Packages changed: Mesa (22.2.2 -> 22.2.3) Mesa-drivers (22.2.2 -> 22.2.3) elfutils (0.187 -> 0.188) elfutils-debuginfod (0.187 -> 0.188) grub2 highway java-18-openjdk libbpf libzypp (17.31.4 -> 17.31.5) mobile-broadband-provider-info (20220725 -> 20221107) ncurses (6.3.20221001 -> 6.3.20221105) perl-HTML-Parser (3.79 -> 3.80) perl-URI (5.16 -> 5.17) python-Babel (2.10.3 -> 2.11.0) python-M2Crypto shadow webkit2gtk3 (2.38.1 -> 2.38.2) webkit2gtk4 (2.38.1 -> 2.38.2) zypper (1.14.57 -> 1.14.58) === Details === ==== Mesa ==== Version update (22.2.2 -> 22.2.3) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - third bugfix release * some regressions in CI worked out * a bit of everything, and nothing too crazy - supersedes u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch - supersedes u_nouveau-corrupted-colors-boo1203949.patch - get rid of Mesa-libVulkan-devel(-32bit) package, which is no longer needed at all by providing/obsoleting it by libvulkan_intel ==== Mesa-drivers ==== Version update (22.2.2 -> 22.2.3) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - third bugfix release * some regressions in CI worked out * a bit of everything, and nothing too crazy - supersedes u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch - supersedes u_nouveau-corrupted-colors-boo1203949.patch - get rid of Mesa-libVulkan-devel(-32bit) package, which is no longer needed at all by providing/obsoleting it by libvulkan_intel ==== elfutils ==== Version update (0.187 -> 0.188) Subpackages: elfutils-lang libasm1 libdw1 libelf1 - Update to version 0.188: * readelf: Add -D, --use-dynamic option. * debuginfod-client: Add $DEBUGINFOD_HEADERS_FILE setting to supply outgoing debuginfod_find_section. * debuginfod: Add --disable-source-scan option. * libdwfl: Add new function dwfl_get_debuginfod_client. Add new function dwfl_frame_reg. Add new function dwfl_report_offline_memory. - Remove upstreamed patches: * 0001-libelf-Sync-elf.h-from-glibc.patch * 0002-backends-Handle-new-RISC-V-specific-definitions.patch * 0003-elflint-Allow-zero-p_memsz-for-PT_RISCV_ATTRIBUTES.patch * 0004-readelf-Handle-SHT_RISCV_ATTRIBUTES-like-SHT_GNU_ATT.patch * PR29474-debuginfod.patch * config-Move-the-2-dev-null-inside-the-sh-c-quotes-fo.patch * support-nullglob-in-profile.-.in-files.patch ==== elfutils-debuginfod ==== Version update (0.187 -> 0.188) Subpackages: debuginfod-profile libdebuginfod1 - Update to version 0.188: * readelf: Add -D, --use-dynamic option. * debuginfod-client: Add $DEBUGINFOD_HEADERS_FILE setting to supply outgoing debuginfod_find_section. * debuginfod: Add --disable-source-scan option. * libdwfl: Add new function dwfl_get_debuginfod_client. Add new function dwfl_frame_reg. Add new function dwfl_report_offline_memory. - Remove upstreamed patches: * 0001-libelf-Sync-elf.h-from-glibc.patch * 0002-backends-Handle-new-RISC-V-specific-definitions.patch * 0003-elflint-Allow-zero-p_memsz-for-PT_RISCV_ATTRIBUTES.patch * 0004-readelf-Handle-SHT_RISCV_ATTRIBUTES-like-SHT_GNU_ATT.patch * PR29474-debuginfod.patch * config-Move-the-2-dev-null-inside-the-sh-c-quotes-fo.patch * support-nullglob-in-profile.-.in-files.patch ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi - NVMeoFC support on grub (jsc#PED-996) * 0001-ieee1275-add-support-for-NVMeoFC.patch * 0002-ieee1275-ofpath-enable-NVMeoF-logical-device-transla.patch * 0003-ieee1275-change-the-logic-of-ieee1275_get_devargs.patch * 0004-ofpath-controller-name-update.patch - TDX: Enhance grub2 measurement to TD RTMR (jsc#PED-1265) * 0001-commands-efi-tpm-Refine-the-status-of-log-event.patch * 0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch * 0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch - Measure the kernel on POWER10 and extend TPM PCRs (PED-1990) * 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch * 0002-ieee1275-implement-vec5-for-cas-negotiation.patch - Fix efi pcr snapshot related funtion is defined but not used on powerpc platform. * safe_tpm_pcr_snapshot.patch - Include loopback into signed grub2 image (jsc#PED-2150) - Fix firmware oops after disk decrypting failure (bsc#1204037) * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch - Add patch to fix kernel relocation error in low memory * 0001-linux-fix-efi_relocate_kernel-failure.patch - Add safety measure to pcr snapshot by checking platform and tpm status * safe_tpm_pcr_snapshot.patch - Fix installation failure due to unavailable nvram device on ppc64le (bsc#1201361) * 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch - Add patches to dynamically allocate additional memory regions for EFI systems (bsc#1202438) * 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch * 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch * 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch * 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch * 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch - Enlarge the default heap size and defer the disk cache invalidation (bsc#1202438) * 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch * 0002-mm-Defer-the-disk-cache-invalidation.patch - Add patches for ALP FDE support * 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch * 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch * 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch * 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch * 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch * 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch * 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch * 0008-linuxefi-Use-common-grub_initrd_load.patch * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch * 0010-templates-import-etc-crypttab-to-grub.cfg.patch * grub-read-pcr.patch * efi-set-variable-with-attrs.patch * tpm-record-pcrs.patch * tpm-protector-dont-measure-sealed-key.patch * tpm-protector-export-secret-key.patch * grub-install-record-pcrs.patch * grub-unseal-debug.patch - Fix out of memory error cannot be prevented via disabling tpm (bsc#1202438) * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch - Fix tpm error stop tumbleweed from booting (bsc#1202374) * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - Patch Removed * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch - Add tpm, tpm2, luks2 and gcry_sha512 to default grub.efi (bsc#1197625) - Make grub-tpm.efi a symlink to grub.efi * grub2.spec - Log error when tpm event log is full and continue * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch - Patch superseded * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - Add patches for automatic TPM disk unlock (jsc#SLE-24018) (bsc#1196668) * 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch * 0002-cryptodisk-Refactor-to-discard-have_it-global.patch * 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch * 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch * 0005-cryptodisk-Improve-cryptomount-u-error-message.patch * 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch * 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch * 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch * 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch * 0010-protectors-Add-key-protectors-framework.patch * 0011-tpm2-Add-TPM-Software-Stack-TSS.patch * 0012-protectors-Add-TPM2-Key-Protector.patch * 0013-cryptodisk-Support-key-protectors.patch * 0014-util-grub-protect-Add-new-tool.patch - Fix no disk unlocking happen (bsc#1196668) * 0001-crytodisk-fix-cryptodisk-module-looking-up.patch - Fix build error * fix-tpm2-build.patch ==== highway ==== - Have armv7 build succeed again. ==== java-18-openjdk ==== Subpackages: java-18-openjdk-headless - Fix jconsole.desktop icon ==== libbpf ==== - Fix out-of-bound heap write (boo#1194248 boo#1194249 CVE-2021-45940 CVE-2021-45941) + libbpf-Use-elf_getshdrnum-instead-of-e_shnum.patch - Fix use-after-free in btf_dump_name_dups (boo#1204391 CVE-2022-3534) + libbpf-Fix-use-after-free-in-btf_dump_name_dups.patch - Fix memory leak in parse_usdt_arg() (boo#1204393 CVE-2022-3533) + libbpf-Fix-memory-leak-in-parse_usdt_arg.patch - Fix null pointer dereference in find_prog_by_sec_insn() (boo#1204502 CVE-2022-3606) + libbpf-Fix-null-pointer-dereference-in-find_prog_by_.patch ==== libzypp ==== Version update (17.31.4 -> 17.31.5) - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - properly reset range requests (bsc#1204548) - version 17.31.5 (22) ==== mobile-broadband-provider-info ==== Version update (20220725 -> 20221107) - Update to version 20221107: * build: - Fix regex in make check - reject and whitespace in XML via unit test - use $(SP_XML_DB) in Makefile.am * de: telekom: give names to plan entries * dtd: allow "mms-internet-hipri" and "mms-internet-hipri-fota" types * fr: include voice mail and balance check for Free Mobile * in: add Airtel Kerala network-id * ui: collapse Orange and T-Mobile into EE, fix APNs * us: add support for Ting USA VVM * us: update AT&T APNs and APN usages ==== ncurses ==== Version update (6.3.20221001 -> 6.3.20221105) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20221105 + regenerate configure scripts with autoconf 2.52.20221009 + modify "--with-manpage-format" to support bzip2 and xz compression (prompted by discussion with Sam James). + modify make-tar.sh scripts to make timestamps more predictable. - Add ncurses patch 20221029 + improve curs_slk.3x