Packages changed:
apache2 (2.4.58 -> 2.4.59)
apache2-manual (2.4.58 -> 2.4.59)
apache2-prefork (2.4.58 -> 2.4.59)
apache2-utils (2.4.58 -> 2.4.59)
btrfsmaintenance
emacs
emacs-jinx (1.4 -> 1.6)
f2fs-tools (1.15.0 -> 1.16.0)
freerdp2
gcr (4.2.1 -> 4.3.0)
gettext-runtime
gnome-control-center
gnome-online-accounts (3.50.0 -> 3.50.1)
gnome-text-editor (46.0 -> 46.1)
gobject-introspection
gom (0.5.0 -> 0.5.1)
gptfdisk (1.0.9 -> 1.0.10)
grep
gupnp
jack
kernel-source (6.8.4 -> 6.8.5)
lensfun
liblouis
libquicktime
libssh
miniupnpc (2.2.5 -> 2.2.6)
multipath-tools (0.9.8+87+suse.f72b9f3 -> 0.9.8+88+suse.d504d83)
openSUSE-build-key
openSUSE-release (20240410 -> 20240414)
openssh
ovmf
pam (1.6.0 -> 1.6.1)
pam-config (2.11 -> 2.11+git.20240411)
pam-full-src (1.6.0 -> 1.6.1)
patterns-kde
perl
pipewire
postfix
python-Pillow
schily
texlive
transactional-update (4.6.0 -> 4.6.5)
update-alternatives (1.22.5 -> 1.22.6)
vim (9.1.0151 -> 9.1.0301)
xfce4-branding-openSUSE (4.18.0+git1.8b02118 -> 4.18.0+git4.79f6d44)
xorg-x11-server
xz
zxcvbn
=== Details ===
==== apache2 ====
Version update (2.4.58 -> 2.4.59)
- Update to 2.4.59:
* ) mod_deflate: Fixes and better logging for handling various
error and edge cases. [Eric Covener, Yann Ylavic, Joe Orton,
Eric Norris <enorris etsy.com>]
* ) Add CGIScriptTimeout to mod_cgi. [Eric Covener]
* ) mod_xml2enc: Tolerate libxml2 2.12.0 and later. PR 68610
[ttachi <tachihara AT hotmail.com>]
* ) mod_slotmem_shm: Use ap_os_is_path_absolute() to make it portable.
[Jean-Frederic Clere]
* ) mod_ssl: Use OpenSSL-standard functions to assemble CA
name lists for SSLCACertificatePath/SSLCADNRequestPath.
Names will now be consistently sorted. PR 61574.
[Joe Orton]
* ) mod_xml2enc: Update check to accept any text/ media type
or any XML media type per RFC 7303, avoiding
corruption of Microsoft OOXML formats. PR 64339.
[Joseph Heenan <joseph.heenan fintechlabs.io>, Joe Orton]
* ) mod_http2: v2.0.26 with the following fixes:
- Fixed `Date` header on requests upgraded from HTTP/1.1 (h2c). Fixes
<https://github.com/icing/mod_h2/issues/272>.
- Fixed small memory leak in h2 header bucket free. Thanks to
Michael Kaufmann for finding this and providing the fix.
* ) htcacheclean: In -a/-A mode, list all files per subdirectory
rather than only one. PR 65091.
[Artem Egorenkov <aegorenkov.91 gmail.com>]
* ) mod_ssl: SSLProxyMachineCertificateFile/Path may reference files
which include CA certificates; those CA certs are treated as if
configured with SSLProxyMachineCertificateChainFile. [Joe Orton]
* ) htpasswd, htdbm, dbmmanage: Update help&docs to refer to
"hashing", rather than "encrypting" passwords.
[Michele Preziuso <mpreziuso kaosdynamics.com>]
* ) mod_ssl: Fix build with LibreSSL 2.0.7+. PR 64047.
[Giovanni Bechis, Yann Ylavic]
* ) htpasswd: Add support for passwords using SHA-2. [Joe Orton,
Yann Ylavic]
* ) core: Allow mod_env to override system environment vars. [Joe Orton]
* ) Allow mod_dav_fs to tolerate race conditions between PROPFIND and an
operation which removes a directory/file between apr_dir_read() and
apr_stat(). Current behaviour is to abort the connection which seems
inferior to tolerating (and logging) the error. [Joe Orton]
* ) mod_ldap: HTML-escape data in the ldap-status handler.
[Eric Covener, Chamal De Silva]
* ) mod_ssl: Disable the OpenSSL ENGINE API when OPENSSL_NO_ENGINE is set.
Allow for "SSLCryptoDevice builtin" if the ENGINE API is not available,
notably with OpenSSL >= 3. PR 68080. [Yann Ylavic, Joe Orton]
* ) mod_ssl: Improve compatibility with OpenSSL 3, fix build warnings about
deprecated ENGINE_ API, honor OPENSSL_API_COMPAT setting while defaulting
to compatibitily with version 1.1.1 (including ENGINEs / SSLCryptoDevice).
