Packages changed: ImageMagick (7.1.1.10 -> 7.1.1.11) MozillaFirefox-branding-openSUSE apparmor (3.1.3 -> 3.1.4) checkmedia (6.1 -> 6.2) cups curl (8.1.1 -> 8.1.2) dav1d (1.2.0 -> 1.2.1) glslang (12.1.0 -> 12.2.0) gnutls imlib2 (1.11.0 -> 1.11.1) installation-images-MicroOS (17.86 -> 17.87) javapackages-tools kio-extras5 kyotocabinet libX11 (1.8.4 -> 1.8.5) libapparmor (3.1.3 -> 3.1.4) libdnf (0.70.0 -> 0.70.1) libmfx (22.6.5 -> 23.2.2) libproxy libproxy-plugins libreoffice (7.5.3.2 -> 7.5.4.1) librsvg (2.56.0 -> 2.56.1) libstorage-ng (4.5.112 -> 4.5.115) libxcrypt (4.4.33 -> 4.4.34) libyui (4.5.2 -> 4.6.0) libyui-ncurses (4.5.2 -> 4.6.0) libyui-ncurses-pkg (4.5.2 -> 4.6.0) libyui-qt (4.5.2 -> 4.6.0) libyui-qt-graph (4.5.2 -> 4.6.0) libyui-qt-pkg (4.5.2 -> 4.6.0) lua54 (5.4.4 -> 5.4.6) man-pages (6.02 -> 6.04) manpages-l10n (4.18.1 -> 4.19.0) mariadb-connector-c (3.3.4 -> 3.3.5) mozilla-nss ncurses (6.4.20230506 -> 6.4.20230520) openssl-3 (3.0.8 -> 3.1.1) openssl (3.0.8 -> 3.1.1) perl-Bootloader (1.1 -> 1.2) perl-IO-Socket-SSL (2.081 -> 2.083) perl-libwww-perl (6.68 -> 6.70) podman (4.5.0 -> 4.5.1) python-gevent python-pycryptodome (3.17.0 -> 3.18.0) python-rich (13.3.5 -> 13.4.1) python-rpm python-tornado6 (6.2 -> 6.3.2) python-zope.event qemu (8.0.0 -> 8.0.2) rpm shaderc (2023.2 -> 2023.4) texlive tracker (3.5.2 -> 3.5.3) vulkan-loader (1.3.247 -> 1.3.250.0) vulkan-tools (1.3.247 -> 1.3.250.0) webkit2gtk3 (2.40.1 -> 2.40.2) webkit2gtk4 (2.40.1 -> 2.40.2) yast2-control-center (4.6.0 -> 4.6.1) === Details === ==== ImageMagick ==== Version update (7.1.1.10 -> 7.1.1.11) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.1.11 * upstream changelog: https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-11---2023-05-29 ==== MozillaFirefox-branding-openSUSE ==== - add sle_version 150500 check - add some useful links about openSUSE in the about:newtab page - add sle_version 150300 and 150400 check ==== apparmor ==== Version update (3.1.3 -> 3.1.4) Subpackages: apparmor-abstractions apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor - update to AppArmor 3.1.4 - parser: fix mount rules encoding (CVE-2016-1585) - aa-logprof: fix error when choosing named exec with plain profile names - aa-status: fix json output - several fixes for profiles and abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4 for the full upstream changelog ==== checkmedia ==== Version update (6.1 -> 6.2) Subpackages: libmediacheck6 - merge gh#openSUSE/checkmedia#17 - do not select EFI System Partition for digest calculation (bsc#1211953) - use default for SKIPSECTORS only for RH media - add man pages for checkmedia and tagmedia - add spec file for OBS - 6.2 ==== cups ==== Subpackages: cups-client cups-config libcups2 libcupsimage2 - cups-2.4.2-CVE-2023-32324.patch fixes CVE-2023-32324 "Heap buffer overflow in cupsd" https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 bsc#1211643 ==== curl ==== Version update (8.1.1 -> 8.1.2) Subpackages: libcurl4 - Update to 8.1.2: * Bugfixes: - configure: quote the assignments for run-compiler - configure: without pkg-config and no custom path, use -lnghttp2 - curl: cache the --trace-time value for a second - http2: fix EOF handling on uploads with auth negotiation - http3: send EOF indicator early as possible - lib1560: verify more scheme guessing - lib: remove unused functions, make single-use static - libcurl.m4: remove trailing 'dnl' that causes this to break autoconf - libssh: when keyboard-interactive auth fails, try password - misc: fix spelling mistakes - page-header: mention curl version and how to figure out current release - page-header: minor wording polish in the URL segment - scripts/singleuse.pl: add more API calls - urlapi: remove superfluous host name check ==== dav1d ==== Version update (1.2.0 -> 1.2.1) - Update to version 1.2.1 * Fix a threading race on task_thread.init_done * NEON z2 8bpc and high bit-depth