Packages changed: AppStream (0.16.3 -> 0.16.4) avahi avahi-glib2 bash (5.2.15 -> 5.2.21) bind (9.18.19 -> 9.18.20) btrfsprogs (6.5.1 -> 6.6.2) createrepo_c dnsmasq emacs flatpak (1.15.4 -> 1.15.6) freerdp fwupd (1.9.7 -> 1.9.8) gdb gnome-bluetooth (42.6 -> 42.7) gnome-control-center (45.1 -> 45.1+14) google-noto-fonts grub2 gstreamer (1.22.6 -> 1.22.7) gstreamer-plugins-bad (1.22.6 -> 1.22.7) gstreamer-plugins-base (1.22.6 -> 1.22.7) gstreamer-plugins-good (1.22.6 -> 1.22.7) gstreamer-plugins-libav (1.22.6 -> 1.22.7) gstreamer-plugins-rs (1.22.6 -> 0.11.2) gstreamer-plugins-ugly (1.22.6 -> 1.22.7) harfbuzz (8.2.2 -> 8.3.0) jq libadwaita (1.4.0 -> 1.4.0+12) libgcrypt (1.10.2 -> 1.10.3) libportal libstorage-ng (4.5.156 -> 4.5.157) libuv (1.46.0 -> 1.47.0) lua54 makedumpfile (1.7.3 -> 1.7.4) nodejs21 (21.1.0 -> 21.2.0) openssl-1_1 openssl-3 ovmf patterns-media perl-IO-Socket-SSL (2.083 -> 2.84.0) perl-Mail-AuthenticationResults (2.20230112 -> 2.20231031) pipewire (0.3.84 -> 0.3.85) plasma5-openSUSE (84.87~git20230131T131056~433af24 -> 84.87~git20231117T211718~757fefa) poppler (23.10.0 -> 23.11.0) poppler-qt5 (23.10.0 -> 23.11.0) python-Twisted python-psutil (5.9.5 -> 5.9.6) python-rich (13.5.2 -> 13.7.0) python-sniffio qemu qt6-base rubygem-jaro_winkler (1.5.4 -> 1.5.6) rubygem-llhttp-ffi (0.4.0 -> 0.5.0) rubygem-nokogiri (1.13.9 -> 1.15.4) rubygem-passenger (6.0.17 -> 6.0.18) rubygem-rails-html-sanitizer (1.5.0 -> 1.6.0) shared-mime-info (2.3 -> 2.4) tgt (1.0.85 -> 1.0.89) vte webkit2gtk3 (2.42.1 -> 2.42.2) webkit2gtk3-soup2 (2.42.1 -> 2.42.2) xen (4.17.2_04 -> 4.18.0_02) xfce4-notifyd xfce4-whiskermenu-plugin (2.8.0 -> 2.8.1) === Details === ==== AppStream ==== Version update (0.16.3 -> 0.16.4) Subpackages: libAppStreamQt2 libappstream4 - Update to version 0.16.4: * Features: - Allow hyphens in the last segment of a component-ID - Implement the developer element for unique developer IDs - Add meson overrides * Bugfixes: - meson: Prevent building attempts with MSVC - meson: Avoid potentially bad sed backup filename when fixing .pc file * Miscellaneous: Make sed invocation more portable - Rebase patch with quilt. ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - avahi-autoipd: only migrate files owned by avahi user if said user exists: if the user does not exist (fresh installs), then there is no chance any file is owned by the user (boo#1216730). ==== avahi-glib2 ==== Subpackages: libavahi-glib1 libavahi-gobject0 libavahi-ui-gtk3-0 - avahi-autoipd: only migrate files owned by avahi user if said user exists: if the user does not exist (fresh installs), then there is no chance any file is owned by the user (boo#1216730). ==== bash ==== Version update (5.2.15 -> 5.2.21) Subpackages: bash-doc bash-sh - Declare token YYEOF to be able to support older bison versions as well - Be sure to have a usable bison installed at build time - Add upstream patches * bash52-021 There is an off-by-one error that causes command substitutions to fail when they appear in a word expansion inside a here-document. * bash52-020 The parser did not allow `time' to appear as the first reserved word in a command substitution. * bash52-019 There are some cases where the shell reaped a background (asynchronous) job and would incorrectly try to set the terminal's process group back to the shell's. In these cases it never set the terminal process group to that jobs's process group initially, so resetting it is incorrect. * bash52-018 There are two problems with returning tokens to yyparse() when the shell encounters a syntax error or when it reads EOF. When reading a WORD token, the parser has to return the correct value to yyparse. Previous versions returned a value < 0, which the bash parser translated into YYERRCODE for bison, and in newer versions of bison, the appropriate reset actions didn't happen. We should return YYUNDEF, which bison uses for `invalid token'. Since we can return a token < 0 for both invalid tokens and EOF, the bash tokenizer needs to differentiate between those two cases. * bash52-017 In certain cases, using the `.' builtin in a subshell would optimize away the rest of the commands in the subshell. * bash52-016 If an expression in an arithmetic for loop expands to NULL, the shell would crash. - Correct offsets of patches * bash-4.3-sigrestart.patch * bash-5.2.dif ==== bind ==== Version update (9.18.19 -> 9.18.20) Subpackages: bind-doc bind-utils - Update to release 9.18.20 Feature Changes: * The IP addresses for B.ROOT-SERVERS.NET have been updated to 170.247.170.2 and 2801:1b8:10::b. Bug Fixes: * If the unsigned version of an inline-signed zone contained DNSSEC records, it was incorrectly scheduled for resigning. This has been fixed. * Looking up stale data from the cache did not take local authoritative data into account. This has been fixed. * An assertion failure was triggered when lock-file was used at the same time as the named -X command-line option. This has been fixed. * The lock-file file was being removed when it should not have been, making the statement ineffective when named was started three or more times. This has been fixed. - Disable SLP by default for Factory and ALP (bsc#1214884) ==== btrfsprogs ==== Version update (6.5.1 -> 6.6.2) Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1 - update to 6.6.2 * squota: change key number of EXTENT_OWNER_REF_KEY, sync with kernel 6.7-rc1 * property set/get: completely skip char devices, trying to set properties and open /dev/watchdog* causes a reboot * other: build warnings, test updates, documentation updates - update to 6.6.1 * fix device scanning ioctl definition, accidental change to the 'forget' ioctl that breaks mounting multi-device filesystems - update to 6.6 * new global option --dry-run, now implemented for 'subvolume delete' * fi defrag: new option --step to defragment files in steps, report progress * balance: removed support for obsolete short syntax 'btrfs balance /path' * mkfs: print zone count for each device in the overview * check: * verify inline ref ordering * deprecate --clear-space-cache, moved to the 'rescue' group * rescue clear-space-cache: new command moved from 'btrfs check' implementing the same as option --clear-space-cache (to be deprecated and removed in the future) * dump-tree: output sequence number for inline refs * fixes: * fi resize: fallback to lowest devid when 1 does not exist, previously the command would fail with "No such device" * fi usage: fix "devices 0 != 1" message and broken output on multi-device filesystem * open files in non-blocking mode when reading fsid, this could hang when trying to open fifo files or some special character devices, was observed with 'prop set/get' * experimental: * mkfs: parametric zone size for emulated zoned mode * other: * cleanups refactoring * new and updated tests * CI updates * documentation updates - update to 6.5.3 * mkfs: * add short aliases for -O specification, block-group-tree (bgt), free-space-tree (fst), raid-stripe-tree (rst) * don't try to resize the image (namely when backed by file) when --rootdir contains sparse file larger than the image * also copy xattr/permissions/ugid/timestamps of the top --rootdir directory * add new option --device-uuid to let user specify exact uuid of the device item (only for single device filesystems) * check: * on zoned devices, use correct super block offsets when repairing * check inline extent refs order * subvolume create: add new option --parent to