[Yann Ylavic]
* ) mod_ssl: release memory to the OS when needed. [Giovanni Bechis]
* ) mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch when
some dollar substitution (backreference) happens in the hostname or port
part of the URL. [Yann Ylavic]
* ) mod_proxy: Allow to set a TTL for how long DNS resolutions to backend
systems are cached. [Yann Ylavic]
* ) mod_proxy: Add optional third argument for ProxyRemote, which
configures Basic authentication credentials to pass to the remote
proxy. PR 37355. [Joe Orton]
==== apache2-manual ====
Version update (2.4.58 -> 2.4.59)
- Update to 2.4.59:
* ) mod_deflate: Fixes and better logging for handling various
error and edge cases. [Eric Covener, Yann Ylavic, Joe Orton,
Eric Norris <enorris etsy.com>]
* ) Add CGIScriptTimeout to mod_cgi. [Eric Covener]
* ) mod_xml2enc: Tolerate libxml2 2.12.0 and later. PR 68610
[ttachi <tachihara AT hotmail.com>]
* ) mod_slotmem_shm: Use ap_os_is_path_absolute() to make it portable.
[Jean-Frederic Clere]
* ) mod_ssl: Use OpenSSL-standard functions to assemble CA
name lists for SSLCACertificatePath/SSLCADNRequestPath.
Names will now be consistently sorted. PR 61574.
[Joe Orton]
* ) mod_xml2enc: Update check to accept any text/ media type
or any XML media type per RFC 7303, avoiding
corruption of Microsoft OOXML formats. PR 64339.
[Joseph Heenan <joseph.heenan fintechlabs.io>, Joe Orton]
* ) mod_http2: v2.0.26 with the following fixes:
- Fixed `Date` header on requests upgraded from HTTP/1.1 (h2c). Fixes
<https://github.com/icing/mod_h2/issues/272>.
- Fixed small memory leak in h2 header bucket free. Thanks to
Michael Kaufmann for finding this and providing the fix.
* ) htcacheclean: In -a/-A mode, list all files per subdirectory
rather than only one. PR 65091.
[Artem Egorenkov <aegorenkov.91 gmail.com>]
* ) mod_ssl: SSLProxyMachineCertificateFile/Path may reference files
which include CA certificates; those CA certs are treated as if
configured with SSLProxyMachineCertificateChainFile. [Joe Orton]
* ) htpasswd, htdbm, dbmmanage: Update help&docs to refer to
"hashing", rather than "encrypting" passwords.
[Michele Preziuso <mpreziuso kaosdynamics.com>]
* ) mod_ssl: Fix build with LibreSSL 2.0.7+. PR 64047.
[Giovanni Bechis, Yann Ylavic]
* ) htpasswd: Add support for passwords using SHA-2. [Joe Orton,
Yann Ylavic]
* ) core: Allow mod_env to override system environment vars. [Joe Orton]
* ) Allow mod_dav_fs to tolerate race conditions between PROPFIND and an
operation which removes a directory/file between apr_dir_read() and
apr_stat(). Current behaviour is to abort the connection which seems
inferior to tolerating (and logging) the error. [Joe Orton]
* ) mod_ldap: HTML-escape data in the ldap-status handler.
[Eric Covener, Chamal De Silva]
* ) mod_ssl: Disable the OpenSSL ENGINE API when OPENSSL_NO_ENGINE is set.
Allow for "SSLCryptoDevice builtin" if the ENGINE API is not available,
notably with OpenSSL >= 3. PR 68080. [Yann Ylavic, Joe Orton]
* ) mod_ssl: Improve compatibility with OpenSSL 3, fix build warnings about
deprecated ENGINE_ API, honor OPENSSL_API_COMPAT setting while defaulting
to compatibitily with version 1.1.1 (including ENGINEs / SSLCryptoDevice).
[Yann Ylavic]
* ) mod_ssl: release memory to the OS when needed. [Giovanni Bechis]
* ) mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch when
some dollar substitution (backreference) happens in the hostname or port
part of the URL. [Yann Ylavic]
* ) mod_proxy: Allow to set a TTL for how long DNS resolutions to backend
systems are cached. [Yann Ylavic]
* ) mod_proxy: Add optional third argument for ProxyRemote, which
configures Basic authentication credentials to pass to the remote
proxy. PR 37355. [Joe Orton]
==== apache2-prefork ====
Version update (2.4.58 -> 2.4.59)
- Update to 2.4.59:
* ) mod_deflate: Fixes and better logging for handling various
error and edge cases. [Eric Covener, Yann Ylavic, Joe Orton,
Eric Norris <enorris etsy.com>]
* ) Add CGIScriptTimeout to mod_cgi. [Eric Covener]
* ) mod_xml2enc: Tolerate libxml2 2.12.0 and later. PR 68610
[ttachi <tachihara AT hotmail.com>]
* ) mod_slotmem_shm: Use ap_os_is_path_absolute() to make it portable.
[Jean-Frederic Clere]
* ) mod_ssl: Use OpenSSL-standard functions to assemble CA
name lists for SSLCACertificatePath/SSLCADNRequestPath.