optimizations * SSSE3 z2 high bit-depth optimziations * Fix a desynced luma/chroma planes issue with Film Grain * Reduce memory consumption * Improve dav1d_parse_sequence_header() speed * OBU: Improve header parsing and fix potential overflows * OBU: Improve ITU-T T.35 parsing speed * Misc buildsystems, CI and headers fixes - Add to description some performance mentions that set it apart from other packages e.g. gav1. ==== glslang ==== Version update (12.1.0 -> 12.2.0) - Update to release 12.2.0 * Support GLSL_EXT_shader_tile_image, GL_EXT_ray_tracing_position_fetch, and custom include callbacks via the C API * Add preamble-text command-line option * Accept variables as parameters of spirv_decorate_id ==== gnutls ==== - FIPS: Fix baselibs.conf to mention libgnutls30-hmac [bsc#1211476] Extend also the checks in gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch ==== imlib2 ==== Version update (1.11.0 -> 1.11.1) Subpackages: imlib2-loaders libImlib2-1 - update to 1.11.1: * imlib2: added loader for y4m files (uses liby4m and libyuv) * imlib2: add y4m test examples * Y4M loader: Various minor changes * autofoo: Tweak PACKAGE_DATA_DIR definition * XPM loader: Add rgb.txt * loaders: Fix loaders potentially being loaded more than once * loaders: Change method used to not unload loaders * Add JXL saver * loaders: Cosmetics ==== installation-images-MicroOS ==== Version update (17.86 -> 17.87) - merge gh#openSUSE/installation-images#646 - etc: update module.config to match 6.4 - 17.87 ==== javapackages-tools ==== Subpackages: javapackages-filesystem - Enable the tests also for older distributions - Require python3-xml (python-xml for distributions that use versioned modules), since module xml needed by some scripts. ==== kio-extras5 ==== Subpackages: kio-extras5-lang libkioarchive5 - Add some missing BuildRequires (boo#1211933) ==== kyotocabinet ==== - Update url to new website. ==== libX11 ==== Version update (1.8.4 -> 1.8.5) Subpackages: libX11-6 libX11-data libX11-xcb1 - Update to version 1.8.5 * gitlab CI: Add libtool to required packages * configure: raise minimum autoconf requirement to 2.70 * configure: replace deprecated AC_HELP_STRING with AS_HELP_STRING * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * gitlab CI: add workflow rules * nls: delete compose sequences that pointlessly mix upper and lower case * nls: remove four hundred and sixty untypable Greek compose sequences * nls: remove twenty two untypable Greek compose sequences * XSetScreenSaver.man: restore the part that was accidentally snipped * nls: make the Amharic compose sequences use the dead-vowel symbols * nls: sort three sequences alphabetically in their group, like all others * nls: delete six compose sequences that cannot be typed * nls: use a slash instead of a combining solidus in compose sequences * NLS: move long S compositions to respective blocks * NLS: implement the expansion of the six Breton N-graph keysyms * NLS: move dead-caron subscript compositions to the relevant Unicode block * NLS: Remove strange dead_cedilla cedi sign sequences * nls: add compose sequence for capital schwa, and delete a deviant one - Users of the Amharic (am_ET.UTF-8) compose key sequences provided by libX11 will also want to upgrade to xkeyboard-config 2.39 (releasing soon), in order to keep those sequeunces working with this release. ==== libapparmor ==== Version update (3.1.3 -> 3.1.4) - update to AppArmor 3.1.4 - parser: fix mount rules encoding (CVE-2016-1585) - aa-logprof: fix error when choosing named exec with plain profile names - aa-status: fix json output - several fixes for profiles and abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4 for the full upstream changelog ==== libdnf ==== Version update (0.70.0 -> 0.70.1) Subpackages: libdnf-repo-config-zypp libdnf2 - update to 0.70.1: * Add repoid to solver errors for RPMs (RhBug:2179413) * Avoid using obsolete RPM API and drop