create missing path components of the given path (like mkdir -p) * rescue clear-ino-cache: new command moved from 'btrfs check' implementing the same as option --clear-ino-cache (to be deprecated and removed in the future) * dump-tree: allow '-' in tree identifier names for option -t * btrfstune: * drop short option and add long option to enable squota * tune space reservation and batch size for block-group-tree conversion * scrub status: print correct value of "Bytes scrubbed" for unfinished runs * qgroup show: fix crash when attempting to print path of stale qgroups * experimental features: * move build of raid-stripe-tree out for testing but it's still considered experimental * other: * shell completion updates * sync raid-stripe-tree code with kernel * build fixes * new and updated tests - update to 6.5.2 * new feature support: * raid-stripe-tree, new tree to track extent mapping for raid profiles, allows raid1*, raid0 and raid10 on zoned devices (kernel 6.7) * simple quotas, simplified accounting that does not track exclusive and shared extents (kernel 6.7) * mkfs with duplicate UUID on a single device, temp-fsid (kernel 6.7) * metadata_uuid: enhanced capabilities to repair partially updated fsid on multiple devices * other: * updated tests and CI * sync sources with kernel ==== createrepo_c ==== Subpackages: libcreaterepo_c1 python3-createrepo_c - remove unneeded file-devel dependency ==== dnsmasq ==== - SLP got dropped, remove config (bsc#1214884) ==== emacs ==== Subpackages: emacs-el emacs-eln emacs-info emacs-nox emacs-x11 etags - only use valgrind on 64 bit architectures ==== flatpak ==== Version update (1.15.4 -> 1.15.6) Subpackages: flatpak-remote-flathub libflatpak0 system-user-flatpak - Update to version 1.15.6: + In distributions that compile Flatpak to use a separate bubblewrap (bwrap) executable, version 0.8.0 is now required. + Enabling the optional Wayland security context feature requires libwayland-client, wayland-scanner >= 1.15 and wayland-protocols >= 1.32. + Add --device=input, for access to evdev devices in /dev/input + Update bundled copy of bubblewrap to version 0.8.0, and rely on its features: + Improve error message if seccomp is disabled in kernel config + Security hardening: set user namespace limit to 0, to prevent creation of nested user namespaces in a more robust way + For subsandboxes started by flatpak-portal, inherit environment variables from the flatpak run that started the original instance rather than from flatpak-portal, fixing behaviour of FLATPAK_GL_DRIVERS and similar features + Stop http transfers if a download in progress becomes very slow + Make it easier to configure extra languages, by picking them up from AccountsService if configured there + Add new flatpak_transaction_add_rebase_and_uninstall() API, allowing end-of-life apps to be replaced by their intended replacement more reliably + Create a private Wayland socket with the "security context" extension if available, allowing the compositor to identify connections from sandboxed apps as belonging to the sandbox + Update libglnx to 2023-08-29 + Use features of newer GLib versions if available + Turn off system-level crash reporting infrastructure during some unit tests that involve intentional assertion failures + Add anchors to link to sections of flatpak-metadata documentation + Bug fixes: - Avoid warnings processing symbolic links with GLib >= 2.77.0, and with GLib 2.76.0 (GLib 2.76.1 or later silences these warnings) - Bypass page cache for backend requests in revokefs, fixing installation errors with libostree 2023.4 - Show AppStream metadata in flatpak remote-info as intended - Don't let Flatpak apps inherit VK_DRIVER_FILES or VK_ICD_FILENAMES from the host system, which would be wrong for the sandbox - Fix build failure with prereleases of libappstream 0.17.x - Forward-compatibility with libappstream 1.0 - Fix installation with Meson if configured with - Dauto_sideloading=true - Fix a memory leak - Fix compiler warnings - Make the tests fail more comprehensibly if a required tool is missing - Clean up /var/tmp/flatpak-cache-* directories on boot - Don't force GIO_USE_VFS=local for programs launched via flatpak-spawn - Clarify documentation for D-Bus name ownership + Internal changes: - Split up large source files into smaller modules, reducing internal circular dependencies - Re-synchronize code backported from GLib with the version in GLib - Clarify documentation for D-Bus name ownership - Make the flags used to apply "extra data" clearer - Use glnx_opendirat() where possible + Updated translations. - Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and pkgconfig(wayland-protocols) BuildRequires and pass with-wayland-security-context=yes to configure: Enable the optional Wayland security context. ==== freerdp ==== Subpackages: libfreerdp2-2 libwinpr2-2 - Fix winpr-devel dependencies. WinePRTargets-*.cmake defines CMake targets for winpr-hash and winpr-makecert. They have to be present. ==== fwupd ==== Version update (1.9.7 -> 1.9.8) Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Re-add fwupd-bsc1130056-change-shim-path.patch: patch was dropped in error (boo#1217138). - Update to version 1.9.8: + This release adds the following features: - Add a DP AUX device subclass and port the Synaptics MST plugin to it - Add a feature flag for non-generic requests where translations are required - Hide generic VID/PIDs to avoid accidental firmware matches - Optionally set the modem carrier configuration as the branch name - Rename 'fwupdmgr sync-bkc' to 'fwupdmgr sync' and also consider the branch - Require additional requirements for devices using non-OEM USB VIDs - Set the waiting-for-user status when sending a request - Support uSWID SBoM data with LZMA compressed payloads + This release adds support for the following hardware: - Kinetic SST/MST DisplayPort converters - Wacom Cintiq Pros (DTH172, DTH227) ==== gdb ==== - Maintenance script qa.sh: * Update PR31004 kfail. - Patches added (backport from gdb-patches): * gdb-fix-segfault-in-for_each_block-part-1.patch - Maintenance script qa.sh: * Update PR28561 kfail. * Remove PR31015 kfail. * Remove PR30547 kfail. - Patches added (backport from master): * gdb-symtab-add-producer_is_gas.patch * gdb-symtab-work-around-gas-pr28629.patch * gdb-tdep-fix-nr-array-elements-in-ppc64_aggregate_ca.patch * gdb-testsuite-fix-gdb.python-py-breakpoint.exp-with-.patch * gdb-tui-fix-segfault-in-tui_find_disassembly_address.patch * gdb-tui-fix-wmaybe-uninitialized-in-tui_find_disasse.patch * gdb-testsuite-add-wait_for_msg-arg-to-term-resize-fi.patch - Patches added (backport from gdb-patches): * gdb-fix-segfault-in-for_each_block-part-2.patch * gdb-tui-allow-command-window-of-1-or-2-lines.patch * gdb-tui-fix-resizing-of-terminal-to-1-or-2-lines.patch - Maintenance script qa.sh: * Remove PR28467, PR29418, PR29420, PR29814 and PR29408 kfail. * Remove gdb.tui/tui-layout-asm-short-prog.exp kfail. * Remove commit f68eca29d3b, 29004660c94, 301fe55e9c4, 4d88ae0c7b5, e7d69e72bfd, 8b272d7671f, 85819864f7c, 167f3beb655 and a0eda3df5b7 kfails. * Add PR31015 kfail. * Remove PR29793 kfail. * Remove gdb.arch/powerpc-bcl-prologue.exp kfail. * Remove PR29813 and PR29816 kfail. - Maintenance script qa.sh: * Update PR28561 kfail. * Update PR29781 kfail. - Maintenance script qa-local.sh: * Add "Verify quilt setup" step. - Patches added (backport from master): * gdb-symtab-handle-self-reference-die.patch * gdb-symtab-handle-self-reference-in-inherit_abstract.patch * gdb-symtab-add-optimized-out-static-var-to-cooked-in.patch - Maintenance script qa.sh: * Add comment to kfail for PR30528. * Add UNRESOLVED kfail for gdb.base/gcore-excessive-memory.exp. * Add UNRESOLVED kfail for PR31001. * Remove PR27238 kfail. * Add powerpc64le hw watchpoint kfails. * Add PR31004 kfail. * Add PR30531 kfail. - Patches added (backport from master): * xcoffread.c-fix-werror-dangling-pointer-issue-with-m.patch * avoid-manual-memory-management-in-go-lang.c.patch * gdb-go-handle-v3-go_0-mangled-prefix.patch - Patches added (backport from master): * gdb-symtab-don-t-deduplicate-variables-in-gdb-index.patch - Patches dropped (requires unsupported command): * gdb-testsuite-add-wait-for-index-cache-in-gdb.dwarf2.patch - Maintenance script qa.sh: * Added PR30528 kfail. - Patches added (manual import from fedora rawhide @ 52a4dab): * gdb-rhbz1773651-gdb-index-internal-error.patch - Patches added (backport from master): * gdb-support-rseq-auxvs.patch * gdb-symtab-fix-line-number-of-static-const-class-mem.patch * gdb-symtab-fix-too-many-symbols-in-gdbpy_lookup_stat.patch * gdb-symtab-handle-pu-in-iterate_over_some_symtabs.patch * gdb-symtab-work-around-pr-gas-29517.patch * gdb-testsuite-add-kfail-for-pr-ada-30908.patch * gdb-testsuite-add-xfail-for-gdb-29965-in-gdb.threads.patch * gdb-testsuite-fix-gdb.ada-mi_task_arg.exp-with-newer.patch * gdb-testsuite-fix-gdb.arch-i386-signal.exp-on-x86_64.patch * gdb-testsuite-fix-gdb.cp-m-static.exp-regression-on-.patch * gdb-testsuite-fix-gdb.dwarf2-nullptr_t.exp-with-cc-w.patch * gdb-testsuite-fix-regexps-in-gdb.base-step-over-sysc.patch * gdb-symtab-find-main-language-without-symtab-expansi.patch * gdb-testsuite-add-wait-for-index-cache-in-gdb.dwarf2.patch - Patches moved (from "Backport from gdb-patches" to "Backports from master, available in next release"): * gdb-cli-handle-pending-c-after-rl_callback_read_char.patch * gdb-testsuite-add-have_host_locale.patch - Maintenance script qa.sh: * Remove PR28463, PR28108, PR29247 and PR29160 kfails. * Remove PR30540, PR30908, PR29965 kfails. * Remove gdb.ada/mi_task_arg.exp kfail. - Limit "Suggests: %{python}-Pygments" to SLE-15 and later. - Mention import-fedora.sh to fix warning. - Maintenance script qa.sh: * Update kfail for PR28561. - Maintenance script import-fedora.sh: * New script. Move skipped patches list from gdb.spec to script. - Update to fedora 38 @ 82cc8e0. - Patch renamed: * pass-const-frame_info_ptr-reference-for-skip_-langua.patch -> gdb-rhbz2192105-ftbs-dangling-pointer - Patches added: * gdb-bz2237392-dwarf-obstack-allocation.patch * gdb-bz2237515-debuginfod-double-free.patch * gdb-rhbz2160211-excessive-core-file-warnings.patch * gdb-rhbz2196395-debuginfod-legacy-openssl-crash.patch * gdb-rhbz2233961-CVE-2022-4806.patch * gdb-rhbz2233965-memory-leak.patch ... changelog too long, skipping 14 lines ... * Remove PR27813 kfail and corresponding todo. ==== gnome-bluetooth ==== Version update (42.6 -> 42.7) Subpackages: libgnome-bluetooth-3_0-13 libgnome-bluetooth-ui-3_0-13 typelib-1_0-GnomeBluetooth-3_0 - Update to version 42.7: + Fix bugs that stopped the Obex Push server from automatically accepting files from paired devices. + Fix bugs that caused the device's Connection switch to appear out of sync with the connection state. + Build fixes. + Updated translations. ==== gnome-control-center ==== Version update (45.1 -> 45.1+14) Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces - Update to version 45.1+14: + user-accounts: Sync lock tooltip for the Avatar + privacy: Fix crash from free bug in cc-camera-page + default-apps: Workaround AdwComboRow item selection at startup + network-connection-editor: Align Routes labels + Updated translations. ==== google-noto-fonts ==== - make build reproducible (boo#1047218) ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Fix XFS regression in 2.12~rc1 and support large extent counters * 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch * 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch * 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch ==== gstreamer ==== Version update (1.22.6 -> 1.22.7) Subpackages: gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.22.7: + Highlighted bugfixes: - Security fixes for the MXF demuxer and AV1 codec parser - glfilter: Memory leak fix for OpenGL filter elements - d3d11videosink: Fix toggling between fullscreen and maximized, and window switching in fullscreen mode - DASH / HLS adaptive streaming fixes - Decklink card device provider device name string handling fixes - interaudiosrc: handle non-interleaved audio properly - openh264: Fail gracefully if openh264 encoder/decoder creation fails - rtspsrc: improved whitespace handling in response headers by certain cameras - v4l2codecs: avoid wrap-around after 1000000 frames; tiled formats handling fixes - video-scaler, audio-resampler: downgraded "Can't find exact taps" debug log messages - wasapi2: Don't use global volume control object - Rust plugins: various improvements in aws, fmp4mux, hlssink3, livesync, ndisrc, rtpav1depay, rsfilesink, s3sink, sccparse - WebRTC: various webrtchttp, webrtcsrc, and webrtcsink improvements and fixes - Cerbero build tools: recognise Windows 11; restrict parallelism of gst-plugins-rs build on small systems - Packages: ca-certificates update; fix gio module loading and TLS support on macOS + gstreamer: - debugutils: provide gst_debug_bin_to_dot_data() implementation even if debug system is disabled - Rebase reduce-required-meson.patch ==== gstreamer-plugins-bad ==== Version update (1.22.6 -> 1.22.7) Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.22.7: + audiobuffersplit: disable max-silence-time if set to 0 + libde265: Do not decode the non 4:2:0 8 bits format + codecparsers: av1: Clip max tile rows and cols values + codecs: h265: Do not free slice header before using it + d3d11converter: Fix 10/12bits planar output + d3d11decoder: Fix crash on negotiate() when decoder is not configured + d3d11videosink: Fix toggling between fullscreen and maximized + d3d11videosink: Fix window switching in case of fullscreen mode + d3d11screencapturesrc: Fix mouse cursor blending + decklink: Fix broken COM string conversion + decklink: Decklink Device Provider wrongly parses SDK strings + gstwayland: Don't depend on wayland-protocols + interaudiosrc: Add audio meta to buffers containing non-interleaved samples + kmssink: Add TIDSS auto-detection + mfvideoencoder: Fix typo in template caps + mxfdemux: Store GstMXFDemuxEssenceTrack in their own fixed allocation + nvcodec: fix bounds for auto-select GPU enumeration + openh264: Fail gracefully if openh264 encoder/decoder creation fails + tsmux: More cleanups + tsmux: Fill padding packets with stuffing bytes + v4l2codecs: Fix tiled formats stride conversion + v4l2videodec: Correctly free caps to avoid memory leak + wasapi2: Don't use global volume control object + wasapi2device: Ignore activation failed device - Rebase reduce-required-meson.patch ==== gstreamer-plugins-base ==== Version update (1.22.6 -> 1.22.7) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.22.7: + audioaggregator, audiomixer: Make access to the pad list thread-safe while mixing + basetextoverlay: Fix overlay never rendering again if width reaches 1px + glfiter: Protect GstGLContext access + glfilter: Only add parent meta if inbuf != outbuf + macOS: fix huge memory leak with