Names will now be consistently sorted. PR 61574.
[Joe Orton]
* ) mod_xml2enc: Update check to accept any text/ media type
or any XML media type per RFC 7303, avoiding
corruption of Microsoft OOXML formats. PR 64339.
[Joseph Heenan <joseph.heenan fintechlabs.io>, Joe Orton]
* ) mod_http2: v2.0.26 with the following fixes:
- Fixed `Date` header on requests upgraded from HTTP/1.1 (h2c). Fixes
<https://github.com/icing/mod_h2/issues/272>.
- Fixed small memory leak in h2 header bucket free. Thanks to
Michael Kaufmann for finding this and providing the fix.
* ) htcacheclean: In -a/-A mode, list all files per subdirectory
rather than only one. PR 65091.
[Artem Egorenkov <aegorenkov.91 gmail.com>]
* ) mod_ssl: SSLProxyMachineCertificateFile/Path may reference files
which include CA certificates; those CA certs are treated as if
configured with SSLProxyMachineCertificateChainFile. [Joe Orton]
* ) htpasswd, htdbm, dbmmanage: Update help&docs to refer to
"hashing", rather than "encrypting" passwords.
[Michele Preziuso <mpreziuso kaosdynamics.com>]
* ) mod_ssl: Fix build with LibreSSL 2.0.7+. PR 64047.
[Giovanni Bechis, Yann Ylavic]
* ) htpasswd: Add support for passwords using SHA-2. [Joe Orton,
Yann Ylavic]
* ) core: Allow mod_env to override system environment vars. [Joe Orton]
* ) Allow mod_dav_fs to tolerate race conditions between PROPFIND and an
operation which removes a directory/file between apr_dir_read() and
apr_stat(). Current behaviour is to abort the connection which seems
inferior to tolerating (and logging) the error. [Joe Orton]
* ) mod_ldap: HTML-escape data in the ldap-status handler.
[Eric Covener, Chamal De Silva]
* ) mod_ssl: Disable the OpenSSL ENGINE API when OPENSSL_NO_ENGINE is set.
Allow for "SSLCryptoDevice builtin" if the ENGINE API is not available,
notably with OpenSSL >= 3. PR 68080. [Yann Ylavic, Joe Orton]
* ) mod_ssl: Improve compatibility with OpenSSL 3, fix build warnings about
deprecated ENGINE_ API, honor OPENSSL_API_COMPAT setting while defaulting
to compatibitily with version 1.1.1 (including ENGINEs / SSLCryptoDevice).
[Yann Ylavic]
* ) mod_ssl: release memory to the OS when needed. [Giovanni Bechis]
* ) mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch when
some dollar substitution (backreference) happens in the hostname or port
part of the URL. [Yann Ylavic]
* ) mod_proxy: Allow to set a TTL for how long DNS resolutions to backend
systems are cached. [Yann Ylavic]
* ) mod_proxy: Add optional third argument for ProxyRemote, which
configures Basic authentication credentials to pass to the remote
proxy. PR 37355. [Joe Orton]
==== apache2-utils ====
Version update (2.4.58 -> 2.4.59)
- Update to 2.4.59:
* ) mod_deflate: Fixes and better logging for handling various
error and edge cases. [Eric Covener, Yann Ylavic, Joe Orton,
Eric Norris <enorris etsy.com>]
* ) Add CGIScriptTimeout to mod_cgi. [Eric Covener]
* ) mod_xml2enc: Tolerate libxml2 2.12.0 and later. PR 68610
[ttachi <tachihara AT hotmail.com>]
* ) mod_slotmem_shm: Use ap_os_is_path_absolute() to make it portable.
[Jean-Frederic Clere]
* ) mod_ssl: Use OpenSSL-standard functions to assemble CA
name lists for SSLCACertificatePath/SSLCADNRequestPath.
Names will now be consistently sorted. PR 61574.
[Joe Orton]
* ) mod_xml2enc: Update check to accept any text/ media type
or any XML media type per RFC 7303, avoiding
corruption of Microsoft OOXML formats. PR 64339.
[Joseph Heenan <joseph.heenan fintechlabs.io>, Joe Orton]
* ) mod_http2: v2.0.26 with the following fixes:
- Fixed `Date` header on requests upgraded from HTTP/1.1 (h2c). Fixes
<https://github.com/icing/mod_h2/issues/272>.
- Fixed small memory leak in h2 header bucket free. Thanks to
Michael Kaufmann for finding this and providing the fix.
* ) htcacheclean: In -a/-A mode, list all files per subdirectory
rather than only one. PR 65091.
[Artem Egorenkov <aegorenkov.91 gmail.com>]
* ) mod_ssl: SSLProxyMachineCertificateFile/Path may reference files
which include CA certificates; those CA certs are treated as if
configured with SSLProxyMachineCertificateChainFile. [Joe Orton]
* ) htpasswd, htdbm, dbmmanage: Update help&docs to refer to
"hashing", rather than "encrypting" passwords.