discussion of extensions and portability (report by Bill Gray). - Add ncurses patch 20221023 + change man_db.renames to template, to handle ncurses*-config script with the extra-suffix configure option. - Add ncurses patch 20221015 + fix another memory-leak in tic. + update install-sh script from autoconf, to fix install problem for Ada95 with Arch; as noted in https://lists.gnu.org/archive/html/automake/2018-09/msg00005.html there are unaddressed issues. + update CF_XOPEN_SOURCE, adding GNU libc suffixes for abi64, abin32, x32 (report by Sven Joachim): + correct ifdef's for _nc_set_read_thread() (patch by Mikhail Korolev, cf: 20220813). - Add ncurses patch 20221008 + correct a switch-statement case in configure script to allow for test builds with ABI=7. + modify misc/gen-pkgconfig.in to allow for the case where the library directory does not yet exist, since this is processed before doing an install (report by Michal Liszcz). ==== perl-HTML-Parser ==== Version update (3.79 -> 3.80) - updated to 3.80 see /usr/share/doc/packages/perl-HTML-Parser/Changes 3.80 2022-11-01 * Fix compatibility with ancient perl by avoiding index in test (GH#33) (Graham Knop) ==== perl-URI ==== Version update (5.16 -> 5.17) - updated to 5.17 see /usr/share/doc/packages/perl-URI/Changes 5.17 2022-11-02 17:03:48Z - Updated RFC references in the pod documentation for URI::file (GH#117) (Håkon Hgland) - Fix SIP URI encoder/decoder (GH#118) (ryankereliuk) ==== python-Babel ==== Version update (2.10.3 -> 2.11.0) - Update to 2.11.0 Upcoming deprecation * This version, Babel 2.11, is the last version of Babel to support Python 3.6. Babel 2.12 will require Python 3.7 or newer. Improvements * Support for hex escapes in JavaScript string literals :gh:`877` - Przemyslaw Wegrzyn * Add support for formatting decimals in compact form :gh:`909` - Jonah Lawrence * Adapt parse_date to handle ISO dates in ASCII format :gh:`842` - Eric L. * Use ast instead of eval for Python string extraction :gh:`915` - Aarni Koskela * This also enables extraction from static f-strings. F-strings with expressions are silently ignored (but won't raise an error as they used to). Infrastructure * Tests: Use regular asserts and pytest.raises() :gh:`875` – Aarni Koskela * Wheels are now built in GitHub Actions :gh:`888` – Aarni Koskela * Small improvements to the CLDR downloader script :gh:`894` – Aarni Koskela * Remove antiquated __nonzero__ methods :gh:`896` - Nikita Sobolev * Remove superfluous __unicode__ declarations :gh:`905` - Lukas Juhrich * Mark package compatible with Python 3.11 :gh:`913` - Aarni Koskela * Quiesce pytest warnings :gh:`916` - Aarni Koskela Bugfixes * Use email.Message for pofile header parsing instead of the deprecated cgi.parse_header function. :gh:`876` – Aarni Koskela * Remove determining time zone via systemsetup on macOS :gh:`914` - Aarni Koskela Documentation * Update Python versions in documentation :gh:`898` - Raphael Nestler * Align BSD-3 license with OSI template :gh:`912` - Lukas Kahwe Smith ==== python-M2Crypto ==== - add openssl-stop-parsing-header.patch (bsc#1205042) - add m2crypto-0.38-ossl3-tests.patch ==== shadow ==== Subpackages: libsubid4 login_defs - Add shadow-copytree-usermod-fifo.patch: Fix regression that prevented `usermod -m` to work when their home directory contained at least one fifo See https://github.com/shadow-maint/shadow/pull/565 ==== webkit2gtk3 ==== Version update (2.38.1 -> 2.38.2) Subpackages: WebKit2GTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.38.2 (boo#1205120 boo#1205123 boo#1205124): + Fix scrolling issues in some sites having fixed background. + Fix prolonged buffering during progressive live playback. + Fix the build with accessibility disabled. + Fix several crashes and rendering issues. + Security fixes: CVE-2022-42799, CVE-2022-42823, CVE-2022-42824. ==== webkit2gtk4 ==== Version update (2.38.1 -> 2.38.2) Subpackages: WebKit2GTK-5.0-lang libjavascriptcoregtk-5_0-0 libwebkit2gtk-5_0-0 webkit2gtk-5_0-injected-bundles - Update to version 2.38.2 (boo#1205120 boo#1205123 boo#1205124): + Fix scrolling issues in some sites having fixed background. + Fix prolonged buffering during progressive live playback. + Fix the build with accessibility disabled. + Fix several crashes and rendering issues. + Security fixes: CVE-2022-42799, CVE-2022-42823, CVE-2022-42824. ==== zypper ==== Version update (1.14.57 -> 1.14.58) Subpackages: zypper-log zypper-needs-restarting - Update man page and explain '.no_auto_prune' (bsc#1204956) - Allow to (re)add a service with the same URL (bsc#1203715) - Explain outdatedness of repos (fixes #463) - BuildRequires: libzypp-devel >= 17.31.5 - version 1.14.58