glfilter-based elements + rtspconnection: Ignore trailing whitespace in rtsp headers + video-scaler, audio-resampler: downgrade 'can't find exact taps' to debug - Rebase reduce-required-meson.patch ==== gstreamer-plugins-good ==== Version update (1.22.6 -> 1.22.7) Subpackages: gstreamer-plugins-good-extra gstreamer-plugins-good-gtk gstreamer-plugins-good-jack gstreamer-plugins-good-qtqml - Update to version 1.22.7: + adaptivedemux2: Do not submit_transfer when cancelled + adaptivedemux2: Call GTasks's return functions for blocking tasks + flacenc: Correctly handle up to 255 cue entries + flvmux: set the src segment position as running time + imagesequencesrc: fix deadlock when feeding the same image in a loop + pngenc: output one frame only in snapshot mode and mark output frames as I-frames + qmlglsrc: sync on the streaming thread + souphttpsrc: Chain up to finalize to fix memory leak + wavparse: fix buffer leak with adtl tag + v4l2codecs: Avoid QBUF/DQBUF struct timeval .tv_usec wrap-around at frame 1000000 + v4l2codecs: Fix tiled formats stride conversion - Rebase reduce-required-meson.patch ==== gstreamer-plugins-libav ==== Version update (1.22.6 -> 1.22.7) - Update to version 1.22.7: + No changes, stable bump only. - Rebase reduce-required-meson.patch. ==== gstreamer-plugins-rs ==== Version update (1.22.6 -> 0.11.2) - Use xz format in the _service file since services in SLE SP6 don't support zstd. - Update to version 0.11.2: + Fixed - filesink / s3sink: Set sync=false to allow processing faster than real-time. - hlssink3: Various minor bugfixes and cleanups. - livesync: Various minor bugfixes and cleanups that should make the element work more reliable. - s3sink: Fix handling of non-ASCII characters in URIs and keys. - sccparse: Parse SCC files that are incorrectly created by CCExtractor. - ndisrc: Assume > 8 channels are unpositioned. - rtpav1depay: Skip unexpected leading fragments instead of repeatedly warning - about the stream possibly being corrupted. - rtpav1depay: Don't push stale temporal delimiters downstream but wait until a complete OBU is collected. - whipwebrtcsink: Use correct URL during redirects. - webrtcsink: Make sure to not miss any ICE candidates. - webrtcsink: Fix deadlock when calling set-local-description. - webrtcsrc: Fix reference cycles that prevented the element from being freed. - webrtcsrc: Define signaller property as CONSTRUCT_ONLY to make it actually possible to set different signallers. - webrtc: Update livekit signaller to livekit 0.2. - meson: Various fixes to the meson-based build system. + Added - audiornnoise: Attach audio level meta to output buffers. - hlssink3: Allow adding EXT-X-PROGRAM-DATE-TIME tag to the manifest. - webrtcsrc: Add turn-servers property. + Changed - aws/webrtc: Update to AWS SDK 0.57/0.35. - The last update to 1.22.6 was actually a downgrade to the 0.9 branch that upstream seems to tag following the gstreamer version number but we should stick to the gstreamer-plugins-rs versioning scheme. - To see the changes between 0.10.11 and 0.11.2, please check: https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/blob/main/CHANGELOG.md - Add a vendor-for-dav1d-1.3.0.tar.zst vendor file specifically for Tumbleweed where dav1d 1.3.0 is used and is not supported by the dav1d crate used in 0.11.2 by default, so in this manually created vendor file, the dav1d 0.10 crate is forced. - Add ix86 to excluded arches. ==== gstreamer-plugins-ugly ==== Version update (1.22.6 -> 1.22.7) - Update to version 1.22.7: + No changes, stable bump only. - Rebase reduce-required-meson.patch. ==== harfbuzz ==== Version update (8.2.2 -> 8.3.0) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 8.3.0: + Improve memory barrier to fix potential segfaults + Various subsetting and instancing fixes. + Rename “hb-subset” option “--instance” to “--variations” to match the other tools, old option kept as an alias - -devel: fix no-library-dependency-on libharbuzz-cairo0 ==== jq ==== Subpackages: libjq1 - build with valgrind only on 64 bit architectures ==== libadwaita ==== Version update (1.4.0 -> 1.4.0+12) Subpackages: libadwaita-1-0 typelib-1_0-Adw-1 - Update to version 1.4.0+12: + docs: Use `` instead of ` for `AdwNavigationSplitView` + navigation-view: Add missing space to warning message + tab-view: Fix typo causing crash on AdwTabPages dispose + combo-row: Make the selected indicator a presentational element + tab-view: pages model can outlive it's view + tab-view: keep view alive during ::page-detached + about-window: Fix build with newer libappstream (boo#1217047) + combo-row: Preserve focus when opening the popover + Revert "Add some default options to the GTK subproject" + Updated translations. ==== libgcrypt ==== Version update (1.10.2 -> 1.10.3) - Update to 1.10.3: * Bug fixes: - Fix public key computation for other EdDSA curves. [rC469919751d6e] - Remove out of core handler diagnostic in FIPS mode. [T6515] - Check that the digest size is not zero in gcry_pk_sign_md and gcry_pk_verify_md. [T6539] - Make store an s-exp with \0 is considered to be binary. [T6747] - Various constant-time improvements. * Portability: - Use getrandom call only when supported by the platform. [T6442] - Change the default for --with-libtool-modification to never. [T6619] * Release-info: https://dev.gnupg.org/T6817 * Remove patch upstream libgcrypt-1.10.0-out-of-core-handler.patch ==== libportal ==== Subpackages: libportal-gtk3-1 libportal-gtk4-1 typelib-1_0-Xdp-1_0 - Rename package name from libportal-1 to libportal1, this is necessary to conform to the shared library policy: https://en.opensuse.org/openSUSE:Shared_library_packaging_policy#Package_naming ==== libstorage-ng ==== Version update (4.5.156 -> 4.5.157) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#965 - refactored class SystemCmd - fixed passing huge amount of data to stdin - coding style - 4.5.157 ==== libuv ==== Version update (1.46.0 -> 1.47.0) - libuv.keyring: added keyid 79A67C55A3679C8B Jameson Nash - refresh fix_tests.patch - Update to 1.47.0 * test: fix license blurb (Ben Noordhuis) * linux: fix harmless warn_unused_result warning (Shuduo Sang) * darwin: fix build warnings (小明) * linux: don't use io_uring on pre-5.10.186 kernels (Ben Noordhuis) * fs: fix WTF-8 decoding issue (Jameson Nash) * test: enable disabled tcp_connect6_error_fault Ben Noordhuis)( * test: enable disabled fs_link (Ben Noordhuis) * test: enable disabled spawn_same_stdout_stderr (Ben Noordhuis) * linux: handle UNAME26 personality (Ben Noordhuis) * build: move cmake_minimum_required version to 3.9 (Keith Winstein) * unix: set ipv6 scope id for link-local addresses (Ben Noordhuis) * unix: match kqueue and epoll code (Trevor Norris) * win,spawn: allow `%PATH%` to be unset (Kyle Edwards) * doc: switch to Furo, a more modern Sphinx theme (Saúl Ibarra Corretgé) * darwin: make TCP_KEEPINTVL and TCP_KEEPCNT available (小明) * win,fs: avoid winapi macro redefinition (Brad King) * linux: add missing riscv syscall numbers (michalbiesek) * doc: fix broken "Shared library" Wikipedia link (Alois Klink) * unix: get mainline kernel version in Ubuntu (Santiago Gimeno) * unix: get mainline kernel version in Debian (Ben Noordhuis) * unix: disable io_uring close on selected kernels (Santiago Gimeno) * test: skip tests when ipv6 is not available (Santiago Gimeno) * ibmi: implement ifaddrs, getifaddrs, freeifaddrs (Abdirahim Musse) * unix: reset signal counters after fork (SmorkalovG) * unix: remove