[Michele Preziuso <mpreziuso kaosdynamics.com>]
* ) mod_ssl: Fix build with LibreSSL 2.0.7+. PR 64047.
[Giovanni Bechis, Yann Ylavic]
* ) htpasswd: Add support for passwords using SHA-2. [Joe Orton,
Yann Ylavic]
* ) core: Allow mod_env to override system environment vars. [Joe Orton]
* ) Allow mod_dav_fs to tolerate race conditions between PROPFIND and an
operation which removes a directory/file between apr_dir_read() and
apr_stat(). Current behaviour is to abort the connection which seems
inferior to tolerating (and logging) the error. [Joe Orton]
* ) mod_ldap: HTML-escape data in the ldap-status handler.
[Eric Covener, Chamal De Silva]
* ) mod_ssl: Disable the OpenSSL ENGINE API when OPENSSL_NO_ENGINE is set.
Allow for "SSLCryptoDevice builtin" if the ENGINE API is not available,
notably with OpenSSL >= 3. PR 68080. [Yann Ylavic, Joe Orton]
* ) mod_ssl: Improve compatibility with OpenSSL 3, fix build warnings about
deprecated ENGINE_ API, honor OPENSSL_API_COMPAT setting while defaulting
to compatibitily with version 1.1.1 (including ENGINEs / SSLCryptoDevice).
[Yann Ylavic]
* ) mod_ssl: release memory to the OS when needed. [Giovanni Bechis]
* ) mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch when
some dollar substitution (backreference) happens in the hostname or port
part of the URL. [Yann Ylavic]
* ) mod_proxy: Allow to set a TTL for how long DNS resolutions to backend
systems are cached. [Yann Ylavic]
* ) mod_proxy: Add optional third argument for ProxyRemote, which
configures Basic authentication credentials to pass to the remote
proxy. PR 37355. [Joe Orton]
==== btrfsmaintenance ====
- Use full URL for Source0 (.gz compressed as upstream does not
ship .bz2 ones).
==== emacs ====
Subpackages: emacs-el emacs-eln emacs-info emacs-nox etags
- Modify patch emacs-25.1-custom-fonts.patch
* include math.h for all kinds of fonts handling (boo#1222637)
- Modify patch emacs-27.1-Xauthority4server.patch
* Add After=graphical-session.target in emacs.service (boo#1222172)
==== emacs-jinx ====
Version update (1.4 -> 1.6)
- Rebase 0001-Only-export-necessary-symbols.-Fixes-105.patch against
1.6
- Update to version 1.6:
* Fix jinx-mode reentrancy issue #gh/minad/jinx#158
* Ensure that directory local variables work correctly with Jinx.
It is possible to turn Jinx on or off via dir-locals,
and also configure the language and local words.
* jinx-mod: Add global ref Qcons
* jinx-next: Unfold hidden misspelling
==== f2fs-tools ====
Version update (1.15.0 -> 1.16.0)
- update to 1.16.0:
* Various bug fixes in fsck and mkfs for zoned device support.
==== freerdp2 ====
Subpackages: libfreerdp2-2 libwinpr2-2
- Add patch to avoid unneeded dependencies when using winpr-devel:
* 0001-Don-t-add-winpr-cli-tools-to-exported-CMake-targets.patch
==== gcr ====
Version update (4.2.1 -> 4.3.0)
Subpackages: gcr-ssh-agent gcr-ssh-askpass gcr-viewer libgck-2-2 libgcr-4-4 typelib-1_0-Gck-2 typelib-1_0-Gcr-4
- Update to version 4.3.0:
+ certificate: Add API to retrieve version.
+ Bump required GnuTLS version to 3.8.5.
+ Avoid potential integer overflow spotted by UBSan>
+ Support GnuTLS as an alternative crypto backend.
+ Updated translations.
==== gettext-runtime ====
Subpackages: libtextstyle0
- Add missing Requires: find to gettext-tools
==== gnome-control-center ====
Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces gnome-control-center-users
- Add gnome-control-center-datetime-Avoid-emitting-the-time-changed-signal.patch:
Avoid emitting the time-changed signal
(bsc#1222149, bsc#1221799, glgo#GNOME/gnome-control-center#2943).
==== gnome-online-accounts ====
Version update (3.50.0 -> 3.50.1)
Subpackages: libgoa-1_0-0 libgoa-backend-1_0-2
- Update to version 3.50.1:
+ Fix translation domain in account dialogs.
+ Fix OAuth 2.0 URI handler for some users.
+ Fix crash in Kerberos/Fedora provider.
+ Improved WebDAV support for Fastmail and mailbox.org.
+ Fixes for WebDAV discovery.
+ OAuth 2.0 PKCE support.
+ Fix issues caught by static analysis.
+ Update Microsoft Client ID.
+ Updated translations.
==== gnome-text-editor ====
Version update (46.0 -> 46.1)
- Update to version 46.1:
+ Remove DBusActicatable=true from the .desktop file to fix an
issue where you could spawn Text Editor via D-Bus and not have
the session restored at startup.
+ AppData fixes.
+ Updated translations.
- Drop data-desktop-disable-DBusActivatable.patch: fixed upstream.