redundant calls * Remove DNF from list of protected packages - avoid bashism ==== libmfx ==== Version update (22.6.5 -> 23.2.2) - update to 23.2.2: * [Encode] Fix JPEG payload insertion on Linux * Update checking of bitsream left size (#3033) * [Decode] Fix memory out-of-bounds issue for VP9 * [Decode] Fix memory out-of-bounds issue for VP8 * [Decode]Remove AVC level 6.0 check * [Decode]Fix hevc decode issue * hevce: use Low Power mode for RGB encoding by default ==== libproxy ==== - Only build mono support on openSUSE, not SLE nor SUSE ALP. ==== libproxy-plugins ==== Subpackages: libproxy1-config-gnome3 libproxy1-config-kde libproxy1-networkmanager libproxy1-pacrunner-duktape - Only build mono support on openSUSE, not SLE nor SUSE ALP. ==== libreoffice ==== Version update (7.5.3.2 -> 7.5.4.1) Subpackages: libreoffice-base libreoffice-branding-upstream libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Update to 7.5.4.1: https://wiki.documentfoundation.org/Releases/7.5.4/RC1 - Update bundled dependencies: * gpgme-1.16.0.tar.bz2 -> gpgme-1.18.0.tar.bz2 * curl-7.86.0.tar.xz -> curl-8.0.1.tar.xz * icu4c-71_1-src.tgz -> icu4c-72_1-src.tgz * icu4c-71_1-data.zip -> icu4c-72_1-data.zip ==== librsvg ==== Version update (2.56.0 -> 2.56.1) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Update to version 2.56.1: + The minimum supported Rust version (MSRV) is 1.65. Unfortunately the assert_cmd crate, used in the test suite, bumped its MSRV and is forcing us to do the same. + Shrink the shared library by telling the linker to omit unused code. + Updates to dependencies. ==== libstorage-ng ==== Version update (4.5.112 -> 4.5.115) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.115 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.114 - Translated using Weblate (Indonesian) (bsc#1149754) - 4.5.113 ==== libxcrypt ==== Version update (4.4.33 -> 4.4.34) - Update to 4.4.34 * Optimize some cast operation for performance in lib/alg-yescrypt-platform.c. * Add SHA-2 Maj() optimization proposed by Wei Dai in lib/alg-sha512.c. * Explicitly clean the stack and context state after computation in lib/alg-gost3411-2012-hmac.c, lib/alg-hmac-sha1.c, and lib/alg-sha256.c (issue #168). ==== libyui ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong ==== libyui-ncurses ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong ==== libyui-ncurses-pkg ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong ==== libyui-qt ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong ==== libyui-qt-graph ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong ==== libyui-qt-pkg ==== Version update (4.5.2 -> 4.6.0) - NCurses UI: Prevent buffer overflow when drawing very wide labels (bsc#1211354) - 4.6.0 - Cherry-picked BLumia's patch from community PR #97: CMake: use pkg-config to find and use ncurses libs by Wang Zichong ==== lua54 ==== Version update (5.4.4 -> 5.4.6) - Library is always liblua5_4-5: due to SOVERSION leading digit being 5 - Final release of 5.4.6. No change in the changelog. - Experimenting with lua 5.4.6-rc1 (release 5.4.5 has been effectively withdrawn). - Update to 5.4.5: - this is a bug-fix release. - Lua 5.4.5 also contains several internal improvements and includes a revised reference manual - Remove upstreamed patches: - luabugs1.patch - luabugs10.patch - luabugs11.patch - luabugs2.patch - luabugs3.patch - luabugs4.patch - luabugs5.patch - luabugs6.patch - luabugs7.patch - luabugs8.patch - luabugs9.patch ==== man-pages ==== Version update (6.02 -> 6.04) - update to 6.04: * Newly documented interfaces in existing pages * proc.5 KPF_PGTABLE (Linux 4.18) * landlock.7 LANDLOCK_ACCESS_FS_REFER (Linux 5.19) * udp.7 UDP_GRO (Linux 5.0) UDP_SEGMENT (Linux 4.18) * Changes to individual pages ==== manpages-l10n ==== Version update (4.18.1 -> 4.19.0) Subpackages: man-pages-cs man-pages-da man-pages-de man-pages-el man-pages-es man-pages-fr man-pages-hu