pread/preadv conditionals (Ben Noordhuis) * unix: remove pwrite/pwritev conditionals (Ben Noordhuis) * darwin: remove workaround for data corruption bug (Ben Noordhuis) * src: default to stream=stderr in handle printer (Ben Noordhuis) * test: switch to new-style ASSERT_EQ macros (Pleuvens) * zos: correctly get cpu model in uv_cpu_info() (jolai) * test: fix get_passwd2 on IBM i (Abdirahim Musse) * unix: don't malloc on sync uv_fs_read (Ben Noordhuis) * freebsd: get fs event path with fcntl(F_KINFO) (David Carlier) * test: switch from ASSERT_* to ASSERT_PTR_* (Pleuvens) * darwin: workaround apple pthread_cond_wait bug (Julien Roncaglia) * doc: uv_close should be called after exit callback (Pleuvens) * test: 192.0.2.0/24 is the actual -TEST-NET-1 (prubel) * unix: add back preadv/pwritev fallback (Ben Noordhuis) * unix: rename variable for consistency (Ben Noordhuis) * unix: merge read/write code into single functions (Ben Noordhuis) * doc: filename arg to uv_fs_event_cb can be NULL (Ben Noordhuis) * build,win: we need to link against shell32.lib (Per Allansson) * unix: no preadv/pwritev workaround if not needed (Jeffrey H. Johnson) * build: add CI for Windows ARM64 (build only) (Per Allansson) * linux: disable io_uring on 32 bits arm systems (Ben Noordhuis) * misc: export WTF8 conversion utilities (Jameson Nash) * build: fix libuv.a file name for cmake (Jameson Nash) * build: add windows ubsan and clang ci (Matheus Izvekov) * win: improve accuracy of ProductName between arch (Christian Heimlich)) ==== lua54 ==== - Add skip-tests_big-endian.patch to skip little-endian-only tests (bsc#1216930). ==== makedumpfile ==== Version update (1.7.3 -> 1.7.4) - Enable build for riscv64. - Reduce compatibility cruft. - Update to 1.7.4: * Add riscv64 support * Support kernels up to v6.6 (x86_64) - Drop upstreamed patches: * ppc64-do-page-traversal-if-vmemmap_list-not-po.patch * Support-struct-module_memory-on-Linux-6.4-and-.patch - Build with a bundled eppic git snapshot. ==== nodejs21 ==== Version update (21.1.0 -> 21.2.0) Subpackages: npm21 - Update to 21.2.0 * esm: add import.meta.dirname and import.meta.filename * fs: add stacktrace to fs/promises * lib: + add --no-experimental-global-navigator CLI flag + add navigator.language & navigator.languages + add navigator.platform * stream: + add support for deflate-raw format to webstreams compression + use Array for Readable buffer + optimize creation * test_runner: + adds built in lcov reporter + test_runner: add Date to the supported mock APIs + test_runner, cli: add --test-timeout flag For details see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V21.md#21.2.0 - nodejs20-zlib-1.3.patch: upstreamed, dropped - node-gyp-addon-gypi.patch: rebased - fix_ci_tests.patch: partially upstreamed ==== openssl-1_1 ==== Subpackages: libopenssl1_1 - Security fix: [bsc#1216922, CVE-2023-5678] * Fix excessive time spent in DH check / generation with large Q parameter value. * Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. * Add openssl-CVE-2023-5678.patch - Remove trailing spaces from changelog ==== openssl-3 ==== Subpackages: libopenssl3 - Security fix: [bsc#1216922, CVE-2023-5678] * Fix excessive time spent in DH check / generation with large Q parameter value. * Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. * Add openssl-CVE-2023-5678.patch ==== ovmf ==== Subpackages: qemu-uefi-aarch64 - Add ovmf-UefiCpuPkg-BaseXApicX2ApicLib-fix-CPUID_V2_EXTENDED_.patch fix CPUID_V2_EXTENDED_TOPOLOGY detection (bsc#1216472) - Sync change log to prepare for sending edk2-stable202308 ovmf to SLE15-SP6 (jsc#PED-6233, jsc#PED-5523) - Removed the following backported patches because they are merged to edk2 mainline: - ovmf-MdeModulePkg-PiSmmCore-SmmEntryPoint-underflow-CVE-2.patch cab1f02565 MdeModulePkg/PiSmmCore: SmmEntryPoint underflow (CVE-2021-38578) (bsc#1196741) ==== patterns-media ==== - Drop libpurple-meanwhile plugin from the DVD; as the media-rest_dvd pattern was not installable for so long, some cruft that has not been missing from the DVD has accumulated. - Do not recommend 32bit libraries on the DVD, except glibc-32bit. - Drop seamonkey from the rest_dvd pattern recommends: it did not end up on the DVD anyway due to other locks. - Drop hylafax as well: has not been on the DVD until below pattern fix was merged. - Also drop patterns-network_admin: quite large with nagios and wireshark. - Drop pulseaudio (which was missing for a while already) as we switched long ago to pipewire. - No longer require breeze5-wallpapers: this has been locked from the DVD for a long time already, but the requirement here actually makes the entire patterns-media-rest_dvd fall off the DVD. ==== perl-IO-Socket-SSL ==== Version update (2.083 -> 2.84.0) - updated to 2.084 see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes 2.084 2023/11/06 - various fixes for edge cases and build: #136, #141, #142, #143, #145 - update documentation to reflect default SSL_version ==== perl-Mail-AuthenticationResults ==== Version update (2.20230112 -> 2.20231031) - updated to 2.20231031 see /usr/share/doc/packages/perl-Mail-AuthenticationResults/Changes 2.20231031 2023-10-31 23:57:33+00:00 UTC - Option to set more strict quoting of string ==== pipewire ==== Version update (0.3.84 -> 0.3.85) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 0.3.85 (1.0RC5): * Highlights - Fix an issue where a link could end up paused while not negotiated. - Fix an infinite recursion issue when finding runnable nodes. - Support XDG base directories when loading ACP config. - Fix MIDI event recording preview in Ardour. - Many more small fixes, cleanups and improvements. * PipeWire - Fix an issue where a link could end up paused while not negotiated. (#3619) - Fix an infinite recursion issue when finding runnable nodes by stopping the scan on feedback links around the driver. (#3621) - The system service now has better socket permissions. * Modules - Add support for uclamp. This allows the scheduler to make better informed decisions about where tasks should be placed, and what pstate to set for the CPU it is running on. - Emit warnings when applications are not doing the right locking instead of crashing. - Improve media.name for RAOP sinks. (#3801) - Support pause/resume in pipe-tunnel. (#3197) - Remove time rlimit when probing for realtime to avoid SIGXCPU. * SPA - Fix a bug where the resampler would be activated even when there is an ALSA pitch element. (#3628) - Improve resume from suspend in ALSA. (#3646) - Add option to expose ALSA controls as prop params. - Support XDG base directories when loading ACP config. This makes it possible to override the ACP config files. * Bluetooth - Schedule nodes in the same ISO group together. - More BAP fixes and cleanups. * JACK - Fix MIDI events from peer ports. This makes the MIDI event recording preview of Ardour work correctly. * GStreamer - Fix some error handling in the source and sink. * ALSA plugin - Improve poll descriptor handling. (#3648) * Docs - Many improvements to the layout and organization. ==== plasma5-openSUSE ==== Version update (84.87~git20230131T131056~433af24 -> 84.87~git20231117T211718~757fefa) Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE plasma5-workspace-branding-openSUSE sddm-theme-openSUSE - Update to version 84.87~git20231117T211718~757fefa: * Fix active titlebar color with OpenSUSEdark(alternate) color schemes ==== poppler ==== Version update (23.10.0 -> 