==== gobject-introspection ====
Subpackages: girepository-1_0 libgirepository-1_0-1
- gi-find-deps.sh: further expand on the java script scanner.
==== gom ====
Version update (0.5.0 -> 0.5.1)
- Update to version 0.5.1:
+ Reduce object inflation overhead in GType system usage.
+ Avoid some allocations in hot paths.
+ Avoid hashtables for resourcegroup items.
+ Avoid use of weak pointers when unnecessary.
==== gptfdisk ====
Version update (1.0.9 -> 1.0.10)
- Update to release 1.0.10
* Fix failure & crash of sgdisk when compiled with latest popt
* Fix NULL dereference when duplicating string argument
* Allow partition dynamically allocated by --largest-new to be
referenced by other options
* Truncate decimal inputs (e.g. "9.5G" becomes "9G")
* New partition type codes from the Discoverable Partitions
Specification
- Delete 0001-Fix-failure-crash-of-sgdisk-when-compiled-with-lates.patch
gptfdisk-1.0.9-libuuid.patch,
gptfdisk-fix-null-pointer-dereference.patch (merged)
==== grep ====
- restore texinfo macros for SLE15
==== gupnp ====
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
==== jack ====
Subpackages: jack-dbus libjack0
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
==== kernel-source ====
Version update (6.8.4 -> 6.8.5)
- gcc-plugins/stackleak: Avoid .head.text section (git-fixes).
- commit 542f698
- Linux 6.8.5 (bsc#1012628).
- x86: set SPECTRE_BHI_ON as default (bsc#1012628).
- KVM: x86: Add BHI_NO (bsc#1012628).
- x86/bhi: Mitigate KVM by default (bsc#1012628).
- x86/bhi: Add BHI mitigation knob (bsc#1012628 bsc#1217339 CVE-2024-2201).
- Update config files (set SPECTRE_BHI_ON=y which is the default later).
- x86/bhi: Enumerate Branch History Injection (BHI) bug
(bsc#1012628).
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (bsc#1012628).
- x86/bhi: Add support for clearing branch history at syscall
entry (bsc#1012628).
- x86/syscall: Don't force use of indirect calls for system calls
(bsc#1012628).
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
(bsc#1012628).
- x86/efistub: Remap kernel text read-only before dropping NX
attribute (bsc#1012628).
- x86/sev: Move early startup code into .head.text section
(bsc#1012628).
- x86/sme: Move early SME kernel encryption handling into
.head.text (bsc#1012628).
- x86/boot: Move mem_encrypt= parsing to the decompressor
(bsc#1012628).
- efi/libstub: Add generic support for parsing mem_encrypt=
(bsc#1012628).
- bpf: support deferring bpf_link dealloc to after RCU grace
period (bsc#1012628).
- bpf: put uprobe link's path and task in release callback
(bsc#1012628).
- Revert "x86/mpparse: Register APIC address only once"
(bsc#1012628).
- drm/xe: Rework rebinding (bsc#1012628).
- drm/xe: Use ring ops TLB invalidation for rebinds (bsc#1012628).
- drm/i915/gt: Enable only one CCS for compute workload
(bsc#1012628).
- drm/i915/gt: Do not generate the command streamer for all the
CCS (bsc#1012628).
- drm/i915/gt: Disable HW load balancing for CCS (bsc#1012628).
- drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY
< 13 (bsc#1012628).
- drm/i915/mst: Reject FEC+MST on ICL (bsc#1012628).
- drm/i915/mst: Limit MST+DSC to TGL+ (bsc#1012628).
- smb: client: fix potential UAF in
cifs_signal_cifsd_for_reconnect() (bsc#1012628).
- smb: client: fix potential UAF in smb2_is_network_name_deleted()
(bsc#1012628).
- smb: client: fix potential UAF in is_valid_oplock_break()
(bsc#1012628).
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
(bsc#1012628).
- smb: client: fix potential UAF in smb2_is_valid_oplock_break()
(bsc#1012628).
- smb: client: fix potential UAF in cifs_dump_full_key()
(bsc#1012628).
- smb: client: fix potential UAF in cifs_stats_proc_show()
(bsc#1012628).
- smb: client: fix potential UAF in cifs_stats_proc_write()
(bsc#1012628).
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
(bsc#1012628).
- smb3: retrying on failed server close (bsc#1012628).
- smb: client: serialise cifs_construct_tcon() with
cifs_mount_mutex (bsc#1012628).
- smb: client: handle DFS tcons in cifs_construct_tcon()
(bsc#1012628).
- smb: client: refresh referral without acquiring refpath_lock
(bsc#1012628).
- smb: client: guarantee refcounted children from parent session
(bsc#1012628).
- smb: client: fix UAF in smb2_reconnect_server() (bsc#1012628).
- riscv: process: Fix kernel gp leakage (bsc#1012628).
- riscv: Fix spurious errors from __get/put_kernel_nofault
(bsc#1012628).
- s390/entry: align system call table on 8 bytes (bsc#1012628).