man-pages-it man-pages-pl man-pages-pt_BR man-pages-ru - Update to version 4.19.0: Updated and added many translations. ==== mariadb-connector-c ==== Version update (3.3.4 -> 3.3.5) - update to 3.3.5: * https://mariadb.com/kb/en/mariadb-connector-c-3-3-5-release-notes/ ==== mozilla-nss ==== Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs - Move testsuite to %check-section and move env-variables to files for easier chroot-debugging ==== ncurses ==== Version update (6.4.20230506 -> 6.4.20230520) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20230520 + fixes for compiler warnings in MinGW environments. - Add ncurses patch 20230514 + modify test-package "ncurses6-doc" to use manpage-aliases, which in turn required a change to the configure script to factor in the extra-suffix option when deriving alias names. + add mode 1004 to xterm+sm+1006 from xterm #380 -TD - Port and correct offsets of patch ncurses-6.4.dif ==== openssl-3 ==== Version update (3.0.8 -> 3.1.1) Subpackages: libopenssl3 - Update to 3.1.1: * Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate (CVE-2023-2650, bsc#1211430) * Multiple algorithm implementation fixes for ARM BE platforms. * Added a -pedantic option to fipsinstall that adjusts the various settings to ensure strict FIPS compliance rather than backwards compatibility. * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can trigger a crash of an application using AES-XTS decryption if the memory just after the buffer being decrypted is not mapped. Thanks to Anton Romanov (Amazon) for discovering the issue. (CVE-2023-1255, bsc#1210714) * Add FIPS provider configuration option to disallow the use of truncated digests with Hash and HMAC DRBGs (q.v. FIPS 140-3 IG D.R.). The option '-no_drbg_truncated_digests' can optionally be supplied to 'openssl fipsinstall'. * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that it does not enable policy checking. Thanks to David Benjamin for discovering this issue. (CVE-2023-0466, bsc#1209873) * Fixed an issue where invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. (CVE-2023-0465, bsc#1209878) * Limited the number of nodes created in a policy tree to mitigate against CVE-2023-0464. The default limit is set to 1000 nodes, which should be sufficient for most installations. If required, the limit can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build time define to a desired maximum number of nodes or zero to allow unlimited growth. (CVE-2023-0464, bsc#1209624) * Update openssl.keyring with key A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C (Tomas Mraz) * Rebased patches: - openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch - openssl-Add_support_for_Windows_CA_certificate_store.patch * Removed patches: - openssl-CVE-2023-0464.patch - openssl-Fix-OBJ_nid2obj-regression.patch - openssl-CVE-2023-0465.patch - openssl-CVE-2023-0466.patch - FIPS: Merge libopenssl3-hmac package into the library [bsc#1185116] - Add support for Windows CA certificate store [bsc#1209430] https://github.com/openssl/openssl/pull/18070 * Add openssl-Add_support_for_Windows_CA_certificate_store.patch - Security Fix: [CVE-2023-0465, bsc#1209878] * Invalid certificate policies in leaf certificates are silently ignored * Add openssl-CVE-2023-0465.patch - Security Fix: [CVE-2023-0466, bsc#1209873] * Certificate policy check not enabled * Add openssl-CVE-2023-0466.patch - Fix regression in the OBJ_nid2obj() function: [bsc#1209430] * Upstream https://github.com/openssl/openssl/issues/20555 * Add openssl-Fix-OBJ_nid2obj-regression.patch - Fix compiler error "initializer element is not constant" on s390 * Add openssl-z16-s390x.patch - Security Fix: [CVE-2023-0464, bsc#1209624] * Excessive Resource Usage Verifying X.509 Policy Constraints * Add openssl-CVE-2023-0464.patch - Pass over with spec-cleaner - Update to 3.1.0: * Add FIPS provider configuration option to enforce the Extended Master