8.2 -> 1.8.3) python-httpcore (0.17.3 -> 0.18.0) python-httpx (0.24.1 -> 0.25.0) python-pexpect python-psutil python-pycairo (1.24.0 -> 1.25.1) python-pytz (2023.3 -> 2023.3.post1) python-typing_extensions (4.7.1 -> 4.8.0) python-urllib3 (2.0.6 -> 2.0.7) qemu (8.1.0 -> 8.1.2) qqc2-desktop-style (5.110.0 -> 5.111.0) qt6-base redis (7.0.12 -> 7.2.2) rsyslog rubygem-agama (4 -> 5) samba (4.19.1+git.312.c912b3d2ef6 -> 4.19.2+git.322.7e9201cef5) sdbootutil (1+git20230817.2a3cd34 -> 1+git20231023.873adb9) sg3_utils (1.48+1.889c3e3 -> 1.48+3.b642f6a) shaderc (2023.6 -> 2023.7) solid (5.110.0 -> 5.111.0) sonnet (5.110.0 -> 5.111.0) sqlite3 (3.42.0 -> 3.43.2) suse-module-tools (16.0.36 -> 16.0.37) swtpm syndication (5.110.0 -> 5.111.0) syntax-highlighting (5.110.0 -> 5.111.0) systemd systemd-default-settings (0.7 -> 0.8) systemsettings5 (5.27.8 -> 5.27.9) threadweaver (5.110.0 -> 5.111.0) u-boot-rpiarm64 vim (9.0.1894 -> 9.0.2078) virglrenderer (0.9.1 -> 1.0.0) vlan vlc (3.0.18 -> 3.0.19) vorbis-tools vte (0.74.0 -> 0.74.1) webkit2gtk3 webkit2gtk3-soup2 wsdd wtmpdb (0.9.2 -> 0.9.3) xcb-util-cursor (0.1.4 -> 0.1.5) xdg-desktop-portal (1.18.0 -> 1.18.1) xdg-desktop-portal-gtk (1.14.1 -> 1.15.1) xdg-desktop-portal-kde (5.27.8 -> 5.27.9) xfce4-notifyd xfce4-session xfce4-terminal (1.1.0 -> 1.1.1) xorg-x11-server (21.1.8 -> 21.1.9) xwayland (23.2.1 -> 23.2.2) yast2 (4.6.2 -> 5.0.2) yast2-add-on (4.6.1 -> 5.0.0) yast2-alternatives (4.6.0 -> 5.0.0) yast2-apparmor (4.6.2 -> 5.0.0) yast2-auth-client (4.6.1 -> 5.0.0) yast2-auth-server (4.6.2 -> 5.0.0) yast2-configuration-management (4.6.0 -> 5.0.0) yast2-control-center (4.6.1 -> 5.0.0) yast2-core (4.6.0 -> 5.0.0) yast2-country (5.0.1 -> 5.0.2) yast2-drbd (4.6.1 -> 5.0.0) yast2-firewall (4.6.0 -> 5.0.0) yast2-firstboot (4.6.1 -> 5.0.0) yast2-ftp-server (4.6.0 -> 5.0.0) yast2-hardware-detection (4.6.0 -> 5.0.0) yast2-iscsi-client (4.6.0 -> 5.0.1) yast2-journal (4.6.0 -> 5.0.0) yast2-kdump (4.6.1 -> 5.0.0) yast2-ldap (4.6.0 -> 5.0.0) yast2-mail (4.6.0 -> 5.0.0) yast2-metapackage-handler (4.6.0 -> 5.0.0) yast2-multipath (4.6.0 -> 5.0.0) yast2-network (4.6.5 -> 5.0.0) yast2-nfs-client (4.6.1 -> 5.0.0) yast2-nfs-server (4.6.0 -> 5.0.0) yast2-ntp-client (4.6.0 -> 5.0.0) yast2-online-update (4.6.1 -> 5.0.0) yast2-packager (4.6.2 -> 5.0.1) yast2-pam (4.6.0 -> 5.0.0) yast2-perl-bindings (4.6.0 -> 5.0.0) yast2-pkg-bindings (4.6.2 -> 5.0.2) yast2-printer (4.6.0 -> 5.0.0) yast2-proxy (4.6.0 -> 5.0.0) yast2-ruby-bindings (4.6.2 -> 5.0.0) yast2-samba-client (4.6.1 -> 5.0.0) yast2-samba-server (4.6.0 -> 5.0.0) yast2-scanner (4.6.0 -> 5.0.0) yast2-security (4.6.0 -> 5.0.0) yast2-services-manager (4.6.1 -> 5.0.0) yast2-slp (4.6.0 -> 5.0.0) yast2-snapper (4.6.1 -> 5.0.0) yast2-squid (4.6.0 -> 5.0.0) yast2-storage-ng (5.0.1 -> 5.0.3) yast2-sudo (4.6.1 -> 5.0.0) yast2-sysconfig (4.6.0 -> 5.0.0) yast2-tftp-server (4.6.0 -> 5.0.0) yast2-theme (4.6.0 -> 5.0.1) yast2-transfer (4.6.0 -> 5.0.0) yast2-tune (4.6.0 -> 5.0.0) yast2-update (4.6.1 -> 5.0.0) yast2-vm (4.6.1 -> 5.0.0) yast2-vpn (4.6.1 -> 5.0.0) yast2-x11 (5.0.1 -> 5.0.2) yast2-xml (4.6.0 -> 5.0.0) yast2-ycp-ui-bindings (4.6.0 -> 5.0.0) zeromq (4.3.4 -> 4.3.5) zlib (1.2.13 -> 1.3) === Details === ==== AppStream ==== Subpackages: libAppStreamQt2 libappstream4 - Fix the documentation being put in the devel subpackage while the doc subpackage was empty. I think the doc %files section was probably removed inadvertently since it wasn't mentioned in the changelog and the doc subpackage declaration was left around. - Moved the appstreamcli-compose man page to the same package as the binary. - Make AppStream-compose-devel explicitly require libappstream-compose0 to stop rpmlint from reporting an error. ==== GraphicsMagick ==== Subpackages: libGraphicsMagick++-Q16-12 libGraphicsMagick-Q16-3 libGraphicsMagick3-config - Have libGraphicsMagick3-config require ghostscript-fonts-std (boo#1216604). ==== NetworkManager-applet ==== Subpackages: NetworkManager-connection-editor - Support build environments like SLE 15 SP5 and Leap 15.5 which had %{_distconfdir) not defined yet. ==== aaa_base ==== Version update (84.87+git20230815.cab7b44 -> 84.87+git20231023.f347d36) Subpackages: aaa_base-extras - Update to version 84.87+git20231023.f347d36: * Remove %ghost lastlog entry, lastlog is long gone * Remove shaky safe-rm and safe-rmdir helpers (bsc#1159103) ==== apache2 ==== Version update (2.4.57 -> 2.4.58) - Update to 2.4.58: * ) SECURITY: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST (cve.mitre.org) When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. Credits: Will Dormann of Vul Labs * ) SECURITY: CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 (cve.mitre.org) An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. Credits: Prof. Sven Dietrich (City University of New York) * ) SECURITY: CVE-2023-31122: mod_macro buffer over-read (cve.mitre.org) Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. Credits: David Shoon (github/davidshoon) * ) mod_ssl: Silence info log message "SSL Library Error: error:0A000126: SSL routines::unexpected eof while reading" when using OpenSSL 3 by setting SSL_OP_IGNORE_UNEXPECTED_EOF if available. [Rainer Jung] * ) mod_http2: improved early cleanup of streams. [Stefan Eissing] * ) mod_proxy_http2: improved error handling on connection errors while response is already underway. [Stefan Eissing] * ) mod_http2: fixed a bug that could lead to a crash in main connection output handling. This occured only when the last request on a HTTP/2 connection had been processed and the session decided to shut down. This could lead to an attempt to send a final GOAWAY while the previous write was still in progress. See PR 66646. [Stefan Eissing] * ) mod_proxy_http2: fix `X-Forward-Host` header to carry the correct value. Fixes PR66752. [Stefan Eissing] * ) mod_http2: added support for bootstrapping WebSockets via HTTP/2, as described in RFC 8441. A new directive 'H2WebSockets on|off' has been added. The feature is by default not enabled. As also discussed in the manual, this feature should work for setups using "ProxyPass backend-url upgrade=websocket" without further changes. Special server modules for WebSockets will have to be adapted, most likely, as the handling if IO events is different with HTTP/2. HTTP/2 WebSockets are supported on platforms with native pipes. This excludes Windows. [Stefan Eissing] * ) mod_rewrite: Fix a regression with both a trailing ? and [QSA]. in OCSP stapling. PR 66672. [Frank Meier , covener] * ) mod_http2: fixed a bug in flushing pending data on an already closed connection that could lead to a busy loop, preventing the HTTP/2 session to close down successfully. Fixed PR 66624. [Stefan Eissing] * ) mod_http2: v2.0.15 with the following fixes and improvements - New directive 'H2EarlyHint name value' to add headers to a response, picked up already when a "103 Early Hints" response is sent. 'name' and 'value' must comply to the HTTP field restrictions. This directive can be repeated several times and header fields of the same names add. Sending a 'Link' header with 'preload' relation will also cause a HTTP/2 PUSH if enabled and supported by the client. - Fixed an issue where requests were not logged and accounted in a timely fashion when the connection returns to "keepalive" handling, e.g. when the request served was the last outstanding one. This led to late appearance in access logs with wrong duration times reported. - Accurately report the bytes sent for a request in the '%O' Log format. This addresses #203, a long outstanding issue where mod_h2 has reported numbers over-eagerly from internal buffering and not what has actually been placed on the connection. The numbers are now the same with and without H2CopyFiles enabled. [Stefan Eissing] * ) mod_proxy_http2: fix retry handling to not leak temporary errors. On detecting that that an existing connection was shutdown by the other side, a 503 response leaked even though the request was retried on a fresh connection. [Stefan Eissing] * ) mod_rewrite: Add server directory to include path as mod_rewrite requires test_char.h. PR 66571 [Valeria Petrov ] * ) mod_http2: new directive `H2ProxyRequests on|off` to enable handling of HTTP/2 requests in a forward proxy configuration. ... changelog too long, skipping 85 lines ... for async MPMs. PR 63300. [Rainer Jung] ==== apache2-manual ==== Version update (2.4.57 -> 2.4.58) - Update to 2.4.58: * ) SECURITY: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST (cve.mitre.org) When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. Credits: Will Dormann of Vul Labs * ) SECURITY: CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 (cve.mitre.org) An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. Credits: Prof. Sven Dietrich (City University of New York) * ) SECURITY: CVE-2023-31122: mod_macro buffer over-read (cve.mitre.org) Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. Credits: David Shoon (github/davidshoon) * ) mod_ssl: Silence info log message "SSL Library Error: error:0A000126: SSL routines::unexpected eof while reading" when using OpenSSL 3 by setting SSL_OP_IGNORE_UNEXPECTED_EOF if available. [Rainer Jung] * ) mod_http2: improved early cleanup of streams. [Stefan Eissing] * ) mod_proxy_http2: improved error handling on connection errors while response is already underway. [Stefan Eissing] * ) mod_http2: fixed a bug that could lead to a crash in main connection output handling. This occured only when the last request on a HTTP/2 connection had been processed and the session decided to shut down. This could lead to an attempt to send a final GOAWAY while the previous write was still in progress. See PR 66646. [Stefan Eissing] * ) mod_proxy_http2: fix `X-Forward-Host` header to carry the correct value. Fixes PR66752. [Stefan Eissing] * ) mod_http2: added support for bootstrapping WebSockets via HTTP/2, as described in RFC 8441. A new directive 'H2WebSockets on|off' has been added. The feature is by default not enabled. As also discussed in the manual, this feature should work for setups using "ProxyPass backend-url upgrade=websocket" without further changes. Special server modules for WebSockets will have to be adapted, most likely, as the handling if IO events is different with HTTP/2. HTTP/2 WebSockets are supported on platforms with native pipes. This excludes Windows. [Stefan Eissing] * ) mod_rewrite: Fix a regression with both a trailing ? and [QSA]. in OCSP stapling. PR 66672. [Frank Meier , covener] * ) mod_http2: fixed a bug in flushing pending data on an already closed connection that could lead to a busy loop, preventing the HTTP/2 session to close down successfully. Fixed PR 66624. [Stefan Eissing] * ) mod_http2: v2.0.15 with the following fixes and improvements - New directive 'H2EarlyHint name value' to add headers to a response, picked up already when a "103 Early Hints" response is sent. 'name' and 'value' must comply to the HTTP field restrictions. This directive can be repeated several times and header fields of the same names add. Sending a 'Link' header with 'preload' relation will also cause a HTTP/2 PUSH if enabled and supported by the client. - Fixed an issue where requests were not logged and accounted in a timely fashion when the connection returns to "keepalive" handling, e.g. when the request served was the last outstanding one. This led to late appearance in access logs with wrong duration times reported. - Accurately report the bytes sent for a request in the '%O' Log format. This addresses #203, a long outstanding issue where mod_h2 has reported numbers over-eagerly from internal buffering and not what has actually been placed on the connection. The numbers are now the same with and without H2CopyFiles enabled. [Stefan Eissing] * ) mod_proxy_http2: fix retry handling to not leak temporary errors. On detecting that that an existing connection was shutdown by the other side, a 503 response leaked even though the request was retried on a fresh connection. [Stefan Eissing] * ) mod_rewrite: Add server directory to include path as mod_rewrite requires test_char.h. PR 66571 [Valeria Petrov ] * ) mod_http2: new directive `H2ProxyRequests on|off` to enable handling of HTTP/2 requests in a forward proxy configuration. ... changelog too long, skipping 85 lines ... for async MPMs. PR 63300. [Rainer Jung] ==== apache2-mod_php8 ==== Version update (8.2.11 -> 8.2.12) - version update to 8.2.12 * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.2.12 ==== apache2-prefork ==== Version update (2.4.57 -> 2.4.58) - Update to 2.4.58: * ) SECURITY: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST (cve.mitre.org) When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. Credits: Will Dormann of Vul Labs * ) SECURITY: CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 (cve.mitre.org) An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. Credits: Prof. Sven Dietrich (City University of New York) * ) SECURITY: CVE-2023-31122: mod_macro buffer over-read (cve.mitre.org) Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. Credits: David Shoon (github/davidshoon) * ) mod_ssl: Silence info log message "SSL Library Error: error:0A000126: SSL routines::unexpected eof while reading" when using OpenSSL 3 by setting SSL_OP_IGNORE_UNEXPECTED_EOF if available. [Rainer Jung] * ) mod_http2: improved early cleanup of streams. [Stefan Eissing] * ) mod_proxy_http2: improved error handling on connection errors while response is already underway. [Stefan Eissing] * ) mod_http2: fixed a bug that could lead to a crash in main connection output handling. This occured only when the last request on a HTTP/2 connection had been processed and the session decided to shut down. This could lead to an attempt to send a final GOAWAY while the previous write was still in progress. See PR 66646. [Stefan Eissing] * ) mod_proxy_http2: fix `X-Forward-Host` header to carry the correct value. Fixes PR66752. [Stefan Eissing] * ) mod_http2: added support for bootstrapping WebSockets via HTTP/2, as described in RFC 8441. A new directive 'H2WebSockets on|off' has been added. The feature is by default not enabled. As also discussed in the manual, this feature should work for setups using "ProxyPass backend-url upgrade=websocket" without further changes. Special server modules for WebSockets will have to be adapted, most likely, as the handling if IO events is different with HTTP/2. HTTP/2 WebSockets are supported on platforms with native pipes. This excludes Windows. [Stefan Eissing] * ) mod_rewrite: Fix a regression with both a trailing ? and [QSA]. in OCSP stapling. PR 66672. [Frank Meier , covener] * ) mod_http2: fixed a bug in flushing pending data on an already closed connection that could lead to a busy loop, preventing the HTTP/2 session to close down successfully. Fixed PR 66624. [Stefan Eissing] * ) mod_http2: v2.0.15 with the following fixes and improvements - New directive 'H2EarlyHint name value' to add headers to a response, picked up already when a "103 Early Hints" response is sent. 