23.11.0) Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools - version update to 23.11.0 core: * CairoOutputDev: Use internal downscaling algorithm if image exceeds Cairo's maximum dimensions. * Internal code improvements * Fix crash on malformed files utils: * pdftocairo: Add option to document logical structure if output is pdf * pdftocairo: EPS output should not contain %%PageOrientation ==== poppler-qt5 ==== Version update (23.10.0 -> 23.11.0) - version update to 23.11.0 core: * CairoOutputDev: Use internal downscaling algorithm if image exceeds Cairo's maximum dimensions. * Internal code improvements * Fix crash on malformed files utils: * pdftocairo: Add option to document logical structure if output is pdf * pdftocairo: EPS output should not contain %%PageOrientation ==== python-Twisted ==== Subpackages: python311-Twisted python311-Twisted-tls - Add CVE-2023-46137-HTTP-pipeline-response.patch (bsc#1216588, CVE-2023-46137) serializing pipelined HTTP requests. ==== python-psutil ==== Version update (5.9.5 -> 5.9.6) - update to version 5.9.6: * Enhancements + 1703: cpu_percent() and cpu_times_percent() are now thread safe, meaning they can be called from different threads and still return meaningful and independent results. + 2266: if Process class is passed a very high PID, raise NoSuchProcess instead of OverflowError. (patch by Xuehai Pan) + 2246: drop python 3.4 & 3.5 support. (patch by Matthieu Darbois) + 2290: PID reuse is now pre-emptively checked for Process.ppid() and Process.parents(). + 2312: use ruff Python linter instead of flake8 + isort. It's an order of magnitude faster + it adds a ton of new code quality checks. * Bug fixes + 2195, [Linux]: no longer print exception at import time in case /proc/stat can't be read due to permission error. + 2268: bytes2human() utility function was unable to properly represent negative values. + 2284, [Linux]: Process.memory_full_info() may incorrectly raise ZombieProcess if it's determined via /proc/pid/smaps_rollup. + 2288, [Linux]: correctly raise ZombieProcess on Process.exe(), Process.cmdline() and Process.memory_maps() instead of returning a "null" value. + 2290: differently from what stated in the doc, PID reuse is not pre-emptively checked for Process.nice() (set), Process.ionice(), (set), Process.cpu_affinity() (set), Process.rlimit() (set), Process.parent(). - refresh skip_rlimit_tests_on_python2.patch - drop removal of shebang: fixed upstream ==== python-rich ==== Version update (13.5.2 -> 13.7.0) - update to version 13.7.0: * Added + Adds missing parameters to Panel.fit #3142 + Fixed + Some text goes missing during wrapping when it contains double width characters #3176 + Ensure font is correctly inherited in exported HTML #3104 + Fixed typing for FloatPrompt. - additional changes from 13.6.0: * Added Python 3.12 to classifiers. - additional changes from 13.5.3: * Fixed + Markdown table rendering issue with inline styles and links [#3115] + Fix Markdown code blocks on a light background #3123 ==== python-sniffio ==== - Remove dependency on curio completely. ==== qemu ==== Subpackages: qemu-arm qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-pr-helper qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios - Fix bsc#1216638: * target/s390x: Fix LAALG not updating cc_src * target/s390x: Fix CLC corrupting cc_src ==== qt6-base ==== Subpackages: libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6Sql6 libQt6Test6 libQt6Widgets6 qt6-network-tls qt6-platformtheme-gtk3 - Make libQt6Network6 require the network plugins ==== rubygem-jaro_winkler ==== Version update (1.5.4 -> 1.5.6) - New upstream release 1.5.6, no changelog found ==== rubygem-llhttp-ffi ==== Version update (0.4.0 -> 0.5.0) - New upstream release 0.5.0, see bundled CHANGELOG.md ==== rubygem-nokogiri ==== Version update (1.13.9 -> 1.15.4) - Bump mini_portile2 version in the spec - 1.15.4: [#]# 1.15.4 / 2023-08-11 [#]## Dependencies * [CRuby] Vendored libxml2 is updated to v2.11.5 from v2.11.4. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5 [#]## Fixed * Fixed a typo in a HTML5 parser error message. [[#2927](https://github.com/sparklemotion/nokogiri/issues/2927)] (Thanks, [@anishathalye](https://github.com/anishathalye)!) * [CRuby] `ObjectSpace.memsize_of` is now safe to call on `Document`s with complex DTDs. In previous versions, this debugging method could result in a segfault. [[#2923](https://github.com/sparklemotion/nokogiri/issues/2923), [#2924](https://github.com/sparklemotion/nokogiri/issues/2924)] --- sha256 checksums: ``` 14091a07e07045a440213f7d5ced732fa7654ae8b6c7d180137f4124c5284ab8 nokogiri-1.15.4-aarch64-linux.gem 572ddc19934d010e98821a946d89462ae66b310fecc3fe12c48b0025c2f76855 nokogiri-1.15.4-arm-linux.gem 707288e293f4fc82a008f90b7ba0180d9f803f6a239a13e424378fedf8cf93e9 nokogiri-1.15.4-arm64-darwin.gem 04745925f63af61144eccef38a703928629cf97c34dbb1c42e3def17ac77ec92 nokogiri-1.15.4-java.gem a0bfb65461a0453afed1a41b235fe84d5b9c7f4d70afd45f0dc2fdec8909faf1 nokogiri-1.15.4-x64-mingw-ucrt.gem b9d01b9202e33cc23d19b2c1fc18ff4029cdda9b4f937a4baaefd4124a2158ba nokogiri-1.15.4-x64-mingw32.gem f6ae258d7ed5f81715118282aa45486e68fd44b9747d0244a236e9ed5b94c45d nokogiri-1.15.4-x86-linux.gem 3f65b2426ece8da908bd5df5b6262ce525393f5245f8258a245bb4c3f5759b98 nokogiri-1.15.4-x86-mingw32.gem d756605c540034debd7f486ae27802e6b1b129013fd6b1bb823783ef6f2bc5d7 nokogiri-1.15.4-x86_64-darwin.gem 872ced3d72d797ed9b5a76c67141c6cee7589711358e11c73e9c53724ffd1842 nokogiri-1.15.4-x86_64-linux.gem e4a801e5ef643cc0036f0a7e93433d18818b31d48c9c287596b68e92c0173c4d nokogiri-1.15.4.gem ``` 1.15.3: [#]# 1.15.3 / 2023-07-05 [#]## Fixed * Passing an object that is not a kind of `XML::Node` as the first parameter to `CDATA.new` now raises a `TypeError`. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). [[#2920](https://github.com/sparklemotion/nokogiri/issues/2920)] * Passing an object that is not a kind of `XML::Node` as the first parameter to `Schema.from_document` now raises a `TypeError`. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). [[#2920](https://github.com/sparklemotion/nokogiri/issues/2920)] * [CRuby] Passing an object that is not a kind of `XML::Node` as the second parameter to `Text.new` now raises a `TypeError`. Previously this would result in a segfault. [[#2920](https://github.com/sparklemotion/nokogiri/issues/2920)] * [CRuby] Replacing a node's children via methods like `Node#inner_html=`, `#children=`, and `#replace` no longer defensively dups the node's next sibling if it is a Text node. This behavior was originally adopted to work around libxml2's memory management (see [#283](https://github.com/sparklemotion/nokogiri/issues/283) and [#595](https://github.com/sparklemotion/nokogiri/issues/595)) but should not have included operations involving `xmlAddChild()`. [[#2916](https://github.com/sparklemotion/nokogiri/issues/2916)] * [JRuby] Fixed NPE when serializing an unparented HTML node. [[#2559](https://github.com/sparklemotion/nokogiri/issues/2559), [#2895](https://github.com/sparklemotion/nokogiri/issues/2895)] (Thanks, [@cbasguti](https://github.com/cbasguti)!) --- sha256 checksums: ``` 70dadf636ae026f475f07c16b12c685544d4f8a764777df629abf1f7af0f2fb5 nokogiri-1.15.3-aarch64-linux.gem 83871fa3f544dc601e27abbdef87315a77fe1270fe4904986bd3a7df9ca3d56f nokogiri-1.15.3-arm-linux.gem fa4a027478df9004a2ce91389af7b7b5a4fc790c23492dca43b210a0f8770596 nokogiri-1.15.3-arm64-darwin.gem 