Secret (EMS) check during the TLS1_PRF KDF. The option '-ems-check' can optionally be supplied to 'openssl fipsinstall'. * The FIPS provider includes a few non-approved algorithms for backward compatibility purposes and the "fips=yes" property query must be used for all algorithm fetches to ensure FIPS compliance. The algorithms that are included but not approved are Triple DES ECB, Triple DES CBC and EdDSA. * Added support for KMAC in KBKDF. * RNDR and RNDRRS support in provider functions to provide random number generation for Arm CPUs (aarch64). * s_client and s_server apps now explicitly say when the TLS version does not include the renegotiation mechanism. This avoids confusion between that scenario versus when the TLS version includes secure renegotiation but the peer lacks support for it. * AES-GCM enabled with AVX512 vAES and vPCLMULQDQ. * The various OBJ_* functions have been made thread safe. * Parallel dual-prime 1536/2048-bit modular exponentiation for AVX512_IFMA capable processors. * The functions OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio, OPENSSL_LH_node_stats_bio and OPENSSL_LH_node_usage_stats_bio are now marked deprecated from OpenSSL 3.1 onwards and can be disabled by defining OPENSSL_NO_DEPRECATED_3_1. The macro DEFINE_LHASH_OF is now deprecated in favour of the macro DEFINE_LHASH_OF_EX, which omits the corresponding type-specific function definitions for these functions regardless of whether OPENSSL_NO_DEPRECATED_3_1 is defined. Users of DEFINE_LHASH_OF may start receiving deprecation warnings for these functions regardless of whether they are using them. It is recommended that users transition to the new macro, DEFINE_LHASH_OF_EX. * When generating safe-prime DH parameters set the recommended private key length equivalent to minimum key lengths as in RFC 7919. * Change the default salt length for PKCS#1 RSASSA-PSS signatures to the maximum size that is smaller or equal to the digest length to comply with FIPS 186-4 section 5. This is implemented by a new option OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX ("auto-digestmax") for the rsa_pss_saltlen parameter, which is now the default. Signature verification is not affected by this change and continues to work as before. * Update openssl.keyring with key 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 (Matt Caswell) ==== openssl ==== Version update (3.0.8 -> 3.1.1) - Update to 3.1.1 - Update to 3.1.0 ==== perl-Bootloader ==== Version update (1.1 -> 1.2) - merge gh#openSUSE/perl-bootloader#148 - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - 1.2 ==== perl-IO-Socket-SSL ==== Version update (2.081 -> 2.083) - updated to 2.083 see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes 2.083 2023/05/18 - fix t/protocol_version.t for OpenSSL versions which don't support SECLEVEL (regression from #122) 2.082 2023/05/17 - SSL_version default now TLS 1.2+ since TLS 1.1 and lower deprecated #122 - fix output of alert string when debugging #132 - improve regex for hostname validation #130, #126 - add can_ciphersuites subroutine for feature checking #127 - Utils::CERT_create - die if unexpected arguments are given instead of ignoring these ==== perl-libwww-perl ==== Version update (6.68 -> 6.70) - updated to 6.70 see /usr/share/doc/packages/perl-libwww-perl/Changes 6.70 2023-04-30 13:22:56Z - Add cookie_jar_class attribute to allow different cookie jar modules to be used more easily (GH#91) (Tom Hukins, Julien Fiegehenn) - POD now contains all default attributes (GH#428) (Julien Fiegehenn) 6.69 2023-04-29 13:14:31Z - Timeouts for cached connections now update (GH#73) (Eric Johnson) - The conn_cache() can now be unset (GH#424) (Julien Fiegehenn) - LWP::Protocol now only attempts to load modules once (GH#62) (Burak Gursoy) - Fix a bug in no_proxy that allowed partial matches to a proxy address to disable a proxy (GH#421) (Julien Fiegehenn) ==== podman ==== Version update (4.5.0 -> 4.5.1) Subpackages: podman-cni-config - Update to version 4.5.1: * Release v4.5.1 * [CI:DOCS] Final release notes for v4.5.1 * [CI:BUILD] Packit: set propose-downstream action type to pre-sync * Revert "Resolve symlink path for qemu directory if possible" * no need for podman-next rpm test on maint branch * [CI:BUILD] Packit: add jobs for downstream Fedora package builds * libpod: configureNetNS() tear down on errors * libpod: rootlessNetNs.Cleanup() fix error message * network create/update: allow dns servers comma separated * machine: fix default connection URL to use 127.0.0.1 * compat: accept tag in /images/create?fromSrc * compat container create: match duplicate mounts correctly * machine: qemu only remove connection after confirmation * windows: podman save allow the use of stdout * remote: exec inspect update exec session status * podman-remote logs: handle server error correctly * libpod: stop containers with --restart=always * Do not include image annotations when building spec * [v4.5] system tests: fix race in kube-play read-only * api: fix parsing filters * Support systemd optional prefix '-' for devices. * *: migrate image registry to registry.k8s.io * Makefile: include `release-artifacts` target * [CI:BUILD] Packit: Initial Enablement * Bump to v4.5.1-dev ==== python-gevent ==== - handle-python-ssl-changes.patch: refresh to handle ssl.shared_ciphers() behavior change in python 3.11 as well ==== python-pycryptodome ==== Version update (3.17.0 -> 3.18.0) - update to 3.18.0: * Added support for DER BOOLEAN encodings. * The library now compiles on Windows ARM64. Thanks to Niyas Sait. * GH#722: ``nonce`` attribute was not correctly set for XChaCha20_Poly1305 ciphers. Thanks to Liam Haber. * GH#728: Workaround for a possible x86 emulator bug in Windows for ARM64. * GH#739: OID encoding for arc 2 didn't accept children larger than 39. Thanks to James. * Correctly check that the scalar matches the point when importing an ECC private key. ==== python-rich ==== Version update (13.3.5 -> 13.4.1) - update to 13.4.1: * Fixed typing extensions import in markdown #2979 - update to 13.4.0: * Added support for tables in Markdown #2977 ==== python-rpm ==== - add _multibuild for multiple .spec-files ==== python-tornado6 ==== Version update (6.2 -> 6.3.2) - New upstream release 6.3.2 - Security improvements - Fixed an open redirect vulnerability in StaticFileHandler under certain configurations. - ``tornado.web`` - `.RequestHandler.set_cookie` once again accepts capitalized keyword arguments for backwards compatibility. This is deprecated and in Tornado 7.0 only lowercase arguments will be accepted. - What's new in Tornado 6.3.0 - The new `.Application` setting ``xsrf_cookie_name`` can now be used to take advantage of the ``__Host`` cookie prefix for improved security. To use it, add ``{"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs": {"secure": True}}`` to your `.Application` settings. Note that this feature currently only works when HTTPS is used. - `.WSGIContainer` now supports running the application in a ``ThreadPoolExecutor`` so the event loop is no longer blocked. - `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2, are no longer deprecated. - WebSockets are now much faster at receiving large messages split into many fragments. - General changes - Python 3.7 is no longer supported; the minimum supported . Python version is 3.8 Python 3.12 is now supported . - To avoid spurious deprecation warnings, users of Python 3.10 should upgrade to at least version 3.10.9, and users of Python 3.11 should upgrade to at least version 3.11.1. - Tornado submodules are now imported automatically on demand. This means it is now possible to use a single ``import tornado`` statement and refer to objects in submodules such as `tornado.web.RequestHandler`. - Deprecation notices - In Tornado 7.0, `tornado.testing.ExpectLog` will