- selftests/mm: include strings.h for ffsl (bsc#1012628).
- mm/secretmem: fix GUP-fast succeeding on secretmem folios
(bsc#1012628).
- arm64/ptrace: Use saved floating point state type to determine
SVE layout (bsc#1012628).
- riscv: Fix vector state restore in rt_sigreturn() (bsc#1012628).
- aio: Fix null ptr deref in aio_complete() wakeup (bsc#1012628).
- perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last
PEBS event (bsc#1012628).
- x86/coco: Require seeding RNG with RDRAND on CoCo systems
(bsc#1012628).
- x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
(bsc#1012628).
- x86/mm/pat: fix VM_PAT handling in COW mappings (bsc#1012628).
- of: module: prevent NULL pointer dereference in vsnprintf()
(bsc#1012628).
- of: dynamic: Synchronize of_changeset_destroy() with the
devlink removals (bsc#1012628).
- driver core: Introduce device_link_wait_removal() (bsc#1012628).
- ASoC: SOF: Intel: hda: Compensate LLP in case it is not reset
(bsc#1012628).
- ASoC: SOF: ipc4-pcm: Correct the delay calculation
(bsc#1012628).
... changelog too long, skipping 395 lines ...
- commit f362b5c
==== lensfun ====
Subpackages: lensfun-data liblensfun1
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
==== liblouis ====
Subpackages: liblouis-data liblouis20 python3-louis
- Run python tests in %check
==== libquicktime ====
- Fix build with GCC 14, bsc#1221701
* fix-gcc14-build.patch
==== libssh ====
Subpackages: libssh-config libssh4
- Don't change the path for crypto-policies libssh.config (bsc#1222716)
==== miniupnpc ====
Version update (2.2.5 -> 2.2.6)
- update to 2.2.6:
* includes charset="utf-8" in Content-Type
* fix memory allocation error in minissdpc.c
* Make User-Agent compliant.
* add new binary listdevices => upnp-listdevices
- added %check section to run unit tests
==== multipath-tools ====
Version update (0.9.8+87+suse.f72b9f3 -> 0.9.8+88+suse.d504d83)
Subpackages: kpartx libmpath0
- Update to version 0.9.8+88+suse.d504d83:
* Revert "libmultipath: fix max_sectors_kb on adding path"
(bsc#1222458)
==== openSUSE-build-key ====
- SLM 6.0 key (ALP / SLF1) RSA 4096 bit key
- gpg-pubkey-09d9ea69-645b99ce.asc
- 2024 SUSE Linux Enterprise 15 SP6 RSA 4096 bit key
- gpg-pubkey-3fa1d6ce-63c9481c.asc
- SLM 6.0 key (ALP / SLF1) RSA 4096 bit reserve key
- gpg-pubkey-73f03759-626bd414.asc
- 2024 SUSE Linux Enterprise 15 SP6 RSA 4096 bit reserve key
- gpg-pubkey-d588dc46-63c939db.asc
- obsoleted a incorrectly used DSA1024 key (used in Slowroll).
==== openSUSE-release ====
Version update (20240410 -> 20240414)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server
- Fix duplicate loading of dropins. (boo#1222467)
==== ovmf ====
Subpackages: qemu-uefi-aarch64
- Add ovmf-EmbeddedPkg-Library-Support-SOURCE_DATE_EPOCH-in-Vir.patch
Support SOURCE_DATE_EPOCH in VirtualRealTimeClockLib for reproducible.
(bsc#1217704)
==== pam ====
Version update (1.6.0 -> 1.6.1)
- Update to version 1.6.1
- pam_env: fixed --disable-econf --enable-vendordir support.
- pam_unix: do not warn if password aging is disabled.
- pam_unix: try to set uid to 0 before unix_chkpwd invocation.
- pam_unix: allow empty passwords with non-empty hashes.
- Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
- Remove backports:
- pam_env-fix_vendordir.patch
- pam_env-fix-enable-vendordir-fallback.patch
- pam_env-remove-escaped-newlines.patch
- pam_unix-fix-password-aging-disabled.patch
==== pam-config ====
Version update (2.11 -> 2.11+git.20240411)
- Update to version 2.11+git.20240411:
* Configure Himmelblau correctly w/ other services present
* Configure other services correctly w/ Himmelblau present
* Himmelblau session is only optional
==== pam-full-src ====
Version update (1.6.0 -> 1.6.1)
- Update to version 1.6.1
- pam_env: fixed --disable-econf --enable-vendordir support.
- pam_unix: do not warn if password aging is disabled.
- pam_unix: try to set uid to 0 before unix_chkpwd invocation.
- pam_unix: allow empty passwords with non-empty hashes.
- Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
- Remove backports:
- pam_env-fix_vendordir.patch
- pam_env-fix-enable-vendordir-fallback.patch
- pam_env-remove-escaped-newlines.patch
- pam_unix-fix-password-aging-disabled.patch
==== patterns-kde ====
Subpackages: patterns-kde-kde patterns-kde-kde_edutainment patterns-kde-kde_games patterns-kde-kde_ide patterns-kde-kde_imaging patterns-kde-kde_internet patterns-kde-kde_multimedia patterns-kde-kde_office patterns-kde-kde_pim patterns-kde-kde_plasma patterns-kde-kde_utilities patterns-kde-kde_utilities_opt patterns-kde-kde_yast
- xwaylandvideobridge has always been unversioned (boo#1222640)
==== perl ====
Subpackages: perl-base
- Revert commit 7af2d2037375d58e700f9e1b217efb2c4db66133 as suggested
by upstream perl
* fixed locale being clobbered by perl [bsc#1220195]
* new patch: perl-locale-backport.diff
==== pipewire ====
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Move the jack spa plugin from the pipewire-spa-plugins-0_2
package to a new pipewire-spa-plugins-0_2-jack package. This
allows to not Suggest the pipewire-libjack package from
pipewire-spa-plugins-0_2 since that's only used to connect
pipewire as a client to a jack server which is not common at all
(boo#1222253).
==== postfix ====
- Move qshape(1) out of -doc, install it as a binary with the main package
==== python-Pillow ====
- Reenable tests for s390x and ppc, bsc#1222553
gh#python-pillow/Pillow#1204
==== schily ====
Subpackages: libcdrdeflt1_0 libdeflt1_0 libfile1_0 libfind4_0 librmt1_0 librscg1_0 libscg1_0 libscgcmd1_0 libschily2_0 mkisofs spax star
- Update to release 2024.03.21
* mkisofs: produce less scrollback when logging progress to ttys.
==== texlive ====
- Add patch source-dvipdfm-x.dif
* dvipdfmx: repeated inclusion of the same image did not share
the image data, but had separate copies for each inclusion.
==== transactional-update ====
Version update (4.6.0 -> 4.6.5)
Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit
- Version 4.6.5
- Rework soft-reboot support introduced in 4.6.0:
- On transactional systems with systemd 254 the system could
hang with with a soft-reboot, as /var and /etc have to be
mounted in /run/nextroot explicitly. As a soft-reboot can
also be triggered by an admin the mounting of the
corresponding mount points was moved to a systemd service to
be independent of t-u itself.
- Support for systemd 255
- Don't decrease reboot level on multiple commands
- Various other bugfixes
- soft-reboot support is disabled by default now to gather more feedback
- libtukit: Fix kexec reboot method to boot kernel / initrd of next snapshot
- tukit: Don't clone lock file handle on exec [boo#1222411]
- t-u: Always use zypper of installed system [bsc#1221346]
- t-u: Remove remaining telemetrics references
- Add prepare-nextroot-for-softreboot service
- Add (empty) %check section
==== update-alternatives ====
Version update (1.22.5 -> 1.22.6)
- Update to version 1.22.6.
The changelog for this version isn't very large, so it's provided in full:
* dpkg-deb: Fix up compressor parameters for default legacy format.
* Perl modules:
- Dpkg::Vendor::Debian: Make it possible to disable qa=-bug-implicit-func.
- Dpkg::Vendor::Debian: Unconditionally set qa bug-implicit-func.
* Documentation:
- man: Document dpkg versions supporting SOURCE_DATE_EPOCH for various
tools.
* Code internals:
- libdpkg: Use array access instead of pointer arithmetic for meminfo
parser.
- libdpkg: Use a macro to define the zstd default compression level.
* Build system:
- Test with minimal library dependencies in CI.
- Add gen-release script.
* Packaging:
- Fix typo in man page reference in changelog.
* Test suite:
- Refactor OpenPGP backend and commands list.
- Refactor certfile and keyfile filenames for OpenPGP test.
- Skip OpenPGP tests if the backend does not have a verify command.
* Localization:
- Fix typos in Swedish man pages translations.
- Fix typos in Swedish man pages translations.
- Update Dutch man pages translations.
- Update Portuguese man pages translations.
- Update German man pages translation.