'name' and 'value' must comply to the HTTP field restrictions. This directive can be repeated several times and header fields of the same names add. Sending a 'Link' header with 'preload' relation will also cause a HTTP/2 PUSH if enabled and supported by the client. - Fixed an issue where requests were not logged and accounted in a timely fashion when the connection returns to "keepalive" handling, e.g. when the request served was the last outstanding one. This led to late appearance in access logs with wrong duration times reported. - Accurately report the bytes sent for a request in the '%O' Log format. This addresses #203, a long outstanding issue where mod_h2 has reported numbers over-eagerly from internal buffering and not what has actually been placed on the connection. The numbers are now the same with and without H2CopyFiles enabled. [Stefan Eissing] * ) mod_proxy_http2: fix retry handling to not leak temporary errors. On detecting that that an existing connection was shutdown by the other side, a 503 response leaked even though the request was retried on a fresh connection. [Stefan Eissing] * ) mod_rewrite: Add server directory to include path as mod_rewrite requires test_char.h. PR 66571 [Valeria Petrov ] * ) mod_http2: new directive `H2ProxyRequests on|off` to enable handling of HTTP/2 requests in a forward proxy configuration. ... changelog too long, skipping 85 lines ... for async MPMs. PR 63300. [Rainer Jung] ==== apache2-utils ==== Version update (2.4.57 -> 2.4.58) - Update to 2.4.58: * ) SECURITY: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST (cve.mitre.org) When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. Credits: Will Dormann of Vul Labs * ) SECURITY: CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 (cve.mitre.org) An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. Credits: Prof. Sven Dietrich (City University of New York) * ) SECURITY: CVE-2023-31122: mod_macro buffer over-read (cve.mitre.org) Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. Credits: David Shoon (github/davidshoon) * ) mod_ssl: Silence info log message "SSL Library Error: error:0A000126: SSL routines::unexpected eof while reading" when using OpenSSL 3 by setting SSL_OP_IGNORE_UNEXPECTED_EOF if available. [Rainer Jung] * ) mod_http2: improved early cleanup of streams. [Stefan Eissing] * ) mod_proxy_http2: improved error handling on connection errors while response is already underway. [Stefan Eissing] * ) mod_http2: fixed a bug that could lead to a crash in main connection output handling. This occured only when the last request on a HTTP/2 connection had been processed and the session decided to shut down. This could lead to an attempt to send a final GOAWAY while the previous write was still in progress. See PR 66646. [Stefan Eissing] * ) mod_proxy_http2: fix `X-Forward-Host` header to carry the correct value. Fixes PR66752. [Stefan Eissing] * ) mod_http2: added support for bootstrapping WebSockets via HTTP/2, as described in RFC 8441. A new directive 'H2WebSockets on|off' has been added. The feature is by default not enabled. As also discussed in the manual, this feature should work for setups using "ProxyPass backend-url upgrade=websocket" without further changes. Special server modules for WebSockets will have to be adapted, most likely, as the handling if IO events is different with HTTP/2. HTTP/2 WebSockets are supported on platforms with native pipes. This excludes Windows. [Stefan Eissing] * ) mod_rewrite: Fix a regression with both a trailing ? and [QSA]. in OCSP stapling. PR 66672. [Frank Meier , covener] * ) mod_http2: fixed a bug in flushing pending data on an already closed connection that could lead to a busy loop, preventing the HTTP/2 session to close down successfully. Fixed PR 66624. [Stefan Eissing] * ) mod_http2: v2.0.15 with the following fixes and improvements - New directive 'H2EarlyHint name value' to add headers to a response, picked up already when a "103 Early Hints" response is sent. 'name' and 'value' must comply to the HTTP field restrictions. This directive can be repeated several times and header fields of the same names add. Sending a 'Link' header with 'preload' relation will also cause a HTTP/2 PUSH if enabled and supported by the client. - Fixed an issue where requests were not logged and accounted in a timely fashion when the connection returns to "keepalive" handling, e.g. when the request served was the last outstanding one. This led to late appearance in access logs with wrong duration times reported. - Accurately report the bytes sent for a request in the '%O' Log format. This addresses #203, a long outstanding issue where mod_h2 has reported numbers over-eagerly from internal buffering and not what has actually been placed on the connection. The numbers are now the same with and without H2CopyFiles enabled. [Stefan Eissing] * ) mod_proxy_http2: fix retry handling to not leak temporary errors. On detecting that that an existing connection was shutdown by the other side, a 503 response leaked even though the request was retried on a fresh connection. [Stefan Eissing] * ) mod_rewrite: Add server directory to include path as mod_rewrite requires test_char.h. PR 66571 [Valeria Petrov ] * ) mod_http2: new directive `H2ProxyRequests on|off` to enable handling of HTTP/2 requests in a forward proxy configuration. ... changelog too long, skipping 85 lines ... for async MPMs. PR 63300. [Rainer Jung] ==== attica-qt5 ==== Version update (5.110.0 -> 5.111.0) Subpackages: libKF5Attica5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Add avahi-CVE-2023-38473.patch: derive alternative host name from its unescaped version (bsc#1216419 CVE-2023-38473). ==== avahi-glib2 ==== Subpackages: libavahi-glib1 libavahi-gobject0 libavahi-ui-gtk3-0 - Add avahi-CVE-2023-38473.patch: derive alternative host name from its unescaped version (bsc#1216419 CVE-2023-38473). ==== baloo5 ==== Version update (5.110.0 -> 5.111.0) Subpackages: baloo5-file baloo5-file-lang baloo5-imports baloo5-kioslaves baloo5-kioslaves-lang baloo5-tools baloo5-tools-lang libKF5Baloo5 libKF5BalooEngine5 libKF5BalooEngine5-lang - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - Changes since 5.110.0: * Use the FSID as the device identifier where possible (kde#402154) ==== bluedevil5 ==== Version update (5.27.8 -> 5.27.9) Subpackages: bluedevil5-lang - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== bluez-qt ==== Version update (5.110.0 -> 5.111.0) Subpackages: bluez-qt-imports bluez-qt-udev libKF5BluezQt6 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== breeze ==== Version update (5.27.8 -> 5.27.9) Subpackages: breeze5-cursors breeze5-decoration breeze5-style breeze5-style-lang libbreezecommon5-5 - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== breeze-gtk ==== Version update (5.27.8 -> 5.27.9) Subpackages: gtk2-metatheme-breeze gtk3-metatheme-breeze gtk4-metatheme-breeze metatheme-breeze-common - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== breeze5-icons ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== ceph ==== Version update (16.2.13.66+g54799ee0666 -> 16.2.14.66+g7aa6ce9419f) Subpackages: librados2 librbd1 - Update to 16.2.14-66-g7aa6ce9419f: + (bsc#1207765) rgw/rados: check_quota() uses real bucket owner + (bsc#1212559) pacific: os/bluestore: cumulative bluefs backport This notably includes: * os/bluestore: BlueFS fine grain locking * os/bluestore/bluefs: Fix improper vselector tracking in _flush_special() * os/bluestore: enable 4K allocation unit for BlueFS * os/bluestore/bluefs: Fix sync compactionA + (bsc#1213217) ceph.spec.in: Require fmt-devel < 10 + ceph.spec.in: enable build on riscv64 for openSUSE Factory + ceph.spec.in: Require Cython >= 0.29 but < 3 + cephadm: update to the latest container images: * registry.suse.com/ses/7.1/ceph/prometheus-server:2.37.6 * registry.suse.com/ses/7.1/ceph/prometheus-node-exporter:1.5.0 * registry.suse.com/ses/7.1/ceph/grafana:8.5.22 * registry.suse.com/ses/7.1/ceph/haproxy:2.0.31 - Drop ceph-test.changes (no longer necessary since using _multibuild) ==== chromaprint ==== - Drop unused libtag-devel BuildRequires. - Use cmake_build macro. - Drop fftw3-devel BuildRequires and Requires, pass DFFT_LIB=avfft to cmake, use the already present ffmpeg lib. - Use ldconfig_scriptlets for post(un) handling. ==== clamav ==== Version update (0.103.9 -> 0.103.11) Subpackages: libclamav9 libfreshclam2 - Update to 0.103.11 * Upgrade the bundled UnRAR library (libclamunrar) to version 6.2.12. * Windows: libjson-c 0.17 compatibility fix. with ssize_t type definition. * Windows: Update build system to use OpenSSL 3 and PThreads-Win32 v3. - Update to 0.103.10 * Upgrade the bundled UnRAR library (libclamunrar) to version 6.2.10. ==== discover ==== Version update (5.27.8 -> 5.27.9) Subpackages: discover-backend-flatpak discover-backend-fwupd discover-backend-packagekit discover-lang - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * Fix network cache size for first run * packagekit: attach timer to stream rather than backend * packagekit: hold stream in a qpointer (kde#467888,kde#465711,kde#473921) * Only preload a couple of screens worth of comments (kde#474944) * flatpak: make FlatpakTransactionThread a qrunnable instead (kde#474231) ==== dracut ==== Version update (059+suse.501.gc44a365d -> 059+suse.503.g41e99e72) - Update to version 059+suse.503.g41e99e72: * fix(dracut.spec): do not require libgcrypt20-hmac for dracut-fips (bsc#1216059) ==== drkonqi5 ==== Version update (5.27.8 -> 5.27.9) Subpackages: drkonqi5-lang - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * Fix malloc-delete mismatch ==== efivar ==== - We don’t mandoc at all after all (gh#rhboot/efivar#229 and gh#rhboot/efivar#253). ==== emacs ==== Subpackages: emacs-el emacs-eln emacs-info emacs-nox emacs-x11 etags - Only recommend at-spi2-core - Don't install gsettings schemas twice ==== eog ==== Version update (45.0 -> 45.1) - Update to version 45.1: + Fix statusbar image position incorrect. + Updated translations. ==== evolution ==== Version update (3.50.0 -> 3.50.1) Subpackages: evolution-plugin-spamassassin - Update to version 3.50.1: + flatpak: Add missing comma in the manifests + Bugs fixed: - Mail: Correct conversion of UTF-16 encoded text files - ConfigLookup: Default to STARTTLS for LDAP from SRV records - EWebView: Enable spell checking for editable fields - Make SRV config lookup records lower priority than the others - Calendar: "Work Week" column separator light in dark theme - OpenPGP: "Always sign/encrypt" doesn't always work - Update default calendar colors + Updated translations. ==== evolution-data-server ==== Version update (3.50.0 -> 3.50.1) Subpackages: libcamel-1_2-64 libebackend-1_2-11 libebook-1_2-21 libebook-contacts-1_2-4 libecal-2_0-2 libedata-book-1_2-27 libedata-cal-2_0-2 libedataserver-1_2-27 libedataserverui-1_2-4 - Update to version 3.50.1: + Bugs fixed: - Update default calendar colors - Mail: Correct conversion of UTF-16 encoded text files + Updated translations. ==== evolution-ews ==== Version update (3.50.0 -> 3.50.1) - Update to version 3.50.1: + Bugs Fixed: - Search in online GAL when OAB is misconfigured - Text from .error file not translated in the GUI - Fix scope for OAuth2 v2 being hard-coded to O365 + Updated translations. ==== fde-tools ==== Version update (0.7.0 -> 0.7.1) - Update to version 0.7.1 + add-secondary-key: remove the generation of the secondary password + add-secondary-key: remove the inclusion of 'add-secondary-password' + luks: list all underlying LUKS device + Introduce FDE_DEVS to list all LUKS devices - Drop upstreamd patch + fde-tools-remove-redundant-2nd-pw-creation.patch ==== fftw3 ==== - Disable HPC flavors on %ix86 - Drop support for obsolete openmpi[123] - Prepare support for openmpi5 ==== firewalld ==== Version update (2.0.0 -> 2.0.1) Subpackages: firewalld-bash-completion python3-firewall - update to 2.0.1: * fix(cli): all --list-all-zones output identical (d30bc61) * fix(cli): properly show default zone attribute (ea8d9a8) * fix(cli): properly show active attribute for zones and policies (b202403) * fix(cli): --get-active-zones should include the default zone (dae9112) * fix(nftables): always flush main table on start (cd20981) * fix(runtimeToPermanent): deepcopy settings before mangling (9c53639) * docs: fix reference to lockdown-whitelist.xml in SYNOPSIS section (1c77205) * fix(firewall-config): escape markup stored in bindings store (c876fd0) * fix(tests): avoid deprecated assertRaisesRegexp for assertRaisesRegex (2935119) * fix(icmp): fix check_icmpv6_name() to use correct IPv6 names (af3c35b) * fix(ipset): fix configuring IP range for ipsets with nftables (6a050ec) * fix(ipset): fix configuring "timeout","maxelem" values for ipsets with nftables (7d3340c) * fix(core): fix exception while parsing invalid "tcp-mss-clamp" in policy (ff61209) * docs(policy): fix wrong documentation of in man firewalld.policy (21026d9) - removed following patch: [- fix_list_all_zones_output.patch] ==== frameworkintegration ==== Version update (5.110.0 -> 5.111.0) Subpackages: frameworkintegration-plugin libKF5Style5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== freerdp ==== Version update (2.11.0 -> 2.11.2) Subpackages: libfreerdp2-2 libwinpr2-2 - Update to 2.11.2 * Backported #9356: Fix issues with order updates * Backported #9378: backported wArrayList (optional) copy on insert * Backported #9360: backported certificate algorithm detection ==== git ==== Subpackages: git-core git-email git-web perl-Git - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/ include to make custom additions easier ==== glib2 ==== Version update (2.78.0 -> 2.78.1) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0 - Update to version 2.78.1: + Fix truncating files when `g_file_set_contents_full()` is called without `G_FILE_SET_CONTENTS_CONSISTENT` + Fix `-Dlibelf=disabled` on Linux + Bugs fixed: - NetworkManager 1.44.0 crashes repeatedly with glib 2.78.0 - gsubprocess-testprog.c: build error with cygwin (sys/ptrace.h: No such file or directory) - gio clears modification time in microseconds when setting with `set_modification_date_time` - Build of glib 2.78.0 ignores -Dlibelf=disabled - glib-2.78.0 fails at gio/tests/gsubprocess.p/gsubprocess.c.o - Segfault when creating GIO GPropertyAction without properties - `g_file_set_contents_full()` doesn't truncate the file (without `G_FILE_SET_CONTENTS_CONSISTENT`) - guniprop.c: Avoid creating (temporarily) out-of-bounds pointers - Fixes for integer cast warnings when targeting CHERI - Fix test_find_program on FreeBSD - gconstructor.h: Ensure [c|d]tor prototypes are present for MSVC - Fix gutils-user-database test on macOS - Add value annotation to G_TYPE_FUNDAMENTAL_MAX - meson: Fix Windows build with PCRE2 as sibling subproject - gconstructor.h: Ensure [c|d]tor prototypes are present for MSVC - glocalfileinfo: Preserve microseconds for access/modify times - Make sure the `GTask` is freed on a graceful disconnect - Buffer needs to be aligned correctly to receive linux_dirent64. - gtestutils.h: Fix warning with -Wsign-conversion caused by g_assert_cmpint - tests: Drop unnecessary include from gsubprocess-testprog.c - wakeup: do single read when using eventfd() - wakeup: Fix g_wakeup_acknowledge if signal comes in” - Use g_task_return in task threads - build: Fix -Dlibelf=disabled on Linux - gfileutils: Add a missing ftruncate() call when writing files + Updated translations. - Drop 0005-gthreadedresolver-Fix-race.patch: Fixed upstream. - Use sed call to replace gio-querymodules with gio-querymodules-64 in gio-2.0.pc where appropiate. - Require /usr/bin/dbus-daemon by the devel package: GDBusTest launches an own dbus-daemon with a separate environment, so that test code does not have to rely on the session bus. Ensure consumers of GDBusTest have the needed dep present. - Change the dbus-launch Requires to %{_bindir}/dbus-launch: be flexible about potential future package layout changes. ==== glibc ==== Subpackages: glibc-devel glibc-extra glibc-locale glibc-locale-base nscd - dtors-reverse-ctor-order.patch: Remove, has been reverted - Avoid use of SSE in i586 build - Add systemd also to gshadow lookups (jsc#PED-5188) - For SLE continue to use nsswitch.conf without systemd ==== gnome-control-center ==== Version update (45.0+34 -> 45.1) Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces - Update to version 45.1: + About: Add more types of processor support + Accessibility: Make Cursor Size dialog close on Escape key + Keyboard: Allow closing Shortcuts dialog with Escape key + Mouse: - Fix linked style of primary mouse button in RTL languages - Avoid making videos blurry + Network: - Fix editing connections without a device - Revert "Disable DNS entry if automatic DNS option is enabled" ==== gnome-maps ==== Version update (45.0 -> 45.1) - Update to version 45.1: + Add more validation of transit plugin parameters + Fix showing missing nearby POIs when browsing in some cases + Set lower timeout when downloading service file + Fix searching for recent routes + Updated translations. ==== gnome-settings-daemon ==== - Add 538816ff42f682fc4b541810ca107486abab9976.patch: smartcard: Steal error when propagating through GTask. ==== gnome-shell ==== Subpackages: gnome-extensions gnome-shell-calendar - Rebase patches for SLE-15-SP6 (bsc#1216072): + Rebase endSession-dialog-update-time-label-every-sec.patch + Rebase gnome-shell-disable-ibus-when-not-installed.patch + Rebase gnome-shell-domain.patch + Rebase gnome-shell-exit-crash-workaround.patch + Rebase gnome-shell-fate324570-Make-GDM-background-image-configurable.patch + Rebase gnome-shell-gdm-login-applet.patch + Rebase gnome-shell-jsc#SLE-16051-Input-method-recommendation.patch + Rebase gnome-shell-jscSLE9267-Remove-sessionList-of-endSessionDialog.patch + Rebase gnome-shell-screen-disappear.patch + Remove aboutMenu.js ==== gnome-software ==== Version update (45.0 -> 45.1) Subpackages: gnome-software-plugin-packagekit - Rebase gnome-software-disable-offline-update.patch(bsc#1216603). - Add gnome-software-plugin-opensuse-distro-upgrade.patch: plugins: add opensuse-distro-upgrade plugin(glgo#GNOME/gnome-software!1557). - Update to version 45.1: + Various styling fixes + Report PackageKit GPG-related errors in the GUI + Flatpak permission checks improvements + Optimize loading of the details page + Updated translations. ==== gnome-sudoku ==== Version update (45.1 -> 45.2) - Update to version 45.2: + Fix Ctrl+N not setting earmarks + Fix warning about failure to solve puzzle when loading games with an incorrect value ==== gnome-terminal ==== Version update (3.50.0 -> 3.50.1) Subpackages: gnome-shell-search-provider-gnome-terminal nautilus-extension-terminal - Update to version 3.50.1: * util: check flatpak for alternate terminals * prefs: Get the headerbar pref * build: Bump vte req version ==== gnome-user-docs ==== Version update (45.0 -> 45.1) - Update to version 45.1: + Updates to GNOME Help. + Updated translations. ==== gnu-unifont-fonts ==== Version update (15.1.01 -> 15.1.03) - update to 15.1.03: * Additions and extensions to multiple CJK Unified Ideographs Extension glyps, and Plane 0 Wen Quan Yi range ==== gpg2 ==== Subpackages: dirmngr - Do not pull revision info from GIT when autoconf is run. This removes the -unknown suffix after the version number. * Add gnupg-nobetasuffix.patch [bsc#1216334] ==== gpgme ==== Version update (1.22.0 -> 1.23.0) Subpackages: libgpgme11 libgpgmepp6 - Update to 1.23.0: * Support GPGME_ENCRYPT_ALWAYS_TRUST also for S/MIME. [T6559] * New keylist mode GPGME_KEYLIST_MODE_WITH_V5FPR. [T6705] * New key capability flags has_*. [T6748] * gpgme-tool: Support use of Windows HANDLE. [T6634] * qt: Support refreshing keys via WKD. [T6672] * qt: Handle cancel in changeexpiryjob. [T6754] * Remove patches fixed upstream: - gpgme-qt-tests-Fix-build-in-source-directory.patch - gpgme-build-Suggest-out-of-source-build.patch ==== gpgmeqt ==== Version update (1.22.0 -> 1.23.0) - Update to 1.23.0: * Support GPGME_ENCRYPT_ALWAYS_TRUST also for S/MIME. [T6559] * New keylist mode GPGME_KEYLIST_MODE_WITH_V5FPR. [T6705] * New key capability flags has_*. [T6748] * gpgme-tool: Support use of Windows HANDLE. [T6634] * qt: Support refreshing keys via WKD. [T6672] * qt: Handle cancel in changeexpiryjob. [T6754] * Remove patches fixed upstream: - gpgme-qt-tests-Fix-build-in-source-directory.patch - gpgme-build-Suggest-out-of-source-build.patch ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Fix a potential error when appending multiple keys into the synthesized initrd * Fix-the-size-calculation-for-the-synthesized-initrd.patch - Fix Xen chainloding error of no matching file path found (bsc#1216081) * grub2-efi-chainload-harder.patch - Use grub-tpm2 token to unlock keyslots to make the unsealing process more efficient and secure. * 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch - Fix detection of encrypted disk's uuid in powerpc to cope with logical disks when signed image installation is specified (bsc#1216075) * 0003-grub-install-support-prep-environment-block.patch - grub2.spec: Add support to unlocking multiple encrypted disks in signed grub.elf image for logical disks ==== gvfs ==== Version update (1.52.0 -> 1.52.1) Subpackages: gvfs-backend-afc gvfs-backend-goa gvfs-backend-samba gvfs-backends gvfs-fuse - Use older way than autopatch on SLE/Leap, which is not ready for the macro. - Rebase gvfs-nvvfs.patch. - Update to version 1.52.1: + client: Prevent returning invalid mount cache entries. + dav: Fix authentication issues when DNS-SD URIs are used. + nfs: Fix IPv6 URI handling. + Updated translations. ==== gzip ==== - Fix s390x build with 'gcc -Dalignas=_Alignas' bug#66709 ==== harfbuzz ==== Version update (8.2.1 -> 8.2.2) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 8.2.2: + Fix regression from 8.1.0 in shaping fonts with duplicate feature tags. + Fix regression from 8.2.0 in parsing CSS-style feature strings. + Variable fonts instanciation now handles more tables. + Various CMake build improvements. + Various fixes to build without errors with gcc 4.9.2. ==== icewm ==== Subpackages: icewm-config-upstream icewm-default icewm-lang icewm-lite - Drop pkgconfig(gdk-pixbuf-xlib-2.0) BuildRequires: No longer needed nor used (in our case, we use the new default Imlib2). - Add explicit pkgconfig(gdk-pixbuf-2.0) BuildRequires: Needed to build {_bindir}/icewm-menu-fdo. ==== iptables ==== Version update (1.8.9 -> 1.8.10) Subpackages: libip4tc2 libip6tc2 libxtables12 xtables-plugins - The presence of nftables does not mandate that iptables use backend-nft [bsc#1206383]. - Update to release 1.8.10 * xtables-translate: support rule insert with index * broute table support in ebtables-nft * nft-variants' debug output (pass multiple ``-v`` flags) now contains sets if present * Add mld-listener type names to icmp6 match - Use nftables backend by default when nftables is installed, bsc#1206383 ==== java-11-openjdk ==== Version update (11.0.20.1 -> 11.0.21.0) Subpackages: java-11-openjdk-headless - Configure with --with-native-debug-symbols=internal to enable generation of debuginfo packages - Upgrade to upstrem tag jdk-11.0.21+9 (October 2023 CPU) * Security fixes: + JDK-8242330: Arrays should be cloned in several JAAS Callback classes + JDK-8284910: Buffer clean in PasswordCallback + JDK-8286503: Enhance security classes + JDK-8296581: Better system proxy support + JDK-8297856: Improve handling of Bidi characters + JDK-8309966, CVE-2023-22081, bsc#1216374: Enhanced TLS connections + JDK-8305815: Update Libpng to 1.6.39 + JDK-8306881: Update FreeType to 2.13.0 * Other fixes: + JDK-6176679: Application freezes when copying an animated gif image to the system clipboard + JDK-8023980: JCE doesn't provide any class to handle RSA private key in PKCS#1 + JDK-8155246: Throw error if default java.security file is missing + JDK-8158880: test/java/time/tck/java/time/format/ /TCKDateTimeFormatterBuilder.java fail with zh_CN locale + JDK-8168261: Use server cipher suites preference by default + JDK-8181383: com/sun/jdi/OptionTest.java fails intermittently with bind failed: Address already in use + JDK-8201516: DebugNonSafepoints generates incorrect information + JDK-8209398: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh failed with "PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE" + JDK-8211343: nsk_jvmti_parseoptions should handle multiple suboptions + JDK-8212045: Add back the tests that were removed from HashesTest.java and AddExportsTest.java + JDK-8216059: nsk_jvmti_parseoptions still has dependency on tilde separator + JDK-8217237: HttpClient does not deal well with multi-valued WWW-Authenticate challenge headers + JDK-8217395: Update langtools shell tests to use ${EXE_SUFFIX} + JDK-8217612: (CL)HSDB cannot show some JVM flags + JDK-8217850: CompressedClassSpaceSizeInJmapHeap fails after JDK-8217612 + JDK-8218471: generate-unsafe-access-tests.sh does not correctly invoke build.tools.spp.Spp + JDK-8219628: [TESTBUG] javadoc/doclet/InheritDocForUserTags fails with -othervm + JDK-8220410: sun/security/tools/jarsigner/warnings/ /NoTimestampTest.java failed with missing expected output + JDK-8221372: Test vmTestbase/nsk/jvmti/GetThreadState/ /thrstat001/TestDescription.java times out + JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop" + JDK-8223573: Replace wildcard address with loopback or local host in tests - part 4 + JDK-8223714: HTTPSetAuthenticatorTest could be made more resilient + JDK-8223783: sun/net/www/http/HttpClient/MultiThreadTest.java sometimes detect threads+1 connections + JDK-8223856: Replace wildcard address with loopback or local host in tests - part 8 + JDK-8224617: (fs) java/nio/file/FileStore/Basic.java found filesystem twice + JDK-8224729: Cleanups in sun/security/provider/certpath/ldap/ /LDAPCertStoreImpl.java + JDK-8224768: Test ActalisCA.java fails + JDK-8225012: sanity/client/SwingSet/src/ToolTipDemoTest.java fails on Windows + JDK-8226221: Update PKCS11 tests to use NSS 3.46 libs + JDK-8228341: SignTwice.java fails intermittently on Windows + JDK-8228403: SignTwice.java failed with java.io.FileNotFoundException: File name too long + JDK-8229147: Linux os::create_thread() overcounts guardpage size with newer glibc (>=2.27) + JDK-8229333: java/io/File/SetLastModified.java timed out + JDK-8229338: clean up test/jdk/java/util/RandomAccess/Basic.java + JDK-8229348: java/net/DatagramSocket/ /UnreferencedDatagramSockets.java fails intermittently + JDK-8229481: sun/net/www/protocol/https/ /ChunkedOutputStream.java failed with a SSLException + JDK-8229912: [TESTBUG] java/net/Socks/SocksIPv6Test fails without IPv6 + JDK-8230132: java/net/NetworkInterface/ /NetworkInterfaceRetrievalTests.java to skip Teredo Tunneling Pseudo-Interface + JDK-8231037: java/net/InetAddress/ptr/Lookup.java fails intermittently due to reverse lookup failed + JDK-8231357: sun/security/pkcs11/Cipher/TestKATForGCM.java fails on SLES11 using mozilla-nss-3.14 + JDK-8231516: network QuickAckTest.java failed due to "SocketException: maximum number of DatagramSockets reached" + JDK-8232101: (sctp) Add minimal sanity tests for SCTP + JDK-8232195: Enable BigInteger tests: DivisionOverflow, SymmetricRangeTests and StringConstructorOverflow + JDK-8232840: java/math/BigInteger/largeMemory/ /SymmetricRangeTests.java fails due to "OutOfMemoryError: Requested array size exceeds VM limit" + JDK-8232922: Add java/math/BigInteger/largeMemory/ /SymmetricRangeTests.java to ProblemList-Xcomp ... changelog too long, skipping 246 lines ... - Compiler flags to realign stack on ix86 (bsc#1214790) ==== kaccounts-providers ==== - Only require signon-plugin-oauth2 when QtWebEngine is an option: signon-plugin-oauth2 depends on signon-ui, which in turn dependson QtWebEngine. ==== kactivities-stats ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kactivities5 ==== Version update (5.110.0 -> 5.111.0) Subpackages: kactivities5-imports libKF5Activities5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kactivitymanagerd ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * Avoid race condition on startup (kde#422682) ==== karchive ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kauth ==== Version update (5.110.0 -> 5.111.0) Subpackages: libKF5Auth5 libKF5Auth5-lang libKF5AuthCore5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kbookmarks ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kcalendarcore ==== Version update (5.110.0 -> 5.111.0) - Add upstream change (kde#421400, boo#1171450): * 0001-ICalFormat-don-t-shift-all-day-invite-dates-to-UTC.patch - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kcm_flatpak ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== kcm_sddm ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * Add missing KService dependency ==== kcmutils ==== Version update (5.110.0 -> 5.111.0) Subpackages: kcmutils-imports libKF5KCMUtils5 libKF5KCMUtilsCore5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kcodecs ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kcompletion ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kconfig ==== Version update (5.110.0 -> 5.111.0) Subpackages: kconf_update5 libKF5ConfigCore5 libKF5ConfigGui5 libKF5ConfigQml5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kconfigwidgets ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kcontacts ==== Version update (5.110.0 -> 5.111.0) Subpackages: kcontacts-lang libKF5Contacts5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kcoreaddons ==== Version update (5.110.0 -> 5.111.0) Subpackages: libKF5CoreAddons5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - Changes since 5.110.0: * Unset bug address for implicitly created KAboutData (kde#473517) ==== kcrash ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kdav ==== Version update (5.110.0 -> 5.111.0) Subpackages: libKF5DAV5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kdbusaddons ==== Version update (5.110.0 -> 5.111.0) Subpackages: kdbusaddons-tools libKF5DBusAddons5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kde-cli-tools5 ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * kcmshell: focus on content area by default ==== kde-gtk-config5 ==== Version update (5.27.8 -> 5.27.9) Subpackages: kde-gtk-config5-gtk3 - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * kded/config_editor: make it compile with GLib < 2.74 * kded/config_editor: add a timer to reduce duplicate setting sync ==== kdeclarative ==== Version update (5.110.0 -> 5.111.0) Subpackages: kdeclarative-components libKF5CalendarEvents5 libKF5Declarative5 libKF5QuickAddons5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kded ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kdelibs4support ==== Version update (5.110.0 -> 5.111.0) Subpackages: libKF5KDELibs4Support5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kdenetwork-filesharing ==== - Fix non-working "Share" properties page in dolphin due to incorrect group check (kde#475946, boo#1215374), add 0001-Remove-wrong-group-check-from-group-manager.patch ==== kdesu ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kdnssd-framework ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kdoctools ==== Version update (5.110.0 -> 5.111.0) Subpackages: libKF5DocTools5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kdump ==== Version update (1.9.6 -> 1.9.7) - upgrade to version 1.9.7 * prevent dracut emergency shell * s390: consolidate low-level network configuration with zdev * s390: Explicitly request zFCP devices ==== kernel-firmware ==== Version update (20231006 -> 20231019) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20231019 (git commit d983107a2dfa): * Fix the robot email script * linux-firmware: Update AMD cpu microcode * Add support for sending emails while processing a PR/patch * amdgpu: update SMU 13.0.0 firmware * linux-firmware: add Amlogic bluetooth firmware * Add a script for a robot to open up pull requests * i915: Add GuC v70.13.1 for DG2, TGL, ADL-P and MTL * iwlwifi: add a missing FW from core80-39 release * amdgpu: update raven firmware from 5.7 branch * amdgpu: update SDMA 5.2.7 firmware from 5.7 branch * amdgpu: update PSP 13.0.8 firmware from 5.7 branch * amdgpu: update GC 10.3.7 firmware from 5.7 branch * amdgpu: update DCN 3.1.6 firmware from 5.7 branch * amdgpu: update SDMA 5.2.6 firmware from 5.7 branch * amdgpu: update PSP 13.0.5 firmware from 5.7 branch * amdgpu: update GC 10.3.6 firmware from 5.7 branch * amdgpu: update VCN 4.0.0 firmware from 5.7 branch * amdgpu: update SMU 13.0.0 firmware from 5.7 branch * amdgpu: update SDMA 6.0.0 firmware from 5.7 branch * amdgpu: update PSP 13.0.0 firmware from 5.7 branch * amdgpu: update GC 11.0.0 firmware from 5.7 branch * amdgpu: update vega20 firmware from 5.7 branch * amdgpu: update beige goby firmware from 5.7 branch * amdgpu: update vega12 firmware from 5.7 branch * amdgpu: update vega10 firmware from 5.7 branch * amdgpu: update dimgrey cavefish firmware from 5.7 branch * amdgpu: update picasso firmware from 5.7 branch * amdgpu: update navy flounder firmware from 5.7 branch * amdgpu: update vangogh firmware from 5.7 branch * amdgpu: update green sardine firmware from 5.7 branch * amdgpu: update sienna cichlid firmware from 5.7 branch * amdgpu: update PSP 13.0.11 firmware from 5.7 branch * amdgpu: update GC 11.0.4 firmware from 5.7 branch * amdgpu: update SDMA 6.0.1 firmware from 5.7 branch * amdgpu: update PSP 13.0.4 firmware from 5.7 branch * amdgpu: update GC 11.0.1 firmware from 5.7 branch * amdgpu: update navi14 firmware from 5.7 branch * amdgpu: update renoir firmware from 5.7 branch * amdgpu: update navi12 firmware from 5.7 branch * amdgpu: update VCN 4.0.4 firmware from 5.7 branch * amdgpu: update SMU 13.0.7 firmware from 5.7 branch * amdgpu: update SDMA 6.0.2 firmware from 5.7 branch * amdgpu: update PSP 13.0.7 firmware from 5.7 branch * amdgpu: update GC 11.0.2 firmware from 5.7 branch * amdgpu: update yellow carp firmware from 5.7 branch * amdgpu: update navi10 firmware from 5.7 branch * amdgpu: update raven2 firmware from 5.7 branch * amdgpu: update SMU 13.0.10 firmware from 5.7 branch * amdgpu: update PSP 13.0.10 firmware from 5.7 branch * amdgpu: update GC 11.0.3 firmware from 5.7 branch * amdgpu: update aldebaran firmware from 5.7 branch ==== kernel-source ==== Version update (6.5.6 -> 6.5.9) Subpackages: kernel-64kb kernel-default - Linux 6.5.9 (bsc#1012628). - Bluetooth: hci_event: Ignore NULL link key (bsc#1012628). - Bluetooth: Reject connection with the device which has same BD_ADDR (bsc#1012628). - Bluetooth: Fix a refcnt underflow problem for hci_conn (bsc#1012628). - Bluetooth: vhci: Fix race when opening vhci device (bsc#1012628). - Bluetooth: hci_event: Fix coding style (bsc#1012628). - Bluetooth: avoid memcmp() out of bounds warning (bsc#1012628). - Bluetooth: hci_conn: Fix modifying handle while aborting (bsc#1012628). - ice: fix over-shifted variable (bsc#1012628). - ice: Fix safe mode when DDP is missing (bsc#1012628). - ice: reset first in crash dump kernels (bsc#1012628). - net/smc: return the right falback reason when prefix checks fail (bsc#1012628). - btrfs: fix stripe length calculation for non-zoned data chunk allocation (bsc#1012628). - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (bsc#1012628). - regmap: fix NULL deref on lookup (bsc#1012628). - KVM: x86: Mask LVTPC when handling a PMI (bsc#1012628). - x86/sev: Disable MMIO emulation from user mode (bsc#1012628). - x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1012628). - x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1012628). - x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer (bsc#1012628). - KVM: x86/pmu: Truncate counter value to allowed width on write (bsc#1012628). - KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2} (bsc#1012628). - x86: KVM: SVM: always update the x2avic msr interception (bsc#1012628). - x86: KVM: SVM: add support for Invalid IPI Vector interception (bsc#1012628). - x86: KVM: SVM: refresh AVIC inhibition in svm_leave_nested() (bsc#1012628). - audit,io_uring: io_uring openat triggers audit reference count underflow (bsc#1012628). - tcp: check mptcp-level constraints for backlog coalescing (bsc#1012628). - mptcp: more conservative check for zero probes (bsc#1012628). - selftests: mptcp: join: no RST when rm subflow/addr (bsc#1012628). - mm: slab: Do not create kmalloc caches smaller than arch_slab_minalign() (bsc#1012628). - fs/ntfs3: Fix OOB read in ntfs_init_from_boot (bsc#1012628). - fs/ntfs3: Fix possible null-pointer dereference in hdr_find_e() (bsc#1012628). - fs/ntfs3: fix panic about slab-out-of-bounds caused by ntfs_list_ea() (bsc#1012628). - fs/ntfs3: Fix shift-out-of-bounds in ntfs_fill_super (bsc#1012628). - fs/ntfs3: fix deadlock in mark_as_free_ex (bsc#1012628). - Revert "net: wwan: iosm: enable runtime pm support for 7560" (bsc#1012628). - netfilter: nft_payload: fix wrong mac header matching (bsc#1012628). - io_uring: fix crash with IORING_SETUP_NO_MMAP and invalid SQ ring address (bsc#1012628). - nvmet-tcp: Fix a possible UAF in queue intialization setup (bsc#1012628). - drm/i915: Retry gtt fault when out of fence registers (bsc#1012628). - drm/mediatek: Correctly free sg_table in gem prime vmap (bsc#1012628). - drm/nouveau/disp: fix DP capable DSM connectors (bsc#1012628). - drm/edid: add 8 bpc quirk to the BenQ GW2765 (bsc#1012628). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (bsc#1012628). - ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (bsc#1012628). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (bsc#1012628). - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (bsc#1012628). - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (bsc#1012628). - ASoC: codecs: wcd938x: drop bogus bind error handling (bsc#1012628). - ASoC: codecs: wcd938x: fix unbind tear down order (bsc#1012628). - ASoC: codecs: wcd938x: fix resource leaks on bind errors (bsc#1012628). - ASoC: codecs: wcd938x: fix regulator leaks on probe errors (bsc#1012628). - ASoC: codecs: wcd938x: fix runtime PM imbalance on remove (bsc#1012628). - qed: fix LL2 RX buffer allocation (bsc#1012628). - xfrm: fix a data-race in xfrm_lookup_with_ifid() (bsc#1012628). - xfrm6: fix inet6_dev refcount underflow problem (bsc#1012628). - xfrm: fix a data-race in xfrm_gen_index() (bsc#1012628). - xfrm: interface: use DEV_STATS_INC() (bsc#1012628). - net: xfrm: skip policies marked as dead while reinserting policies (bsc#1012628). - fprobe: Fix to ensure the number of active retprobes is not zero (bsc#1012628). - wifi: cfg80211: use system_unbound_wq for wiphy work ... changelog too long, skipping 934 lines ... - commit 3169a10 ==== kfilemetadata5 ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kgamma5 ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== kglobalaccel ==== Version update (5.110.0 -> 5.111.0) Subpackages: kglobalaccel5 libKF5GlobalAccel5 libKF5GlobalAccelPrivate5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kguiaddons ==== Version update (5.110.0 -> 5.111.0) Subpackages: libKF5GuiAddons5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - Changes since 5.110.0: * mark geo-scheme-handler as non-gui executable on macOS/Windows ==== kholidays ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== khotkeys5 ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== khtml ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== ki18n ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kiconthemes ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kidletime ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kimageformats ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - Changes since 5.110.0: * avif: support repetition count * raw: fix multi image load * hdr: fix oss-fuzz issue 62197 * hdr: fix crash (oss-fuzz) * xcf: fix crash (oss-fuzz issue 62075) * xcf: fix oss-fuzz issue ==== kinfocenter5 ==== Version update (5.27.8 -> 5.27.9) Subpackages: kinfocenter5-lang - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * find KF5Auth ==== kinit ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kio ==== Version update (5.110.0 -> 5.111.0) Subpackages: kio-core - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - Changes since 5.110.0: * dbusactivationrunner: only activate well-formed services (kde#475266) * DBusActivationRunner: fix object path according to spec * Undeprecate KCoreDirLister::setMimeExcludeFilter * Fix incomplete error strings in MimeTypeFinderJob * Don't crash if KMountPoint gives nothing back while checking for CIFS (kde#474451) * trashimpl: optimize TrashSizeCache::calculateSize * trash: Optimize trashimpl::adaptTrashSize * [kfilewidget] Fixing saving to files with quotes (kde#426728) * KPropertiesDialog: Force PlainText on size label - Drop patch, merged upstream: * 0001-Don-t-crash-if-KMountPoint-gives-nothing-back-while-.patch ==== kirigami2 ==== Version update (5.110.0 -> 5.111.0) Subpackages: libKF5Kirigami2-5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - Changes since 5.110.0: * AboutPage: Allow overriding donateUrl by aliasing it from AboutItem (kde#474864) ==== kitemmodels ==== Version update (5.110.0 -> 5.111.0) Subpackages: kitemmodels-imports libKF5ItemModels5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kitemviews ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kjobwidgets ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kjs ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kmenuedit5 ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * Better construct command line (kde#474758) ==== kmod ==== Version update (30 -> 31) Subpackages: kmod-bash-completion libkmod2 - Fix tests * refresh configure-Detect-openssl-sm3-support.patch * refresh kmod-Add-pkgconfig-file-with-kmod-compile-time-confi.patch * refresh usr-lib-modules.patch - Update to release 31 * Allow passing a path to modprobe so the module is loaded from anywhere from the filesystem. * Use in-kernel decompression if available. * depmod learned a `-o ` option to allow using a separate output directory. - Delete depmod-Introduce-outdir-option.patch, testsuite-Handle-different-sysconfdir.patch, testsuite-depmod-use-defines-for-the-rootfs-lib_modu.patch, 0001-testsuite-repair-read-of-uninitialized-memory.patch, testsuite-Move-setup-rootfs-logic-from-Makefile-to-s.patch ==== knewstuff ==== Version update (5.110.0 -> 5.111.0) Subpackages: knewstuff-imports libKF5NewStuff5 libKF5NewStuffCore5 libKF5NewStuffWidgets5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== knotifications ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== knotifyconfig ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kpackage ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kparts ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kpeople5 ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kpipewire ==== Version update (5.27.8 -> 5.27.9) Subpackages: kpipewire-imports libKPipeWire5 libKPipeWireDmaBuf5 libKPipeWireRecord5 - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== kplotting ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kpty ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kquickcharts ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kross ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== krunner ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - Changes since 5.110.0: * runnerpython: Fix install script paths to desktop files ==== kscreen5 ==== Version update (5.27.8 -> 5.27.9) Subpackages: kscreen5-plasmoid - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * Only modify `Coordinate Transformation Matrix` (kde#474110) * Drop unused KIconThemes dependency ==== kscreenlocker ==== Version update (5.27.8 -> 5.27.9) Subpackages: kscreenlocker-lang libKScreenLocker5 - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * greeter: disable qml disk cache (kde#471952) ==== kservice ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - Changes since 5.110.0: * KService: allow .desktop files without an Exec line (kde#430157) ==== ksshaskpass5 ==== Version update (5.27.8 -> 5.27.9) Subpackages: ksshaskpass5-lang - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== ktexteditor ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== ktextwidgets ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kunitconversion ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kwallet ==== Version update (5.110.0 -> 5.111.0) Subpackages: kwallet-tools kwalletd5 libKF5Wallet5 libkwalletbackend5-5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kwayland ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== kwayland-integration ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== kwidgetsaddons ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - Changes since 5.110.0: * Amend unit test to check propagation of options to date picker * Remove "No date" option from date picker popup used by date combo box * Set the modes on the date picker * Fix file rating being unreadable in certain themes (kde#339863) ==== kwin5 ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * platformsupport/scenes/opengl: don't release egl resources from the thread (kde#466174) * kcms/screenedges: Fix listing of effects * Fix misgenerated QHoverEvent * Add QKeySequence to VirtualDesktopManager::addAction overload (kde#475748) * kcms/screenedges: Fix buttons overlap on a too narrow vertical screen (kde#475579) * kcms/screenedges: Slightly refactor monitor size calculation * kcms/screenedges: Remove commented out dead code * Use itemChange instead of a connect to windowChanged * plugins/slide: add special case for instant animations (kde#472901) * plugins/screencast: Remove "frame dropped" log messages * fix segfault in EglGbmBackend::textureForOutput * Drop unused kitemviews dependency * Add missing QtNetwork dependency * plugins/qpa: implement platform accessibility (kde#472643) * backends/drm: check activePending instead of active for when applying a new gamma ramp is allowed (kde#471562) ==== kwindowsystem ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - Changes since 5.110.0: * Explain in deprecation message that logical coordinates must be used in KF6 ==== kwrited5 ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== kxmlgui ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== lastlog2 ==== Subpackages: liblastlog2-1 - Fix lastlog.8 .so reference ==== layer-shell-qt ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== libKF5ModemManagerQt ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== libKF5NetworkManagerQt ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== libdrm ==== Version update (2.4.116 -> 2.4.117) Subpackages: libdrm2 libdrm_amdgpu1 libdrm_nouveau2 libdrm_radeon1 - Update to 2.4.117 * modetest: print modifiers in hex as well * modetest: custom mode support * meson: fix intel requirements * meson: Use feature.require() and feature.allowed() * meson: replace deprecated program.path -> program.full_path * modetest: avoid erroring if there's no gamma legacy support * amdgpu: Fix pointer/integer mismatch warning * amdgpu: Use PRI?64 to format uint64_t * util: add NV24 and NV42 frame buffer formats * util: add pattern support for DRM_FORMAT_NV{24,42} * modetest: add support for DRM_FORMAT_NV{24,42} * util: fix grey in YUV SMPTE patterns * modetest: fix mode_vrefresh() for interlace/dblscan/vscan * util: remove unused definitions of RED, GREEN, and BLUE * amdgpu: add marketing names from amd-5.4.6 (22.40.6) * amdgpu: add marketing names from amd-5.5.1 (23.10.1) * amdgpu: add marketing names from PRO Edition 23.Q3 W7000 * amdgpu: add marketing names from Adrenalin 23.7.2 * amdgpu: add marketing names from Adrenalin 23.9.1 * modetest: document why no blob is created for linear gamma LUT * modetest: allocate and commit atomic request around set_property() * modetest: permit -r and -s to work together * modetest: allow using -r and -P * modetest: add support for writeback connector * amdgpu: amdgpu_drm.h for new GPUVM fault ioctl * amdgpu: add support for querying VM faults information * xf86drm: mark DRM_MAX_MINOR as deprecated * ci: bump FreeBSD to 13.2 ==== libgcrypt ==== - Do not pull revision info from GIT when autoconf is run. This removes the -unknown suffix after the version number. * Add libgcrypt-nobetasuffix.patch [bsc#1216334] ==== libgpg-error ==== - Do not pull revision info from GIT when autoconf is run. This removes the -unknown suffix after the version number. * Add libgpg-error-nobetasuffix.patch [bsc#1216334] ==== libheif ==== Version update (1.16.2 -> 1.17.1) Subpackages: gdk-pixbuf-loader-libheif libheif-rav1e libheif1 - update to 1.17.1: * fix issue of loading images with premultiplied alpha channel * correctly set compatible_version for macOS dylib builds * fix loading HDR PNGs, but encoding them as 8-bit SDR * fix saving AVIF with alpha using the SVT-AV1 encoder - cmake-presets version 3 requires cmake >= 3.21 - update to 1.17.0: * Kvazaar encoder (HEIC) as alternative to x265 * ffmpeg decoder (HEIC) decoding with potential hardware decoder support * jpegdec / jpegenc codecs for JPEG in HEIF * j2kdec, j2kenc codecs for JPEG-2000 in HEIF (still experimental) * added support for region masks * added support for alpha channels in images decoded with JS/WASM * heif-enc and heif-convert can be called with only input filenames, input and output filename, or with -o option. This makes the use of the two command more consistent. * added 4:2:2 <-> 4:4:4 color conversion with bilinear upscaling / average filtering * heif_context_get_image_handle() can now also access non-top-level images * add script to build Android libraries for all platforms * known bugs have been fixed ==== libkdecoration2 ==== Version update (5.27.8 -> 5.27.9) Subpackages: libkdecorations2-5 libkdecorations2-5-lang libkdecorations2private10 - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== libksba ==== - Do not pull revision info from GIT when autoconf is run. This removes the -unknown suffix after the version number. * Run autoreconf for the added patch and add the build dependecies on autoconf, automake and libtool. * Add libksba-nobetasuffix.patch [bsc#1216334] ==== libkscreen2 ==== Version update (5.27.8 -> 5.27.9) Subpackages: libKF5Screen8 libKF5ScreenDpms8 libkscreen2-plugin - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== libksysguard5 ==== Version update (5.27.8 -> 5.27.9) Subpackages: ksysguardsystemstats-data libKSysGuardSystemStats1 libksysguard5-imports libksysguard5-plugins - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== libmysofa ==== Version update (1.3.1 -> 1.3.2) - Update to 1.3.2: * allow slightly more dense HRTFs * allow all kinds of room types * target exporting * bug fix in memory reader * enable big endian support - Drop 0001-fix-big-endian-convertion-of-double-value.patch - Add Install-header-when-only-building-shared-lib.patch See https://github.com/hoene/libmysofa/issues/210 ==== libnma ==== Subpackages: libnma-glib-schema libnma-gtk4-0 libnma0 typelib-1_0-NMA4-1_0 - Drop pkgconfig(gck-1) and pkgconfig(gcr-3) BuildRequires: No longer needed, we build with gck-2 and gcr-4. ==== libnvme ==== Version update (1.6 -> 1.6+5.g68c6ffb) Subpackages: libnvme-mi1 libnvme1 - Update to version 1.6+5.g68c6ffb: * avoid stack corruption by unaligned DMA to user space buffers (bsc#1216344, gh#linux-nvme/libnvme#727) ==== libp11 ==== - Replace openssl-ibmpkcs11 with openssl-engine-libp11 (jsc#PED-3327) Add Obsoletes: openssl-ibmpkcs11 <= 1.0.1 and Provides: openssl-ibmpkcs11 = 1.0.1 ==== libphonenumber ==== Version update (8.13.15 -> 8.13.23) - Update to version 8.13.28: * Updated phone metadata, carrier data, geocoding data, short number metadata for a number of region and calling codes - drop 0001-Build-with-C-17.patch now upstream ==== libplacebo ==== Version update (6.338.0 -> 6.338.1) - Update libplacebo to version 6.338.1. See details in: https://code.videolan.org/videolan/libplacebo/-/tags/v6.338.1 ==== libqt5-qtbase ==== Version update (5.15.11+kde134 -> 5.15.11+kde138) Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3 - Update to version 5.15.11+kde138: * QLibraryPrivate: Actually merge load hints * QPluginLoader: report the right load hints * xkb: fix build with libxkbcommon 1.6.0 and later * a11y atspi: Map ButtonMenu role to AT-SPI equivalent ==== libshumate ==== Version update (1.1.0 -> 1.1.1) Subpackages: libshumate-1_0-1 typelib-1_0-Shumate-1_0 - Update to version 1.1.1: + Fix null reference map source, avoid critical log message when setting a null map source with shumate_viewport_set_reference_map_source(). ==== libsndfile ==== Version update (1.2.0 -> 1.2.2) - Update to 1.2.1: * Various bug fixes (issue #908, #907, #934, #950, #930) - Update to 1.2.2: * Fixed invalid regex in src/create_symbols_file.py * Fixed passing null pointer to printf %s in tests - Fix signed integers overflows in au_read_header() (bsc#1213451, CVE-2022-33065): libsndfile-CVE-2022-33065.patch ==== libsoup ==== Version update (3.4.3 -> 3.4.4) Subpackages: libsoup-3_0-0 typelib-1_0-Soup-3_0 - Update to version 3.4.4: + Improve HTTP/2 performance when a lot of buffering happens + Support building libnghttp2 as a subproject ==== libstorage-ng ==== Version update (4.5.143 -> 4.5.155) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#963 - extended testsuite - 4.5.155 - merge gh#openSUSE/libstorage-ng#962 - improved error reporting in SystemCmd - 4.5.154 - merge gh#openSUSE/libstorage-ng#961 - added testcase - 4.5.153 - merge gh#openSUSE/libstorage-ng#960 - make more use of new SystemCmd interface - added const - 4.5.152 - merge gh#openSUSE/libstorage-ng#959 - removed unused function - merge gh#openSUSE/libstorage-ng#958 - make more use of new SystemCmd interface - prefer make_unique over new - fixed compound action generation for removing btrfs qgroup relations - merge gh#openSUSE/libstorage-ng#957 - extended testsuite - 4.5.151 - merge gh#openSUSE/libstorage-ng#956 - improved error handling in SystemCmd - 4.5.150 - merge gh#openSUSE/libstorage-ng#955 - use _exit if exec fails - 4.5.149 - merge gh#openSUSE/libstorage-ng#954 - allow to disallow remove actions on some devices - improved tests - removed unneeded include statements - make more use of new SystemCmd interface - increase minor library version - 4.5.148 - merge gh#openSUSE/libstorage-ng#953 - support RAID level LINEAR (bsc#1215022) - 4.5.147 - merge gh#openSUSE/libstorage-ng#952 - extended testsuite - 4.5.146 - merge gh#openSUSE/libstorage-ng#951 - allow SystemCmd to take a vector with command arguments - fixed typo - added integration tests - 4.5.145 - merge gh#openSUSE/libstorage-ng#950 - allow to disable use of key file in commit - added note - 4.5.144 ==== libvirt ==== Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-proxy libvirt-daemon-qemu libvirt-libs - supportconfig: Adapt plugin to modern supportconfig - spec: Disable use of libnbd/nbdkit bsc#1216274 ==== libxkbcommon ==== Version update (1.5.0 -> 1.6.0) Subpackages: libxkbcommon-x11-0 libxkbcommon0 libxkbregistry0 - Update to release 1.6.0 * Remove keysyms: XKB_KEY_dead_lowline, XKB_KEY_dead_aboveverticalline, XKB_KEY_dead_belowverticalline, XKB_KEY_dead_longsolidusoverlay * Add Compose iterator API to iterate the entries in a compose table. * Structured log messages with a message registry. There is an ongoing work to assign unique identifiers to log messages and add a corresponding error index documentation page. * Add a new warning for numeric keysyms references in XKB files: the preferred keysym reference form is its name or its Unicode value, if relevant. * Add the upper bound `XKB_KEYSYM_MAX` to check valid keysyms. * Add a warning when loading a keymap using RMLVO with no layout but with the variant set. * Add support for ``modifier_map None { … }``. This feature is missing compared to the X11 implementation. It allows to reset the modifier map of a key. ==== libzypp ==== Version update (17.31.22 -> 17.31.23) - Stop using boost version 1 timer library (fixes #489, bsc#1215294) - version 17.31.23 (22) ==== llvm17 ==== Version update (17.0.2 -> 17.0.3) - Update to version 17.0.3. * This release contains bug-fixes for the LLVM 17.0.0 release. This release is API and ABI compatible with 17.0.0. - Rebase llvm-do-not-install-static-libraries.patch. - Disable zstd support for now regardless of whether libzstd-devel is installed. (boo#1216121) - Limit number of LTO threads on 32-bit architectures to prevent out-of-memory during linking. ==== man ==== Version update (2.11.2 -> 2.12.0) - Update to 2.12.0: * Fix some manual page portability issues with groff 1.23.0. * Fix test failures when a working `iconv` is not available. * Ensure that timestamps read from the database can go past the year 2038, even on systems where this is not the default. * Fix `manpath` not parsing `PATH` entries with trailing slash correctly for guessing `MANPATH` entries. * More accurately document the behaviour of passing file names as arguments to `man` without the `-l`/`--local-file` option. * Avoid duplicate cleanup of old cat pages by both `man-db.service` and `systemd-tmpfiles-clean.service`. Improvements: * Update system call lists in `seccomp` sandbox from `systemd`. * Upgrade to Gnulib `stable-202307`. * Work around the Firebuild accelerator in `seccomp` sandbox: if this is in use then we need to allow some socket-related system calls. * `man -K` now deduplicates search results that point to the same page. * Warn if `mandb` drops to `--user-db` mode due to running as the wrong user. * Change section title recommendations in `man(1)` to mention `STANDARDS` rather than `CONFORMING TO`, in line with `man-pages(7)`. * Add a `STANDARDS` section to `man(1)` itself. * Document that `man -K` may suffer from false negatives as well as false positives. * Take advantage of newer `groff` facilities to implement `man - -no-hyphenation` and `man --no-justification`, if available. * `man -f` and `man -k` now pass any `-r`/`--regex` or `-w`/`--wildcard` options on to `whatis` and `apropos` respectively. * Always pass a line length to `nroff`, even if we believe that it matches the default. * Allow disabling `groff` warnings via `man --warnings`, by prefixing a warning name with `!`. - Drop man-db-groff-1.23.0-warnings.patch - Refresh man-db-2.9.4.patch ==== milou5 ==== Version update (5.27.8 -> 5.27.9) Subpackages: milou5-lang - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== mozilla-nss ==== Version update (3.93 -> 3.94) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools - update to NSS 3.94 * bmo#1853737 - Updated code and commit ID for HACL* * bmo#1840510 - update ACVP fuzzed test vector: refuzzed with current NSS * bmo#1827303 - Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * bmo#1774659 - NSS needs a database tool that can dump the low level representation of the database * bmo#1852179 - declare string literals using char in pkixnames_tests.cpp * bmo#1852179 - avoid implicit conversion for ByteString * bmo#1818766 - update rust version for acvp docker * bmo#1852011 - Moving the init function of the mpi_ints before clean-up in ec.c * bmo#1615555 - P-256 ECDH and ECDSA from HACL* * bmo#1840510 - Add ACVP test vectors to the repository * bmo#1849077 - Stop relying on std::basic_string * bmo#1847845 - Transpose the PPC_ABI check from Makefile to gyp - rebased patches - added nss-fips-test.patch to fix broken test ==== multipath-tools ==== Version update (0.9.6+71+suse.f07325e -> 0.9.6+115+suse.07776fb) Subpackages: kpartx libmpath0 - Update to version 0.9.6+115+suse.07776fb * multipathd: Added support to handle FPIN-Li events for FC-NVMe - Update to version 0.9.6+110+suse.5dfdf35: * The options "bindings_file", "prkeys_file", and "wwids_file", which have been deprecated since multipath-tools 0.8.8, aren't supported any more. The paths to these files are now hard-coded to "bindings", "prkeys" and "wwids" under /etc/multipath. * Strictly avoid assigning map aliases that are already taken (bsc#1213265) * Improve handling of user-friendly names * avoid "multipath -d" (dry-run) changing SCSI timeouts in sysfs (bsc#1213809) - spec file: * adapt prefix values to upstream changes * fix compilation flags for "make check" * pass EXTRAVERSION to build ==== nautilus ==== Version update (45.0 -> 45.1) Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension4 - Update to version 45.1: + Don't crash when opening Properties from admin://* + Don't crash on unmount + Stop jumping to top when using the Menu key + Properly reorder bookmarks by drag and drop + Re-add search results when switching view mode + Fix compilation on 32-bit musl - Fix various leaks and warnings + Updated translations. - Update to version 45.0+12: + gtk/placessidebar: Use list box for coordinates translation. + list-base: Stop jumping to top on Menu key. + Updated translations. - Switch to source service, explicit commit from the stable branch. ==== net-snmp ==== Version update (5.9.3 -> 5.9.4) Subpackages: libsnmp40 perl-SNMP snmp-mibs - net-snmp-5.9.4-systemd-no-utmp.patch: prefer systemd-logind over utmp to count number of logged in users, utmp is not reliable for this and has a Y2038 problem (jsc#PED-3144) - Update to net-snmp-5.9.4 (bsc#1214364). add (rename): * net-snmp-5.9.4-add-lustre-fs-support.patch * net-snmp-5.9.4-fix-create-v3-user-outfile.patch * net-snmp-5.9.4-fixed-python2-bindings.patch * net-snmp-5.9.4-fix-Makefile.PL.patch * net-snmp-5.9.4-modern-rpm-api.patch * net-snmp-5.9.4-net-snmp-config-headercheck.patch * net-snmp-5.9.4-perl-tk-warning.patch * net-snmp-5.9.4-pie.patch * net-snmp-5.9.4-snmpstatus-suppress-output.patch * net-snmp-5.9.4-socket-path.patch * net-snmp-5.9.4-subagent-set-response.patch * net-snmp-5.9.4-suse-systemd-service-files.patch * net-snmp-5.9.4-testing-empty-arptable.patch delete (now part of v5.9.4): * net-snmp-5.9.3-disallow_SET_requests_with_NULL_varbind.patch * net-snmp-5.9.3-grep.patch delete (rename): * net-snmp-5.9.1-add-lustre-fs-support.patch * net-snmp-5.9.2-fix-create-v3-user-outfile.patch * net-snmp-5.9.3-fixed-python2-bindings.patch * net-snmp-5.9.1-fix-Makefile.PL.patch * net-snmp-5.9.1-modern-rpm-api.patch * net-snmp-5.9.1-net-snmp-config-headercheck.patch * net-snmp-5.9.1-perl-tk-warning.patch * net-snmp-5.9.2-pie.patch * net-snmp-5.9.1-snmpstatus-suppress-output.patch * net-snmp-5.9.1-socket-path.patch * net-snmp-5.9.1-subagent-set-response.patch * net-snmp-5.9.1-suse-systemd-service-files.patch * net-snmp-5.9.1-testing-empty-arptable.patch - Removing legacy MIBs used by Velocity Software (jira#PED-6416). delete: * net-snmp-5.9.1-velocity-mib.patch - Re-add support for hostname netgroups that was removed accidentally and previously added with FATE#316305 (bsc#1207697). '@hostgroup' can be specified for multiple hosts add: * net-snmp-5.9.4-add-netgroups-functionality.patch - Hardening systemd services setting "ProtectHome=true" caused home directory size and allocation to be listed incorrectly (bsc#1206044). add (rename): * net-snmp-5.9.4-harden_snmpd.service.patch * net-snmp-5.9.4-harden_snmptrapd.service.patch delete (rename): * net-snmp-5.9.1-harden_snmpd.service.patch * net-snmp-5.9.1-harden_snmptrapd.service.patch ==== nftables ==== Version update (1.0.8 -> 1.0.9) Subpackages: libnftables1 - Update to release 1.0.9 * Custom conntrack timeouts can use time specification with units other than seconds. * Allow combination of dnat with numgen. * Allow for using constants as key in dynamic sets. * Support for matching on the target address of a IPv6 neighbour solicitation/advertisement. * Restore bitwise operations in combination with maps, e.g. jump to chain depending on bitwise operation on packet mark. * Fix crash with log prefix longer that 127 bytes. - Drop merged 0001-Revert-py-replace-distutils-with-setuptools.patch ==== nodejs20 ==== Subpackages: npm20 - fix_ci_tests.patch: adapt for openssl 3.1.4 - Add nodejs20-zlib-1.3.patch: Support zlib version with only major.minor versions, like zlib 1.3. ==== oniguruma ==== Version update (6.9.8 -> 6.9.9) - Update to 6.9.9 - Update Unicode version 15.1.0 - NEW API: ONIG_OPTION_MATCH_WHOLE_STRING - Fixed: (?I) option was not enabled for character classes (Issue [#264]). - Changed specification to check for incorrect POSIX bracket (Issue #253). - Changed [[:punct:]] in Unicode encodings to be compatible with POSIX definition. (Issue #268) - Fixed: ONIG_OPTION_FIND_LONGEST behavior ==== open-iscsi ==== Subpackages: libopeniscsiusr0 - Updated to latest upstream, which includes (bsc#1210514): * several fixes to harden iscsiuio, which updates its version number to 0.7.8.8, including: - logging now uses syslog - shutdown now waits for helper threads to complete - netlink socket cleanup * some minor bug fixes, some helping builds on musl This updates open-iscsi-SUSE-latest.diff.bz2 ==== open-vm-tools ==== Subpackages: libvmtools0 open-vm-tools-desktop - Fix (bsc#1216432) - VUL-0: CVE-2023-34058: open-vm-tools: SAML token signature bypass vulnerability. - Fix (bsc#1216433) - VUL-0: : CVE-2023-34059: open-vm-tools: file descriptor hijack vulnerability + Add patch: - CVE-2023-34058.patch - CVE-2023-34059.patch - Drop pkgconfig(gdk-pixbuf-xlib-2.0) BuildRequires: No longer needed, nor used (since 12.3.0 release). ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Add cb4ed12f.patch: Fix build using zlib 1.3. The check expected a version in the form a.b.c[.d], which no longer matches 1.3. ==== openssl-1_1 ==== Subpackages: libopenssl1_1 - Performance enhancements for cryptography from OpenSSL 3.x [jsc#PED-5086, jsc#PED-3514] * Add patches: - openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch - openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch - openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch - openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch - openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch - openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch ==== openssl-3 ==== Version update (3.1.3 -> 3.1.4) Subpackages: libopenssl3 - Update to 3.1.4: * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters that alter the key or IV length [bsc#1216163, CVE-2023-5363]. - Performance enhancements for cryptography from OpenSSL 3.2 [jsc#PED-5086, jsc#PED-3514] * Add patches: - openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch - openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch - openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch - openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch - openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch - openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch - FIPS: Add the FIPS_mode() compatibility macro and flag support. * Add patches: - openssl-Add-FIPS_mode-compatibility-macro.patch - openssl-Add-Kernel-FIPS-mode-flag-support.patch - As of openssl 3.1.3, the devel package installs at least 5200 manpage files and is the owner of the most files in the man3 directory (in second place after lapack-man); move these manpages off to the -doc subpackage to reduce the walltime to install just openssl-3-devel (because there is also an invocation of mandb that runs at some point). ==== openssl ==== Version update (3.1.3 -> 3.1.4) - Update to 3.1.4 ==== oxygen5-sounds ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== p11-kit ==== Version update (0.25.0 -> 0.25.1) Subpackages: libp11-kit0 p11-kit-tools - Update to 0.25.1: * fix probing of C_GetInterface [#535] * p11-kit: add command to list tokens [#581] * p11-kit: add command to list mechanisms supported by a token [#576] * p11-kit: add command to generate private-public keypair on a token [#551, #582] * p11-kit: add commands to import/export certificates and public keys into/from a token [#543, #549, #568, #588] * p11-kit: add commands to list and delete objects of a token [#533, #544, #571] * p11-kit: add --login option to login into a token with object and profile management commands [#587] * p11-kit: adjust behavior of PKCS#11 profile management commands [#558, #560, #583, #591] * p11-kit: print PKCS#11 URIs in list-modules [#532] * bug and build fixes [#528 #529, #534, #537, #540, #541, #545, [#547], #550, #557, #572, #575, #579, #585, #586, #590] * test fixes [#553, #580] * Remove patch fixed upstream: - d1d4b0ac316a27c739ff91e6c4153f1154e96e5a.patch ==== pam_kwallet ==== Version update (5.27.8 -> 5.27.9) Subpackages: pam_kwallet-common - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - Do not recommend yast stuff in x11 pattern. That's what the yast patterns are for ==== patterns-fonts ==== Subpackages: patterns-fonts-fonts patterns-fonts-fonts_opt - Require fonts so the pattern also works when Recommends are turned off - Don't pull in Type 1 ghostscript-fonts-* and texlive-lm-fonts by default (boo#1216494) ==== patterns-media ==== - Require kernel-firmware-all instead of kernel-firmware (kernel-firmware-all provides/obsoletes kernel-firmware). ==== perl-CryptX ==== Version update (0.078 -> 0.80.0) - updated to 0.080 see /usr/share/doc/packages/perl-CryptX/Changes 0.080 2023-10-04 - fix #95 AES-NI troubles on MS Windows (gcc compiler) - fix #96 Tests failure with Math::BigInt >= 1.999840 - Enabled AES-NI for platforms with gcc/clang/llvm 0.079 2023-10-01 - fix #92 update libtomcrypt - bundled libtomcrypt update branch:develop (commit:1e629e6f 2023-06-22) ==== php8 ==== Version update (8.2.11 -> 8.2.12) Subpackages: php8-cli php8-ctype php8-dom php8-gd php8-gettext php8-iconv php8-mbstring php8-mysql php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - version update to 8.2.12 * This is a bug fix release. https://www.php.net/ChangeLog-8.php#8.2.12 ==== pipewire ==== Version update (0.3.82 -> 0.3.83) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 0.3.83: * Highlights - A quantum change regression was fixed. - Use a 2 socket server now for the manager and the applications with (when wireplumber is updated) different permissions. - Reduce memory usage a little in audioconvert and use fewer buffers. - Some JACK deadlocks were fixed. - More bugfixes and improvements. * PipeWire - Fix quantum change regression. - Use a 2 socket server by default. One for the session-manager and one for applications. - Fix a potential use-after-free in node and device cleanup. * modules - Some hardcoded buffer size limits were removed. - Fix ASYNC flag on combined-streams. - Add support for on-demand combined-streams using metadata. * SPA - alsa-udev will now ignore PCMs with the ACP_IGNORE udev environment variable. - The audioadapter now uses at least 2 buffers when the follower is async. - The number of buffers used by plugins was tweaked a little. Most plugins now only ask 1 buffer. - Memory usage in audioconvert was reduced. - Fix some unaligned reads and writes and undefined left shifts reported by ASAN. - Rework vulkan dependency checking. - Don't try to link ALSA devices when prepare fails. This fixes some crashes. - Fix a stall when the allowed codecs are changed in ALSA. - Improve ALSA rate control for sources to avoid xruns. - Try to fix IEC958 TrueHD and DTS playback. * Bluetooth - Improve fallback SCO mtu when the kernel doesn't tell us. * JACK - The fixed buffer size limit was removed. - Add an option to make input buffers writable (default true). - A potential deadlock was fixed when applications lock the process function. - Use a separate thread to dispatch notifications to avoid deadlocks. - Potentially fix silent export in ardour in some cases. ==== plasma-browser-integration ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * Add missing KService dependency ==== plasma-framework ==== Version update (5.110.0 -> 5.111.0) Subpackages: libKF5Plasma5 plasma-framework-components plasma-framework-desktoptheme - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== plasma-nm5 ==== Version update (5.27.8 -> 5.27.9) Subpackages: plasma-nm5-openconnect plasma-nm5-openvpn plasma-nm5-pptp plasma-nm5-vpnc - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * Revert "Don't force active dialogs right after showing" * [libreswan] should save even when group name is empty. ==== plasma5-addons ==== Version update (5.27.8 -> 5.27.9) Subpackages: plasma5-addons-lang - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== plasma5-desktop ==== Version update (5.27.8 -> 5.27.9) Subpackages: plasma5-desktop-emojier - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * Don't add recursively every file copied to desktop * kcm/recentFiles: making it compatible with kconfigwidgets:v5.102.0 ==== plasma5-disks ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== plasma5-integration ==== Version update (5.27.8 -> 5.27.9) Subpackages: plasma5-integration-plugin plasma5-integration-plugin-lang - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * Force WindowCloseButtonHint for toplevel dialogs (kde#464193) ==== plasma5-openSUSE ==== Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE plasma5-workspace-branding-openSUSE sddm-theme-openSUSE - Update to 5.27.9 ==== plasma5-pa ==== Version update (5.27.8 -> 5.27.9) Subpackages: plasma5-pa-lang - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * applet: refresh slider value when `to` changes on startup (kde#472245) * Use context object with KConfigWatcher signal ==== plasma5-systemmonitor ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== plasma5-thunderbolt ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== plasma5-workspace ==== Version update (5.27.8 -> 5.27.9) Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-libs xembedsniproxy - Add patch to fix the logout applet: * 0001-applets-lock_logout-use-PlasmaCore.IconItem.patch - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * Do not consider icon changes excess notification creation * lockscreen: handle user switching also on nopassword page (kde#458951) * applets/lock_logout: add a11y properties and restore tooltip * runners/recentdocuments: Fix results being discarded when casing is different (kde#474782) * [plasmacalendarintegration] Fix selected regions are randomly reset to default (kde#472483) * libtaskmanager: test waylandtasksmodel ==== policycoreutils ==== Subpackages: policycoreutils-python-utils python3-policycoreutils - Add reproducible-build.patch to make the output of "sepolicy manpage" deterministic (bsc#1216452) ==== polkit-kde-agent-5 ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== postgresql ==== Subpackages: postgresql-contrib postgresql-server - Interlock version and release of all noarch packages except for the postgresql-docs. ==== postgresql16 ==== Subpackages: libpq5 postgresql16-contrib postgresql16-server - boo#1216022: Call install-alternatives from the devel subpackage as well, otherwise the symlink for ecpg might be missing. ==== powerdevil5 ==== Version update (5.27.8 -> 5.27.9) Subpackages: powerdevil5-lang - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * Provide a default action in Suspend session config (kde#475866) ==== prison-qt5 ==== Version update (5.110.0 -> 5.111.0) Subpackages: libKF5Prison5 prison-qt5-imports - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== psmisc ==== - Fix version at configure time as there was no .tarball-version ==== purpose ==== Version update (5.110.0 -> 5.111.0) Subpackages: libKF5Purpose5 libKF5PurposeWidgets5 - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== python-M2Crypto ==== Version update (0.39.0 -> 0.40.0) - Update to 0.40.0: - OK, SO NOT THIS RELEASE, BUT IN THE NEXT RELEASE PYTHON2 WILL TRULY GO! - BREAKING CHANGES: - There are no SWIG generated files (src/SWIG/_m2crytpo_wrap.c) included anymore, so swig must be installed, no exceptions! Also, for compatibility with Python 3.12+, swig 4.0+ is required. - All support for asyncore has been removed, as it has been removed in Python 3.12 as well (which means also removal of contrib/dispatcher.py, M2Crypto/SSL/ssl_dispatcher.py, ZServerSSL). - All use of distutils (including the bundled ones in setuptools) has been removed, so `setup.py clean` is no more. - Excessively complicated and error-prone __init__py has been cleaned and `import M2Crypto` doesn’t include everything anymore. Imports should specified as for example with `from M2Crypto import foo`. - ASN1_Time handling has been mostly rewritten and it almost works even on Windows. - All tests in Gitlab CI (with exceptions of some skipped tests especially on Windows) are now green, tests of Python 2.7 on CentOS 7 have been included. - Introduce m2.err_clear_error() - Make X509_verify_cert() accessible as m2.x509_verify_cert - Add 32bit_ASN1_Time.patch to quench errors on 32bit archs. ==== python-argcomplete ==== - add setuptools_scm for proper version detection ==== python-gssapi ==== Version update (1.8.2 -> 1.8.3) - Update to 1.8.3: - Added Python 3.12 wheel - Fix Cython 3 compatibility - Remove upstreamed patch d9200d1018ac916b30433da23898c8c5fbde0f28.patch ==== python-httpcore ==== Version update (0.17.3 -> 0.18.0) - Update to 0.18.0: - Add support for HTTPS proxies. - Handle sni_hostname extension with SOCKS proxy. - Change the type of Extensions from Mapping[Str, Any] to MutableMapping[Str, Any]. - Handle HTTP/1.1 half-closed connections gracefully. - Drop Python 3.7 support. - Update httpcore-allow-deprecationwarnings-test.patch - Skip failing tests test_ssl_request and test_extra_info (gh#encode/httpcore!832) ==== python-httpx ==== Version update (0.24.1 -> 0.25.0) - Update to 0.25.0: - Drop support for Python 3.7. - Support HTTPS proxies. - Change the type of Extensions from Mapping[Str, Any] to MutableMapping[Str, Any]. - Add socket_options argument to httpx.HTTPTransport and httpx.AsyncHTTPTransport classes. - The Response.raise_for_status() method now returns the response instance. For example: data = httpx.get('...').raise_for_status().json(). - Return 500 error response instead of exceptions when raise_app_exceptions=False is set on ASGITransport. - Ensure all WSGITransport environs have a SERVER_PROTOCOL. - Always encode forward slashes as %2F in query parameters - Use Mozilla documentation instead of httpstatuses.com for HTTP error reference - Requires higher version of httpcore. ==== python-pexpect ==== - add 742.patch, gh#pexpect/pexpect#742 This makes it compatible with python3.12 gh#pexpect/pexpect#736#issuecomment-1427273882 ==== python-psutil ==== - Rebase logind_y2038.patch based on the reviewed code ==== python-pycairo ==== Version update (1.24.0 -> 1.25.1) - update to 1.25.1: * fix a crash in pypy3.10 * Fix the build with CPython 3.13.0a1 - introduced from 1.25.0: * update to cairo 1.18.0 (for windows only) * new apis: - Status.SVG_FONT_ERROR - FontOptions.get_color_mode(), FontOptions.set_color_mode(), ColorMode - FontOptions.set_color_palette(), FontOptions.get_color_palette(), COLOR_PALETTE_DEFAULT - FontOptions.set_custom_palette_color(), FontOptions.get_custom_palette_color() - TAG_CONTENT, TAG_CONTENT_REF - Pattern.get_dither(), Pattern.set_dither(), Dither ==== python-pytz ==== Version update (2023.3 -> 2023.3.post1) - Update to 2023.3.post1 * Replace deprecated datetime.utcfromtimestamp() * Resurrect Python 2.7 tests * Add support for Python 3.12 - Drop pytz-%{version}.tar.gz.asc and python-pytz.keyring * PyPI hides the .asc files and wants to drop the support * related: https://github.com/certbot/certbot/issues/9707 ==== python-typing_extensions ==== Version update (4.7.1 -> 4.8.0) - Update to 4.8.0: - Add typing_extensions.Doc, as proposed by PEP 727 - Drop support for Python 3.7 (including PyPy-3.7) - Fix bug where get_original_bases() would return incorrect results when called on a concrete subclass of a generic class - Fix bug where ParamSpec(default=...) would raise a TypeError on Python versions <3.11 ==== python-urllib3 ==== Version update (2.0.6 -> 2.0.7) - update to 2.0.7 (bsc#1216377, CVE-2023-45803): * Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. ==== qemu ==== Version update (8.1.0 -> 8.1.2) Subpackages: qemu-arm qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-pr-helper qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios - [openSUSE] supportconfig: Adapt plugin to modern supportconfig - [openSUSE] Add -p1 to autosetup in spec files * So patches can be applied easily (might be useful for development) - Update to version 8.1.2: This fixes the following upstream issues: * https://gitlab.com/qemu-project/qemu/-/issues/1826 * https://gitlab.com/qemu-project/qemu/-/issues/1834 * https://gitlab.com/qemu-project/qemu/-/issues/1846 It also contains a fix for: * CVE-2023-42467 As well as several upstream backports (list available at: https://lore.kernel.org/qemu-devel/24dfb1c2-dc40-4841-893d-5d530638b684@tls.msk.ru/) - Update to version 8.1.1: Upstream backports and bugfixes, among which: * tpm: fix crash when FD >= 1024 and unnecessary errors due to EINTR (Marc-Andr303251 Lureau) * meson: Fix targetos match for illumos and Solaris. (Jonathan Perkin) * s390x/ap: fix missing subsystem reset registration (Janosch Frank) * ui: fix crash when there are no active_console (Marc-Andr303251 Lureau) * virtio-gpu/win32: set the destroy function on load (Marc-Andr303251 Lureau) * target/riscv: Allocate itrigger timers only once (Akihiko Odaki) * target/riscv/pmp.c: respect mseccfg.RLB for pmpaddrX changes (Leon Schuermann) * target/riscv: fix satp_mode_finalize() when satp_mode.supported = 0 (Daniel Henrique Barboza) * hw/riscv: virt: Fix riscv,pmu DT node path (Conor Dooley) * [...] * target/arm: Fix 64-bit SSRA (Richard Henderson) * target/arm: Fix SME ST1Q (Richard Henderson) * accel/kvm: Specify default IPA size for arm64 (Akihiko Odaki) * kvm: Introduce kvm_arch_get_default_type hook (Akihiko Odaki) * include/hw/virtio/virtio-gpu: Fix virtio-gpu with blob on big endian hosts (Thomas Huth) * target/s390x: Check reserved bits of VFMIN/VFMAX's M5 (Ilya Leoshkevich) * target/s390x: Fix VSTL with a large length (Ilya Leoshkevich) * target/s390x: Use a 16-bit immediate in VREP (Ilya Leoshkevich) * target/s390x: Fix the "ignored match" case in VSTRS (Ilya Leoshkevich) Full list available at: * https://lore.kernel.org/qemu-devel/d0d2ac8f-313a-c937-dc3a-88e45fce933c@tls.msk.ru/ - Fix (bsc#1215486): * [openSUSE][RPM] spec: enable the Pipewire audio backend (bsc#1215486) - (Properly) fix: bsc#1213210 * linux-user/elfload: Enable vxe2 on s390x - Fix: bsc#1215677 * optionrom: Remove build-id section ==== qqc2-desktop-style ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== qt6-base ==== Subpackages: libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6Sql6 libQt6Test6 libQt6Widgets6 qt6-network-tls qt6-platformtheme-gtk3 - Add upstream change: * 0001-xkb-fix-build-with-libxkbcommon-1.6.0-and-later.patch ==== redis ==== Version update (7.0.12 -> 7.2.2) - redis 7.2.2: * (CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup, bsc#1216376 * WAITAOF could timeout in the absence of write traffic in case a new AOF is created and an AOF rewrite can't immediately start * Fix crash when running rebalance command in a mixed cluster of 7.0 and 7.2 nodes * Fix the return type of the slot number in cluster shards to integer, which makes it consistent with past behavior * Fix CLUSTER commands are called from modules or scripts to return TLS info appropriately redis-cli, fix crash on reconnect when in SUBSCRIBE mode * Fix overflow calculation for next timer event - redis 7.2.1: * (CVE-2023-41053) Redis does not correctly identify keys accessed by SORT_RO and, as a result, may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. (bsc#1215094) * Fix crashes when joining a node to an existing 7.0 Redis Cluster * Correct request_policy and response_policy command tips on for some admin / configuration commands - Refresh redis.hashes - redis 7.2.0 - Bug Fixes - redis-cli in cluster mode handles unknown-endpoint (#12273) - Update request / response policy hints for a few commands (#12417) - Ensure that the function load timeout is disabled during