95d410f995364d9780c4147d8fca6974447a1ccd3a1e1b092f0408836a36cc9c nokogiri-1.15.3-java.gem 599a46b6e4f5a34dd21da06bdbd69611728304af5ef42bb183e4b4ca073fd7a3 nokogiri-1.15.3-x64-mingw-ucrt.gem 92ebfb637c9b7ba92a221b49ea3328c7e5ee79a28307d75ef55bfe4b5807face nokogiri-1.15.3-x64-mingw32.gem ee314666eca832fa71b5bb4c090be46a80aded857aa26121b3b51f3ed658a646 nokogiri-1.15.3-x86-linux.gem 44b7f18817894a5b697bab3d757b12bb7857a0218c1b2e0000929456a2178b34 nokogiri-1.15.3-x86-mingw32.gem 1f0bc0343f9dd1db8dd42e4c9110dd24fc11a7f923b9fa0f866e7f90739e4e7a nokogiri-1.15.3-x86_64-darwin.gem ca244ed58568d7265088f83c568d2947102fb00bac14b5bc0e63f678dcd6323d nokogiri-1.15.3-x86_64-linux.gem 876631295a85315dac37e7a71386d62d9eb452a891083cfe7505cca4805088cb nokogiri-1.15.3.gem ``` 1.15.2: [#]# 1.15.2 / 2023-05-24 [#]## Dependencies * [JRuby] Vendored org.nokogiri:nekodtd is updated to v0.1.11.noko2. This is functionally equivalent to v0.1.11.noko1 but restores support for Java 8. [#]## Fixed * [JRuby] Java 8 support is restored, fixing a regression present in v1.14.0..v1.14.4 and v1.15.0..v1.15.1. [[#2887](https://github.com/sparklemotion/nokogiri/issues/2887)] --- sha256 checksums: ``` 497c698f0cc0f283934c9c93064249d113408e97e5f3677b0b5111af24a67c29 nokogiri-1.15.2-aarch64-linux.gem 505ad4b80cedd12bc3c53065079cc825e7f3d4094ca7b54176ae6f3734dbe2cc nokogiri-1.15.2-arm-linux.gem bbedeaf45ce1494f51806e5fab0d31816fc4584f8e2ec757dd516b9b30847ee4 nokogiri-1.15.2-arm64-darwin.gem b15ba3c1aa5b3726d7aceb44f635250653467c5b0d04248fa0f6a6afc6515fb0 nokogiri-1.15.2-java.gem bc3cc9631c9dd7a74a59554215474da657f956ccb126391d082a2a8c45d3ee14 nokogiri-1.15.2-x64-mingw-ucrt.gem 1fd27732b161a497275798e502b31e97dfe1ab58aac02c0d6ace9cbe1fd6a38c nokogiri-1.15.2-x64-mingw32.gem 931383c6351d79903149b5c6a988e88daada59d7069f3a01b4dcf6730d411cc6 nokogiri-1.15.2-x86-linux.gem 3f4a6350ca1d87d185f4bf509d953820c7191d1cf4213cc3bac9c492b9b4a720 nokogiri-1.15.2-x86-mingw32.gem b57eeec09ee1c4010e317f50d2897fb9c1133d02598260db229e81127b337930 nokogiri-1.15.2-x86_64-darwin.gem 5bca696b9283ad7ce97b9c0dfdf029a62c26e92f39f440a65795e377d44f119a nokogiri-1.15.2-x86_64-linux.gem 20dc800b8fbe4c4f4b5b164e6aa3ab82a371bcb27eb685c166961c34dd8a22d7 nokogiri-1.15.2.gem ``` 1.14.5: [#]# 1.14.5 / 2023-05-24 [#]## Note To ensure that JRuby users on Java 8 can apply the security changes from v1.14.4, we're cutting this release on the v1.14.x branch. We don't expect to make any more v1.14.x releases. [#]## Dependencies * [JRuby] Vendored org.nokogiri:nekodtd is updated to v0.1.11.noko2. This is functionally equivalent to v0.1.11.noko1 but restores support for Java 8. [#]## Fixed * [JRuby] Java 8 support is restored, fixing a regression introduced in v1.14.0. [[#2887](https://github.com/sparklemotion/nokogiri/issues/2887)] --- sha256 checksums: ``` 60e521687e7fb81dbaa2c942d48efc22083780bc76d45586dc0a324bf0fb0e97 nokogiri-1.14.5-aarch64-linux.gem 80ea31d2534b14409e37437934c1c614de9844c806f72fc64134f50e0f3c1131 nokogiri-1.14.5-arm-linux.gem 3ab8ff3b62f4ff5826406007befea2d7ac33de2ee0c66209dd72ec16d0e8f5bf nokogiri-1.14.5-arm64-darwin.gem edc932157786888c8f83b49c811ac0ec26a5b23f8e3c69590c311cc14b7e6bf0 nokogiri-1.14.5-java.gem 75e476c4e0c91f0f8f00f7c8e697bb3f5c9932f948658cf90babdbebbd6f6c27 nokogiri-1.14.5-x64-mingw-ucrt.gem 73bd6ee2dbabd1a337c6878a8d349a872f04a3448505fbe7c773a1dfbb69e310 nokogiri-1.14.5-x64-mingw32.gem a9e4dc50c1cc327bfca3516281eba3fe972fd80bac64c7cdee4bcf07fbfd817d nokogiri-1.14.5-x86-linux.gem aea78a61c684f36213d38777a7cd09aa272c5193f11cbaf2b455bcaeebd4196b nokogiri-1.14.5-x86-mingw32.gem 7375a81e5fba6a5ada3e47cd02a53ca54d0d25ae73b8ebc6e3a962e46947a7b9 nokogiri-1.14.5-x86_64-darwin.gem 0b2150ae90a676a504cbab018d24188eb526bc886ab18b4303102df6b3077160 nokogiri-1.14.5-x86_64-linux.gem 23f69ddeb1e8ead5341bbbbca18d37de29c0265bc90e94bc5d9663b254dfdcbc nokogiri-1.14.5.gem ``` 1.15.1: [#]# 1.15.1 / 2023-05-19 [#]## Dependencies * [CRuby] Vendored libxml2 is updated to v2.11.4 from v2.11.3. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4 [#]## Fixed * [CRuby] The libxml2 update fixes an encoding regression when push-parsing UTF-8 sequences. [[#2882](https://github.com/sparklemotion/nokogiri/issues/2882), upstream [issue](https://gitlab.gnome.org/GNOME/libxml2/-/issues/542) and [commit](https://gitlab.gnome.org/GNOME/libxml2/-/commit/e0f3016f71297314502a3620a301d7e064cbb612)] --- sha256 checksums: ``` ... changelog too long, skipping 324 lines ... ``` ==== rubygem-passenger ==== Version update (6.0.17 -> 6.0.18) Subpackages: ruby3.2-rubygem-passenger rubygem-passenger-apache2 - New upstream release 6.0.18, see bundled CHANGELOG ==== rubygem-rails-html-sanitizer ==== Version update (1.5.0 -> 1.6.0) - Updated to version 1.6.0 * Dependencies have been updated: - Loofah `~>2.21` and Nokogiri `~>1.14` for HTML5 parser support - As a result, required Ruby version is now `>= 2.7.0` Security updates will continue to be made on the `1.5.x` release branch as long as Rails 6.1 (which supports Ruby 2.5) is still in security support. * Mike Dalessio* * HTML5 standards-compliant sanitizers are now available on platforms supported by Nokogiri::HTML5. These are available as: - `Rails::HTML5::FullSanitizer` - `Rails::HTML5::LinkSanitizer` - `Rails::HTML5::SafeListSanitizer` And a new "vendor" is provided at `Rails::HTML5::Sanitizer` that can be used in a future version of Rails. Note that for symmetry `Rails::HTML4::Sanitizer` is also added, though its behavior is identical to the vendor class methods on `Rails::HTML::Sanitizer`. Users may call `Rails::HTML::Sanitizer.best_supported_vendor` to get back the HTML5 vendor if it's supported, else the legacy HTML4 vendor. * Mike Dalessio* * Module namespaces have changed, but backwards compatibility is provided by aliases. The library defines three additional modules: - `Rails::HTML` for general functionality (replacing `Rails::Html`) - `Rails::HTML4` containing sanitizers that parse content as HTML4 - `Rails::HTML5` containing sanitizers that parse content as HTML5 The following aliases are maintained for backwards compatibility: - `Rails::Html` points to `Rails::HTML` - `Rails::HTML::FullSanitizer` points to `Rails::HTML4::FullSanitizer` - `Rails::HTML::LinkSanitizer` points to `Rails::HTML4::LinkSanitizer` - `Rails::HTML::SafeListSanitizer` points to `Rails::HTML4::SafeListSanitizer` * Mike Dalessio* * `LinkSanitizer` always returns UTF-8 encoded strings. `SafeListSanitizer` and `FullSanitizer` already ensured this encoding. * Mike Dalessio* * `SafeListSanitizer` allows `time` tag and `lang` attribute by default. * Mike Dalessio* * The constant `Rails::Html::XPATHS_TO_REMOVE` has been removed. It's not necessary with the existing sanitizers, and should have been a private constant all along anyway. * Mike Dalessio* - Removed comparison against a very old ruby code no longer maintained - Updated description in spec file ==== shared-mime-info ==== Version update (2.3 -> 2.4) - Update to 2.4 * Restore mimetype name for *.bz2 and *.tar.bz2 * Improve detection of application/mac-binhex40 * Add application/x-msdownload and subtypes * Add Windows app store types * Give Windows Installer packages the package icon * Lower priority for text/x-mpsub's magic, so it doesn't match pcb-drillFile.drl * Add application/x-powershell * Add application/wasm * Change comment of text/x-mpsub * Change comment of text/x-mpl2 * Add text/x-component * Give higher priority to the more specific image/apng magic * Recognize *.jfif as image/jpeg * Add application/its+xml * Add text/x-vb * Add text/x-basic * Add new group "chemical" in update-mime-database * Add mimetype for Protein Data Bank (pdb) files * Remove too generic magic from application/x-pak * Add application/json5 * Add text/vbscript.encode * Add text/jscript.encode * Add text/jscript as synonym of text/javascript * Fix backwards relationship between text/javascript and application/ecmascript * Add application/vnd.cups-ppd * Add application/x-ms-shortcut * Give application/x-mswinurl the link icon ==== tgt ==== Version update (1.0.85 -> 1.0.89) - Update to version v1.0.89 (from 1.0.85): * tgt 1.0.89 * tgtd.initd add missing * Prevents threads from looping indefinitely * tgt 1.0.88 * Create tgtd.confd /etc/conf.d/tgtd config file for openrc init system * openrc init script An openrc init script for tgtd. * tgt 1.0.87 * fix posix_fallocate ret check "posix_fallocate() returns zero on success, or an error number on failure. Note that errno is not set." * Add rotation_rate parameter to tgtadm.8.xml Add `rotation_rate` parameter and description. * tgt 1.0.86 * fix: unused function errors * add github actions CI just build test. * README: minor update update URLs. remove too old kernel version info. ==== vte ==== Subpackages: libvte-2_91-0 typelib-1_0-Vte-2_91 - Update vte-revert-back-to-c++17.patch * revert more C++20 features ==== webkit2gtk3 ==== Version update (2.42.1 -> 2.42.2) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.42.2 (boo#1217210): + Bump Safari version in user agent header. + Fix CSP regression that broke Unity WebGL applications. + Fix the build with GBM disabled. + Fix several crashes and rendering issues. + Security fixes: CVE-2023-41983, CVE-2023-42852. ==== webkit2gtk3-soup2 ==== Version update (2.42.1 -> 2.42.2) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update to version 2.42.2 (boo#1217210): + Bump Safari version in user agent header. + Fix CSP regression that broke Unity WebGL applications. + Fix the build with GBM disabled. + Fix several crashes and rendering issues. + Security fixes: CVE-2023-41983, CVE-2023-42852. ==== xen ==== Version update (4.17.2_04 -> 4.18.0_02) Subpackages: xen-libs xen-tools-domU - Update to Xen 4.18.0 FCS release (jsc#PED-4984) xen-4.18.0-testing-src.tar.bz2 * Repurpose command line gnttab_max_{maptrack_,}frames options so they don't cap toolstack provided values. * Ignore VCPUOP_set_singleshot_timer's VCPU_SSHOTTMR_future flag. The only known user doesn't use it properly, leading to in-guest breakage. * The "dom0" option is now supported on Arm and "sve=" sub-option can be used to enable dom0 guest to use SVE/SVE2 instructions. * Physical CPU Hotplug downgraded to Experimental and renamed "ACPI CPU Hotplug" for clarity * On x86, support for features new in Intel Sapphire Rapids CPUs: - PKS (Protection Key Supervisor) available to HVM/PVH guests. - VM-Notify used by Xen to mitigate certain micro-architectural pipeline livelocks, instead of crashing the entire server. - Bus-lock detection, used by Xen to mitigate (by rate-limiting) the system wide impact of a guest misusing atomic instructions. * xl/libxl can customize SMBIOS strings for HVM guests. * Add support for AVX512-FP16 on x86. * On Arm, Xen supports guests running SVE/SVE2 instructions. (Tech Preview) * On Arm, add suport for Firmware Framework for Arm A-profile (FF-A) Mediator (Tech Preview) * Add Intel Hardware P-States (HWP) cpufreq driver. * On Arm, experimental support for dynamic addition/removal of Xen device tree nodes using a device tree overlay binary (.dtbo). * Introduce two new hypercalls to map the vCPU runstate and time areas by physical rather than linear/virtual addresses. * On x86, support for enforcing system-wide operation in Data Operand Independent Timing Mode. * The project has now officially adopted 6 directives and 65 rules of MISRA-C. * On x86, the "pku" command line option has been removed. It has never behaved precisely as described, and was redundant with the unsupported "cpuid=no-pku". Visibility of PKU to guests should be via its vm.cfg file. * xenpvnetboot removed as unable to convert to Python 3. * xencons is no longer supported or present. See 5d22d69b30 - Droppped patches contained in new tarballs 63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch 643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch 643e387f-xen-update-CONFIG_DEBUG_INFO-help-text.patch 6447a8fd-x86-EFI-permit-crash-dump-analysis.patch 64d33a57-libxenstat-Linux-nul-terminate-string.patch aarch64-rename-PSR_MODE_ELxx-to-match-linux-headers.patch xen.stubdom.newlib.patch xsa446.patch xsa445.patch xsa438.patch xsa439-00.patch xsa439-01.patch xsa439-02.patch xsa439-03.patch xsa439-04.patch xsa439-05.patch xsa439-06.patch xsa439-07.patch xsa439-08.patch xsa439-09.patch xsa443-10.patch xsa443-11.patch xsa440.patch - Dropped xen-utils-0.1.tar.bz2 The xen-list and xen-destroy commands are removed. Originally created as a better replacement for 'xm'. The 'xl' equivalent commands should be used instead. - Dropped libxl.pvscsi.patch Support for PVSCSI devices in the guest is no longer supported. - bsc#1216807 - VUL-0: CVE-2023-46836: xen: x86: BTC/SRSO fixes not fully effective (XSA-446) xsa446.patch - bsc#1216654 - VUL-0: CVE-2023-46835: xen: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) xsa445.patch - Supportconfig: Adapt plugin to modern supportconfig The supportconfig 'scplugin.rc' file is deprecated in favor of supportconfig.rc'. Adapt the xen plugin to the new scheme. xen-supportconfig - bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) 650abbfe-x86-shadow-defer-PV-top-level-release.patch - bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional execution leak via division by zero (XSA-439) 64e5b4ac-x86-AMD-extend-Zenbleed-check.patch 65087000-x86-spec-ctrl-SPEC_CTRL_EXIT_TO_XEN-confusion.patch 65087001-x86-spec-ctrl-fold-DO_SPEC_CTRL_EXIT_TO_XEN.patch 65087002-x86-spec-ctrl-SPEC_CTRL-ENTRY-EXIT-asm-macros.patch 65087003-x86-spec-ctrl-SPEC_CTRL-ENTER-EXIT-comments.patch 65087004-x86-entry-restore_all_xen-stack_end.patch 65087005-x86-entry-track-IST-ness-of-entry.patch 65087006-x86-spec-ctrl-VERW-on-IST-exit-to-Xen.patch 65087007-x86-AMD-Zen-1-2-predicates.patch 65087008-x86-spec-ctrl-Zen1-DIV-leakage.patch - bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU TLB flushing (XSA-442) 65263470-AMD-IOMMU-flush-TLB-when-flushing-DTE.patch - bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple vulnerabilities in libfsimage disk handling (XSA-443) 65263471-libfsimage-xfs-remove-dead-code.patch 65263472-libfsimage-xfs-amend-mask32lo.patch 65263473-libfsimage-xfs-sanity-check-superblock.patch 65263474-libfsimage-xfs-compile-time-check.patch 65263475-pygrub-remove-unnecessary-hypercall.patch ... changelog too long, skipping 63 lines ... xsa444-2.patch ==== xfce4-notifyd ==== Subpackages: xfce4-notifyd-lang - relax branding requires (remove -version-release), so we can use xfce4-branding-openSUSE based branding. (bsc#1217193 bsc#1216470) - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut over systemd-mini. ==== xfce4-whiskermenu-plugin ==== Version update (2.8.0 -> 2.8.1) Subpackages: xfce4-whiskermenu-plugin-lang - Update to version 2.8.1 * Fix missing commandline option in man page. (Issue #119) * Fix incorrect category icons by disabling fallbacks. (Issue #116) * Remember order of recently used when searching. * Translation updates