==== vim ====
Version update (9.1.0151 -> 9.1.0301)
Subpackages: vim-data vim-data-common xxd
- update to 9.1.0301
* Vim9: heredoc start may be recognized in string
* Missing test for what patch v9.1.0285 fixes
* Vim9: return type not set for a lambda assigned to script var
* add runtime/doc/tags-* to ignore files
* Updated translation
* Update documentation
* Patch 9.1.0296 causes too many issues
* Fix a few issues with gvim.nsi
* regexp: engines do not handle case-folding well
* filetype: pip config files are not recognized
* Text height function does not respect it's argument
* filetype: lxqt config files are not recognized
* filetype: XDG mimeapps.list file is not recognized
* filetype: libreoffice config files are not recognized
* filetype: xilinx files are not recognized
* filetype: some TeX files are not recognized
* Vim9: comment may be treated as heredoc start
* Vim9: E1027 with defcompile for abstract methods
* Still problems with cursor position for CTRL-D/U
* fix inaccuracies in pandoc compiler
* make testclean is not able to delete failed screendumps
* Update base-syntax, no curly-brace names in Vim9 script
* Several small issues in doc and tests
* Finding highlighting attributes is inefficient
* Update cuda keywords, remove uncommonly used enumeration constants
* several issues with 'smoothscroll' support
* filetype: roc files are not recognized
* filetype: zathurarc files not recognized
* Cannot highlight the Command-line
* No pandoc syntax support
* filetype: R history files are not recognized
* filetype: keymap files are not recognized
* autocmd may change cwd after :tcd and :lcd
* Update syntax generator, autocmd event list parsing
* Normalise builtin-function optional parameter formatting
* Correctly distribute libsodium with the installer
* a few minor issues to fix
* Test for TextChanged is still flaky with ASAN
* Two tests in test_filechanged.vim are slow
* File name entered in GUI dialog is ignored
* fix :compiler leaving behind a g:makeprg variable
* Remove more fallback :CompilerSet definitions from compiler plugins
* filetype: earthfile files are not recognized
* console dialog cannot save unnamed buffers
* Fill in a few details regarding :enums
* Remove fallback :CompilerSet definition from compiler plugins
* libgpm may delete some signal handlers
* Improve the matching of contextual keywords
* Vim9: Problem with lambda blocks in enums and classes
* Test for TextChanged is flaky with ASAN
* Vim9: protected class and funcrefs accessible outside the class
* Problems with "zb" and scrolling to new topline with 'smoothscroll'
* filetype not detected when editing remote files
* sort filetype.txt in the alphabetical order
* Normal mode TextChanged isn't tested properly
* half-page scrolling broke backward compatibility
* Vim9: :call may not find imported class members
* Finding autocmd events is inefficient
* Vim9: no indication of script nr in stack trace of classes
* [security]: Heap buffer overflow when calling complete_add() in 'cfu'
* filetype: typespec files are not recognized
* improve syntax highlighting for YAML
* Vim9: segfault with static in super class
* Filetype test fails
* update syntax
* filetype: ldscripts cannot be recognized
* filetype: rock_manifest and config.ld files are not recognized
* filetype: yarn lock files are not recognized
* filetype: bundle config files are not recognized
* filetype: fontconfig files are not recognized
* filetype: zsh theme, history and zunit files are not recognized
* filetype: bash history files are not recognized
* filetype: netrw history file is not recognized
* filetype: octave history files are not recognized
* filetype: mysql history files are not recognized
* filetype: some python tools config files are not recognized
* filetype: gnuplot history files are not recognised
* filetype: jupyterlab and sublime config are not recognized
* filetype: mplstyle files are not recognized
* filetype: texlua files are not recognized
* filetype: supertux files are not recognized
* filetype: support for Intel HEX files is lacking
* Vim9: string() output of enum is problematic
* Conceal test fails when rightleft feature is disabled
* Filetype may be undetected when SwapExists sets ft in other buf
* TextChanged autocommand not triggered under some circumstances
* ensure compiler! sets global options
* Distinguish Vim9 builtin object methods from namesake builtin functions
* add support for Debian specific @includes
* Error E877 is not translated
* fix path of uganda.nsis.txt in german.nsi file
* Two unrelated things are tested by a single test
* Improve docs for empty(), len(), and string() on objects
* Recording may still be wrong in Select mode
* Not able to assign enum values to an enum static variable
* test_matchparen not run in CI
* cursor may move too many lines over "right" & "below" virt text
* code duplication in loop to add active text properties
... changelog too long, skipping 119 lines ...
* Coverity complains about ignoring return value
==== xfce4-branding-openSUSE ====
Version update (4.18.0+git1.8b02118 -> 4.18.0+git4.79f6d44)
Subpackages: libgarcon-branding-openSUSE libxfce4ui-branding-openSUSE thunar-volman-branding-openSUSE xfce4-notifyd-branding-openSUSE xfce4-panel-branding-openSUSE xfce4-power-manager-branding-openSUSE xfce4-session-branding-openSUSE xfce4-settings-branding-openSUSE xfdesktop-branding-openSUSE xfwm4-branding-openSUSE
- Update to version 4.18.0+git4.79f6d44:
* Fix wallpaper folder structure
* Better split tumbleweed and leap wallpapers
* Added old wallpaper symlinks still needed by leap
==== xorg-x11-server ====
Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra
- U_render-Avoid-possible-double-free-in-ProcRenderAddGl.patch
* fixes regression for security fix for CVE-2024-31083 (bsc#1222312,
boo#1222442, gitlab xserver issue #1659)
==== xz ====
Subpackages: liblzma5
- revert the switch to tar_scm which dropped the signature
validation
- switch back to tarballs because the upstream tarballs are not
gone
- reinstanciate keyring from Lasse
- go back to the last release signed by Lasse (5.4.2)
- revert multibuild, drop service and rpmlintrc
- use real_ver for the Source, move everything else back to
%version like before the hectic XZ downgrade
- remove payload setting, we are using zstd now
- Switch to using tar_scm for fetching the sources as the upstream
tarballs on github are gone
- introduce _multibuild to allow building the translations outside
of Ring0 and everything else in Ring0
- add rpmlintrc to silence harmless warnings
==== zxcvbn ====
- Make use of distro build flags