loading from RDB/AOF and on replicas. (#12451) - Fix false success and a memory leak for ACL selector with bad parenthesis combination (#12452) - Fix the assertion when script timeout occurs after it signaled a blocked client (#12459) - Fixes for issues in previous releases of Redis 7.2 - Update MONITOR client's memory correctly for INFO and client-eviction (#12420) - The response of cluster nodes was unnecessarily adding an extra comma when no hostname was present. (#12411) - refreshed redis-conf.patch: - switch to autosetup now that we switched the last patch to patch level 1 ==== rsyslog ==== - trigger daemon restart after modules packages have been updated (bsc#1214996) ==== rubygem-agama ==== Version update (4 -> 5) - Version 5 - Do not reuse pre-existing swap partitions in the storage proposal (gh#openSUSE/agama#806) - Extended Software service to allow configuring selected patterns (gh#openSUSE/agama#792) - Add indication to btrfs volumes if it is transactional (gh#openSUSE/agama#789) - Adapted storage settings for ALP Dolomite (gh#openSUSE/agama#782) - Fix D-Bus type for SystemVGDevices and restore system VG devices from previous settings (gh#openSUSE/agama#763). ==== samba ==== Version update (4.19.1+git.312.c912b3d2ef6 -> 4.19.2+git.322.7e9201cef5) Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-libs samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs - Update to 4.19.2 * Use-after-free in aio_del_req_from_fsp during smbd shutdown after failed IPC FSCTL_PIPE_TRANSCEIVE; (bso#15423). * clidfs.c do_connect() missing a "return" after a cli_shutdown() call; (bso#15426). * macOS mdfind returns only 50 results; (bso#15463). * GETREALFILENAME_CACHE can modify incoming new filename with previous cache entry value; (bso#15481). * libnss_winbind causes memory corruption since samba-4.18, impacts sendmail, zabbix, potentially more; (bso#15464). * ctdbd: setproctitle not initialized messages flooding logs; (bso#15479). * CVE-2023-5568 Heap buffer overflow with freshness tokens in the Heimdal KDC in Samba 4.19; (bso#15491). * The heimdal KDC doesn't detect s4u2self correctly when fast is in use; (bso#15477). - packaging: Remove /etc/slp.reg.d from samba spec file; (bsc#1216160) - use systemd-logind rather than utmp for y2038 safety; (bsc#1216159). ==== sdbootutil ==== Version update (1+git20230817.2a3cd34 -> 1+git20231023.873adb9) Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper - Update to version 1+git20231023.873adb9: * Use correct image name on aarch64 - Add changes from gh#openSUSE/sdbootutil#21: * sdbootutil.spec: Add missing efibootmgr dependency * sdbootutil.spec: Make sdbootutil-snapper a hard dependency - Update to version 1+git20231005.890f70c: * Add --no-reuse-initrd option * Refactor boot descriptive entries * feat: more descriptive bootmenu entries * Remove stray set -x * speed up snapper list * Fix misleading comment * Fix helptext ==== sg3_utils ==== Version update (1.48+1.889c3e3 -> 1.48+3.b642f6a) Subpackages: libsgutils2-1_48-2 - rescan-scsi-bus.sh: remove /tmp/rescan-scsi-mpath-info.txt (gh#doug-gilbert/sg3_utils#44) - rescan_scsi_bus.sh: fix multipath issue when called with -s and without -u (bsc#1215720, bsc#1216355) ==== shaderc ==== Version update (2023.6 -> 2023.7) - Update to release 2023.7 * Adapt a test to different error message from SPIRV-Tools ==== solid ==== Version update (5.110.0 -> 5.111.0) Subpackages: libKF5Solid5 solid-imports solid-tools - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== sonnet ==== Version update (5.110.0 -> 5.111.0) Subpackages: libKF5SonnetCore5 libKF5SonnetUi5 sonnet-imports - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== sqlite3 ==== Version update (3.42.0 -> 3.43.2) Subpackages: libsqlite3-0 sqlite3-tcl - sqlite3-rtree-i686.patch: temporary build fix for 32-bit x86. - Update to: 3.43.2: * Fix a couple of obscure UAF errors and an obscure memory leak. * Omit the use of the sprintf() function from the standard library in the CLI, as this now generates warnings on some platforms. * Avoid conversion of a double into unsigned long long integer, as some platforms do not do such conversions correctly. - Update to: 3.43.1 * Fix a regression in the way that the sum(), avg(), and total() aggregate functions handle infinities. * Fix a bug in the json_array_length() function that occurs when the argument comes directly from json_remove(). * Fix the omit-unused-subquery-columns optimization (introduced in in version 3.42.0) so that it works correctly if the subquery is a compound where one arm is DISTINCT and the other is not. - Update to 3.43.0: * Add support for Contentless-Delete FTS5 Indexes. This is a variety of FTS5 full-text search index that omits storing the content that is being indexed while also allowing records to be deleted. * Enhancements to the date and time functions: + Added new time shift modifiers of the form ±YYYY-MM-DD HH:MM:SS.SSS. + Added the timediff() SQL function. * Added the octet_length(X) SQL function. * Added the sqlite3_stmt_explain() API. * Query planner enhancements: + Generalize the LEFT JOIN strength reduction optimization so that it works for RIGHT and FULL JOINs as well. Rename it to OUTER JOIN strength reduction. + Enhance the theorem prover in the OUTER JOIN strength reduction optimization so that it returns fewer false-negatives. * Enhancements to the decimal extension: + New function decimal_pow2(N) returns the N-th power of 2 for integer N between -20000 and +20000. + New function decimal_exp(X) works like decimal(X) except that it returns the result in exponential notation - with a "e+NN" at the end. + If X is a floating-point value, then the decimal(X) function now does a full expansion of that value into its exact decimal equivalent. * Performance enhancements to JSON processing results in a 2x performance improvement for some kinds of processing on large JSON strings. * The VFS for unix now assumes that the nanosleep() system call is available unless compiled with -DHAVE_NANOSLEEP=0. ==== suse-module-tools ==== Version update (16.0.36 -> 16.0.37) Subpackages: suse-module-tools-scriptlets * weak-modules2: ignore INITRD_MODULES (jsc#PED-1915), obtain list of modules from dracut.conf.d instead ==== swtpm ==== Subpackages: swtpm-selinux - Add missing requires for certtool ==== syndication ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== syntax-highlighting ==== Version update (5.110.0 -> 5.111.0) Subpackages: libKF5SyntaxHighlighting5 syntax-highlighting-imports - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - Changes since 5.110.0: * Set mode for more config file endings (kde#475078) * Highlight MapCSS numeric and string condition values * textproto syntax: Support multipart strings. * textproto syntax: Add test case for octal escape sequences. * textproto syntax: Support some types of comments. * textproto syntax: Allow empty strings. * textproto syntax: Allow commas between fields. * Add TextProto syntax (protocol buffer Text Format Language). ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-container systemd-coredump udev - Import commit b53f364c264cd598d4210b64285a55d362b47b89 b53f364c26 test: install af_packet kernel module on openSUSE 86b7521a3c shared/wall: use logind if build without utmp support 65aac5858f errno-util: allow ERRNO_IS_* to accept types wider than int 8f93b89db4 basic/errno-util: add wrappers which only accept negative errno 1b815b3e76 Introduce RET_GATHER and use it in src/shared/ - Drop 0001-conf-parser-introduce-early-drop-ins.patch The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP. See: https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/KWRBTAVQ6MGHVAHKDZZ6GIRX4RMHKHQ6/ - Ship the main configuration files in /usr/lib/ Besides the fact that shipping files in /etc is not recommended anymore, this change will hopefully encourage users to customize the defaults via the mean of drop-ins hence removing the risk of conflicts with downstream customization. In contrary, shipping empty directories *.conf.d/ in /etc is not a concern and should suggest users to create drop-ins (bsc#1207056). - systemd.spec: add files.portable and files.journal-remote - Don't include entries listed in kbd-model-map.xkb-generated (provided by kbd package) in kbd-model-map anymore. Yast, the only user of these entries, directly parses kbd-model-map.xkb-generated now (bsc#1211104). - tmpfiles-suse.conf: drop entries for /run/lock and /var/log/wtmp /run/lock is now defined by filesystem package and wtmp has been replaced by wtmpdb on TW. ==== systemd-default-settings ==== Version update (0.7 -> 0.8) Subpackages: systemd-default-settings-branding-SLE systemd-default-settings-branding-openSUSE - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP. Hence the early drop-ins SUSE specific "feature" has been abandoned. - Import 0.8 f34372f User priority '26' for SLE-Micro c8b6f0a Revert "Convert more drop-ins into early ones" ==== systemsettings5 ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - No code changes since 5.27.8 ==== threadweaver ==== Version update (5.110.0 -> 5.111.0) - Update to 5.111.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.111.0 - No code change since 5.110.0 ==== u-boot-rpiarm64 ==== Subpackages: u-boot-rpiarm64-doc Fix boo#1216036. Tested on RPi4. Boot from USB and uSD fine. For details see: https://lore.kernel.org/u-boot/20231023070216.394709-1-sjg@chromium.org/#t * Patches added: 0018-Revert-bootstd-Scan-all-bootdevs-in.patch 0019-bootstd-Expand-boot-ordering-test-t.patch 0020-bootstd-Correct-logic-for-single-uc.patch 0021-bootstd-Scan-all-bootdevs-in-a-boot.patch ==== vim ==== Version update (9.0.1894 -> 9.0.2078) Subpackages: vim-data vim-data-common xxd - Update to version 9.0.2078 * several problems with type aliases * Vim9: No support for type aliases * TextChangedI may not always trigger * Completion menu may be wrong * don't echo empty lines (#13431) * typo in quickfix.c comments * update debian related runtime files (#13423) * Vim9: no nr2str conversion in list-unpack * objdump files not recognized * [security] disallow setting env in restricted mode * possible to escape bracketed paste mode with Ctrl-C * [security] overflow in :history * clarify bracketed paste mode * missing code formatting in if_pyth.txt * xxd: coloring was disabled on Cygwin * xxd: corrupting files when reversing bit dumps * EXPAND flag set for filetype option * cannot use buffer-number for errorformat * Fix typos in several documents (#13420) * pacman hooks are detected as conf filetype * Janet files are not recognised * not able to detect xkb filetypes * *.{gn,gni} files are not recognized * small updates to the documentation for varargs * Update ftplugin - comment motions (#13412) * outstanding exceptions may be skipped * tests: avoid error when no swap files exist * Vim9: no strict type checks for funcrefs varargs * do not use hard-coded match id (#13393) * no digraph for quadruple prime * Vim9: non-consistent error messages * win32: iscygpty needs update * Add new ftplugin (#13385) * zig filetype detection test wrong * win32: using deprecated wsock32 api * Vim9: wrong error for non-existing object var * Update Zig runtime files (#13388) * Vim9: crash with deferred function call and exception * Vim9: not recognizing qualified class vars for infix ops * python: uninitialized warning * perl: warning about inconsistent dll linkage * tests: checking for swap files takes time * Vim9: exceptions confuse defered functions * allow for overriding systemd ftplugin settings (#13373) - Update to version 9.0.2043 * Vim9: issue with funcref assignmentand varargs * Test_cq_zero_exmode fails without channel feature * trim(): hard to use default mask * include syntax script for json5 (#13356) * trim(): hard to use default mask * completion shows current word after completion restart * Vim9: object method funcref not cleaned up after use * A few remaining cmdline completion issues with C-E/Y * if_python: rework python3.12 build dependency * [security] use-after-free with wildmenu * don't try to copy SMACK attribute, when none exist * gcc overflow-warning for f_resolve * Fix more typos (#13354) * cannot get mouse click pos for tab or virt text * correct / behavior in 'wildmenu' (#13336) * TextChangedI may be triggered by non-insert mode change * no max callback recursion limit * Vim9: no support for partials using call() * confusing build dependencies * Vim9: no support for bitwise operators in lambda funcs * win32: python3 dll loading can be improved * no cmdline completion for ++opt args * no filetype detection for Debian sources * need more tests for :cq * getmousepos() returns wrong index for TAB char * Coverity complains about change in charset * Update Serbian messages translation (#13324) * Update ftplugin (#13327) * Vim9: islocked() needs more work * Improve command-line completion docs (#13331) * Vim9: no support for funcrefs * complete_info() returns wrong index * linebreak applies for leading whitespace * Vim9: assignment operators don't work for class vars * Vim9: does not handle islocked() from a method correctly * confusing ifdefs in if_.c * Unicode tables outdated * Vim9: error message can be more accurate * INI files not detected * [security] use-after-free from buf_contents_changed() * cmdline-completion for comma-separated options wrong * test: undofile left behind * Vim9: covariant parameter types allowed * Vim9: need more tests * partially revert patch v9.0.1997 * Missing test file * xxd: compilation warning * make command name for &iskeywordprg more unique (#13297) * Vim9: need cleanup of class related interface code * updated translation of xxd manpage * Vim9: segfault with islocked() * Vim9: use-after-free in deep call stack * Update ftplugin (#13213) ... changelog too long, skipping 140 lines ... * Add g:c_syntax_for_h to filetype-overrule docs ==== virglrenderer ==== Version update (0.9.1 -> 1.0.0) - Update to version 1.0.0: + Switch to Venus protocol version 1.0.0 + Drop experimental tag from Venus configuration flag and update API. + Support passing fences from guest to host for waiting and inter-context fence sharing/syncing. - Drop virglrenderer-CVE-2022-0175.patch and virglrenderer-CVE-2022-0135.patch: fixed upstream. ==== vlan ==== - Drop url for sources, they are no longer valid. ==== vlc ==== Version update (3.0.18 -> 3.0.19) Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau - Update to version 3.0.19 - Remove 104-playback-bar.patch, as it's no longer needed. + Core: - Fix next-frame freezing in most scenarios + Demux: - Support RIFF INFO tags for Wav files - Fix AVI files with flipped RAW video planes - Fix duration on short and small Ogg/Opus files - Fix some HLS/TS streams with ID3 prefix - Fix some HLS playlist refresh drift - Fix for GoPro MAX spatial metadata - Improve FFmpeg-muxed MP4 chapters handling - Improve playback for QNap-produced AVI files - Improve playback of some old RealVideo files - Fix duration probing on some MP4 with missing information + Decoders: - Multiple fixes on AAC handling - Activate hardware decoding of AV1 on Windows (DxVA) - Improve AV1 HDR support with software decoding - Fix some AV1 GBRP streams, AV1 super-resolution streams and monochrome ones - Fix black screen on poorly edited MP4 files on Android Mediacodec - Fix rawvid video in NV12 - Fix several issues on Windows hardware decoding (including "too large resolution in DxVA") - Improve crunchyroll-produced SSA rendering + Video Output: - Super Resolution scaling with nVidia and Intel GPUs - Fix for an issue when cropping on Direct3D9 - Multiple fixes for hardware decoding on D3D11 and OpenGL interop - Fix an issue when playing -90°rotated video - Fix subtitles rendering blur on recent macOS + Input: - Improve SMB compatibility with Windows 11 hosts + Contribs: - Update of fluidlite, fixing some MIDI rendering on Windows - Update of zlib to 1.2.13 (CVE-2022-37434) - Update of FFmpeg, vpx (CVE-2023-5217), ebml, dav1d, libass + Misc: - Improve muxing timestamps in a few formats (reset to 0) - Fix some rendering issues on Linux with the fullscreen controller - Fix GOOM visualization - Fixes for Youtube playback - Fix some MPRIS inconsistencies that broke some OS widgets on Linux - Implement MPRIS TrackList signals - Fix opening files in read-only mode - Fix password search using the Kwallet backend - Fix some crashes on macOS when switching application - Fix 5.1/7.1 output on macOS and tvOS - Fix several crashes and bugs in the macOS preferences panel - Improvements on the threading of the MMDevice audio output on Windows - Fix a potential security issue on the uninstaller DLLs - Fix memory leaks when using the media_list_player libVLC APIs + Translations: - Update of most translations - New translations to Esperanto, Interlingue, Lao, Macedonian, Burmese, Odia, Samoan and Swahili ==== vorbis-tools ==== - Fix buffer overflow vulnerability during the conversion of wav files to ogg files (bsc#1215942, CVE-2023-43361): vorbis-tools-CVE-2023-43361.patch ==== vte ==== Version update (0.74.0 -> 0.74.1) Subpackages: libvte-2_91-0 typelib-1_0-Vte-2_91 - Update to version 0.74.1: * ci: Only upload docs for tags * widget: VteTerminalSpawnAsyncCallback's error is nullable * Updated translations. - Drop f1a547f1dfebd8860021b6b727fa5d5717e9f143.patch: fixed upstream. ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Add webkit2gtk3-create-destroy-egl-image.patch: fix "No provider of EglDestroyImage Found" (boo#1216483). ==== webkit2gtk3-soup2 ==== Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Add webkit2gtk3-create-destroy-egl-image.patch: fix "No provider of EglDestroyImage Found" (boo#1216483). ==== wsdd ==== - Leap 15.6 has no python 3.10 anymore, use 3.11 instead ==== wtmpdb ==== Version update (0.9.2 -> 0.9.3) Subpackages: libwtmpdb0 - Update to version 0.9.3 - wtmpdb last: don't print date in the future if there is no db entry ==== xcb-util-cursor ==== Version update (0.1.4 -> 0.1.5) - Update to version 0.1.5 * This release sets the close-on-exec flag when opening files on platforms that support O_CLOEXEC, and resyncs the _XcursorThemeInherits code with libXcursor, including a fix for an off-by-one error in memory allocation that triggered errors from AddressSanitizer. ==== xdg-desktop-portal ==== Version update (1.18.0 -> 1.18.1) - Update to version 1.18.1: + Communicate better when the Background portal kills an app. + Properly quote Flatpak command in the Background portal. + Improve documentation of the "cursor_mode" propery of the ScreenCast backend D-Bus interface. + Fix ScreenCast portal removing transient restore permissions too early. This fixes screen sharing dialogs on Chromium asking for the screen multiple times. + Only send the Closed session signal to the sender. + Add Meson options to disable building with Bubblewrap, and without the Flatpak portal documentation. Disabling Bubblewrap is highly discouraged, and only meant to be used on platforms that do not currently support it. By disabling Bubblewrap, bitmap validation happens without a sandbox, which is highly insecure since image parsing is a common source of exploits. Really, just do not disable Bubblewrap please. + Improve the manpage of portals.conf. + Various spelling fixes to the Document portal. + Add a new website! We don't have a fancy domain yet, but the website can be accessed at https://flatpak.github.io/xdg-desktop-portal/ + Improve pid mapping for host system apps. This should get rid of some rare, unnecessary warnings. + Adjust documentation of Global Shortcuts portal's timestamps to millisecond granularity. + Bump minimum Meson version to 0.58. ==== xdg-desktop-portal-gtk ==== Version update (1.14.1 -> 1.15.1) - Update to version 1.15.1: + Fix build of feature-gated portals. - Update to version 1.15.0: + Switch to the Meson build system, and drop Autotools + Drop most use of private GNOME API; the following portal interfaces have been removed: - org.freedesktop.impl.portal.Screenshot - org.freedesktop.impl.portal.ScreenCast - org.freedesktop.impl.portal.RemoteDesktop - org.freedesktop.impl.portal.Background + Do not add duplicate notifications + Expose the org.gnome.desktop.calendar settings + Fix type for org.gnome.desktop.background.picture-uri setting + Support current_folder in org.freedesktop.impl.portal.FileChooser + Update list of translatable files + Updated translations. - Add meson BuildRequires and macros following upstreams port. ==== xdg-desktop-portal-kde ==== Version update (5.27.8 -> 5.27.9) - Update to 5.27.9 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.9 - Changes since 5.27.8: * remote desktop: Close streams on session exit * data/kde-portals.conf: Fallback to GTK portals for Settings (kde#474746) * Add missing KF5Service find_package call - Drop patches, now upstream: * 0001-kde_portals.patch ==== xfce4-notifyd ==== Subpackages: xfce4-notifyd-lang - Add xfce4-notifyd-relax-x11-version.patch, see boo#1216516 - Add minimum version expected for package xdg-dev-tools. - fix all packaging warnings ==== xfce4-session ==== Subpackages: xfce4-session-lang - Added xfce-portals.conf file. XDP 0.18.0 requires desktop and other environments to have their own portals.conf drop in file and this is a workaround until a better fix lands (boo#1215641) - Added xdg-current-desktop-xfce.desktop to autostart to ensure variable XDG_CURRENT_DESKTOP variable is properly exposed to systemd (boo#1215641) - Relax requirement of branding package version to prevent xfce4-branding-openSUSE breaking on Leap due to repos being out of sync (boo#1216470) ==== xfce4-terminal ==== Version update (1.1.0 -> 1.1.1) Subpackages: xfce4-terminal-lang - Update to version 1.1.1 * build: Simplify and clarify X11/Wayland distinction * Fix xfce_titled_dialog_create_action_area() deprecation * build: Define our own windowing macro instead of extending GDK's * wayland: Fix drop-down keep-above for non-prefs dialogs * wayland: Fix drop-down terminal keep-above * wayland: Fix window activation * wayland: Fix drop-down terminal positioning (Fixes #141) * wayland: Fix new window size * Replace XDT_CHECK_LIBX11 and use HAVE_LIBX11 when appropriate * Use the same windowing environment test everywhere * Fix build when X11 is disabled * drop-down: Make settings easier to understand * drop-down: Fix allocation warnings * Apply 7 suggestion(s) to 2 file(s) * Save and restore terminal window workspace in X11 session * doc: Remove reference to terminalrc * app: Put GtkSettings:gtk-menu-bar-accel overwrite back in place * Translation Updates ==== xorg-x11-server ==== Version update (21.1.8 -> 21.1.9) Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - Update to version 21.1.9 * This release contains fixes for CVE-2023-5367, CVE-2023-5380 and CVE-2023-5574 as reported in today's security advisory: https://lists.x.org/archives/xorg-announce/2023-October/003430.html - adjusted u_Use-better-fallbacks-to-generate-cookies-if-arc4rand.patch ==== xwayland ==== Version update (23.2.1 -> 23.2.2) - Update to version 23.2.2 * This release contains the fix for CVE-2023-5367 and CVE-2023-5574 in today's security advisory: https://lists.x.org/archives/xorg-announce/2023-October/003430.html Xwayland does not support multiple protocol screens (Zaphod) and is thus not affected by CVE-2023-5380. * Additionally, there is a change in the default behaviour of Xwayland: Since version 23.2.0 Xwayland (via liboeffis) automatically tries to connect to the XDG Desktop Portal's RemoteDesktop interface to obtain the EI socket. That socket is used to send XTest events to the compositor. * However, the connection to the session-wide Portal is unsuitable when Xwayland is running in a nested compositor. Xwayland cannot tell whether it's running on a nested compositor and to keep backwards compatibility with Xwayland prior to 23.2.0, Xwayland must now be started with "-enable-ei-portal" to connect to the portal. * Compositors (who typically spawn Xwayland rootless) must now pass this option to get the same behaviour as 23.2.x. * Finally, Xwayland now uses libbsd-overlay instead of libbsd. ==== yast2 ==== Version update (4.6.2 -> 5.0.2) Subpackages: yast2-logs - Fix firewalld zones reader adapting it to the new firewall-cmd - -list-all-zones output format (bsc#1216534) - 5.0.2 - Fix case-insensitive finding of LICENSE.*.TXT (bsc#1215698) - 5.0.1 - 5.0.0 (bsc#1185510) ==== yast2-add-on ==== Version update (4.6.1 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-alternatives ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-apparmor ==== Version update (4.6.2 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-auth-client ==== Version update (4.6.1 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-auth-server ==== Version update (4.6.2 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-configuration-management ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-control-center ==== Version update (4.6.1 -> 5.0.0) Subpackages: yast2-control-center-qt - 5.0.0 (bsc#1185510) ==== yast2-core ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-country ==== Version update (5.0.1 -> 5.0.2) Subpackages: yast2-country-data - BuildRequire kbd to fix the build (bsc#1211104) - 5.0.2 ==== yast2-drbd ==== Version update (4.6.1 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-firewall ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-firstboot ==== Version update (4.6.1 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-ftp-server ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-hardware-detection ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-iscsi-client ==== Version update (4.6.0 -> 5.0.1) - Add support packages on demand (bsc#1214273) - 5.0.1 - 5.0.0 (bsc#1185510) ==== yast2-journal ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-kdump ==== Version update (4.6.1 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-ldap ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-mail ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-metapackage-handler ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-multipath ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-network ==== Version update (4.6.5 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-nfs-client ==== Version update (4.6.1 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-nfs-server ==== Version update (4.6.0 -> 5.0.0) Subpackages: yast2-nfs-common - 5.0.0 (bsc#1185510) ==== yast2-ntp-client ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-online-update ==== Version update (4.6.1 -> 5.0.0) Subpackages: yast2-online-update-frontend - 5.0.0 (bsc#1185510) ==== yast2-packager ==== Version update (4.6.2 -> 5.0.1) - Properly save the repo file when changing URL of a repository from a service (bsc#1214135) - Also display a warning when changing URL of a service repository, the change might be lost after the service is refreshed - 5.0.1 - 5.0.0 (bsc#1185510) ==== yast2-pam ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-perl-bindings ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-pkg-bindings ==== Version update (4.6.2 -> 5.0.2) - Pkg.SourceEditSet() - Allow setting the repository service name (related to bsc#1214135) - 5.0.2 - Fixed crash in the Pkg.Commit() function when passing "exclude_docs" or "no_signature" options (bsc#1215238) - 5.0.1 - 5.0.0 (bsc#1185510) ==== yast2-printer ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-proxy ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-ruby-bindings ==== Version update (4.6.2 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-samba-client ==== Version update (4.6.1 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-samba-server ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-scanner ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-security ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-services-manager ==== Version update (4.6.1 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-slp ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-snapper ==== Version update (4.6.1 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-squid ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-storage-ng ==== Version update (5.0.1 -> 5.0.3) - GuidedProposal: new internal setting to control how existing swap partitions are reused. Relevant for Agama and related to bsc#1175535 and bsc#1215639. - 5.0.3 - New MdLevel value for linear RAIDs (bsc#1215022) - 5.0.2 ==== yast2-sudo ==== Version update (4.6.1 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-sysconfig ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-tftp-server ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-theme ==== Version update (4.6.0 -> 5.0.1) Subpackages: yast2-theme-breeze - Dropped unmaintained "gulp-stylelint" internal development dependency - Manually updated the internal development dependencies to the latest NPM packages - The stylesheets have been rebuilt with the new dependencies - Updated README.md - 5.0.1 - 5.0.0 (bsc#1185510) ==== yast2-transfer ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-tune ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-update ==== Version update (4.6.1 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-vm ==== Version update (4.6.1 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-vpn ==== Version update (4.6.1 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-x11 ==== Version update (5.0.1 -> 5.0.2) - Prevent testX from hanging in second stage if no supported WM can be started (bsc#1216297) - 5.0.2 ==== yast2-xml ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== yast2-ycp-ui-bindings ==== Version update (4.6.0 -> 5.0.0) - 5.0.0 (bsc#1185510) ==== zeromq ==== Version update (4.3.4 -> 4.3.5) Subpackages: libzmq5 zeromq-tools - update to 4.3.5: * Relicensing from LGPL-3.0+ (with custom exceptions) to MPL-2.0 is now complete. libzmq is now distributed under the Mozilla Public License 2.0. Relicensing grants have been collected from all relevant authors, and some functionality has been clean-room reimplemented where that was not possible. In layman terms, the new license provides the same rights and obligations as before. Source files are now tagged using the SPDX license identifier format. Details of the relicensing process can be seen at: #2376 Relicensing grants have been archived at: https://github.com/rlenferink/libzmq-relicense A special thanks to everybody who helped with this long and difficult task, with the process, the reimplementations, the collections and everything else. * New DRAFT (see NEWS for 4.2.0) socket options: ZMQ_BUSY_POLL will set the SO_BUSY_POLL socket option on the underlying sockets, if it is supported. ZMQ_HICCUP_MSG will send a message when the peer has been disconnected. ZMQ_XSUB_VERBOSE_UNSUBSCRIBE will configure a socket to pass all unsubscription messages, including duplicated ones. ZMQ_TOPICS_COUNT will return the number of subscribed topics on a PUB/SUB socket. ZMQ_NORM_MODE, ZMQ_NORM_UNICAST_NACK, ZMQ_NORM_BUFFER_SIZE, ZMQ_NORM_SEGMENT_SIZE, ZMQ_NORM_BLOCK_SIZE, ZMQ_NORM_NUM_PARITY, ZMQ_NORM_NUM_AUTOPARITY and ZMQ_NORM_PUSH to control various aspect of NORM sockets. See doc/zmq_setsockopt.txt and doc/zmq_getsockopt.txt for details. * New DRAFT (see NEWS for 4.2.0) zmq_ppoll APIs was added that differs from zmq_poll in the same way that ppoll differs from poll. See doc/zmq_ppoll.txt for details. * Various bug fixes and performance improvements. - qemu-user.patch: upstreamed, removed ==== zlib ==== Version update (1.2.13 -> 1.3) Subpackages: libminizip1 libz1 - Update to 1.3: * Building using K&R (pre-ANSI) function definitions is no longer supported. * Fixed a bug in deflateBound() for level 0 and memLevel 9. * Fixed a bug when gzungetc() is used immediately after gzopen(). * Fixed a bug when using gzflush() with a very small buffer. * Fixed a crash when gzsetparams() is attempted for a transparent write. * Fixed test/example.c to work with FORCE_STORED. * Fixed minizip to allow it to open an empty zip file. * Fixed reading disk number start on zip64 files in minizip. * Fixed a logic error in minizip argument processing. - Added patches: * zlib-1.3-IBM-Z-hw-accelerated-deflate-s390x.patch - Refreshed patches: * zlib-1.2.12-add-optimized-slide_hash-for-power.patch * zlib-1.2.12-add-vectorized-longest_match-for-power.patch * zlib-1.2.12-adler32-vector-optimizations-for-power.patch * zlib-1.2.13-optimized-s390.patch * zlib-format.patch * zlib-no-version-check.patch - Removed patches: * bsc1210593.patch * zlib-1.2.13-fix-bug-deflateBound.patch * zlib-1.2.12-s390-vectorize-crc32.patch * zlib-1.2.13-IBM-Z-hw-accelerated-deflate-s390x.patch * zlib-1.2.12-add-optimized-slide_hash-for-power.patch * zlib-1.2.12-fix-invalid-memory-access-on-ppc-and-ppc64.patch * zlib-1.2.12-add-vectorized-longest_match-for-power.patch * zlib-1.2.12-adler32-vector-optimizations-for-power.patch - Fix CVE-2023-45853, integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6, bsc#1216378 * CVE-2023-45853.patch