match ``WARNING`` and above regardless of the current logging configuration, unless the ``level`` argument is used. - `.RequestHandler.get_secure_cookie` is now a deprecated alias for `.RequestHandler.get_signed_cookie`. `.RequestHandler.set_secure_cookie` is now a deprecated alias for `.RequestHandler.set_signed_cookie`. - `.RequestHandler.clear_all_cookies` is deprecated. No direct replacement is provided; `.RequestHandler.clear_cookie` should be used on individual cookies. - Calling the `.IOLoop` constructor without a ``make_current`` argument, which was deprecated in Tornado 6.2, is no longer deprecated. - `.AsyncTestCase` and `.AsyncHTTPTestCase`, which were deprecated in Tornado 6.2, are no longer deprecated. - `.AsyncTestCase.get_new_ioloop` is deprecated. - ``tornado.auth`` - New method `.GoogleOAuth2Mixin.get_google_oauth_settings` can now be overridden to get credentials from a source other than the `.Application` settings. - ``tornado.gen`` - `contextvars` now work properly when a ``@gen.coroutine`` calls a native coroutine. - ``tornado.options`` - `~.OptionParser.parse_config_file` now recognizes single comma-separated strings (in addition to lists of strings) for options with ``multiple=True``. - ``tornado.web`` - New `.Application` setting ``xsrf_cookie_name`` can be used to change the name of the XSRF cookie. This is most useful to take advantage of the ``__Host-`` cookie prefix. - `.RequestHandler.get_secure_cookie` and `.RequestHandler.set_secure_cookie` (and related methods and attributes) have been renamed to `~.RequestHandler.get_signed_cookie` and `~.RequestHandler.set_signed_cookie`. This makes it more explicit what kind of security is provided, and avoids confusion with the ``Secure`` cookie attribute and ``__Secure-`` cookie prefix. The old names remain supported as deprecated aliases. - `.RequestHandler.clear_cookie` now accepts all keyword arguments accepted by `~.RequestHandler.set_cookie`. In some cases clearing a cookie requires certain arguments to be passed the same way in which it was set. - `.RequestHandler.clear_all_cookies` now accepts additional keyword arguments for the same reason as ``clear_cookie``. However, since the requirements for additional arguments mean that it cannot reliably clear all cookies, this method is now deprecated. - ``tornado.websocket`` - It is now much faster (no longer quadratic) to receive large messages that have been split into many fragments. - `.websocket_connect` now accepts a ``resolver`` parameter. - ``tornado.wsgi`` - `.WSGIContainer` now accepts an ``executor`` parameter which can be used to run the WSGI application on a thread pool. - What's new in Tornado 6.2.0 - Deprecation notice - Python 3.10 has begun the process of significant changes to the APIs for managing the event loop. Calls to methods such as `asyncio.get_event_loop` may now raise `DeprecationWarning` if no event loop is running. This has significant impact on the patterns for initializing ... changelog too long, skipping 101 lines ... - Remove upstreamed ignore-py310-deprecation-warnings.patch ==== python-zope.event ==== - Switch documentation to be within the main package. ==== qemu ==== Version update (8.0.0 -> 8.0.2) - Update to version 8.0.2: * Stability, security and bug fixes - Patch added: * [openSUSE][RPM] Update to version 8.0.2 ==== rpm ==== Subpackages: librpmbuild9 - add _multibuild for multiple .spec-files ==== shaderc ==== Version update (2023.2 -> 2023.4) - Update to release 2023.4 * Add option to preserve bindings * Add options to control mesh shading limits ==== texlive ==== - Move the provides of pdfjam to its usecase (boo#1211877) ==== tracker ==== Version update (3.5.2 -> 3.5.3) Subpackages: libtracker-sparql-3_0-0 tracker-data-files tracker-lang - Update to version 3.5.3: + Build fixes around strftime() bug workarounds on some architectures/platforms. + Improved compatibility of JSON cursor readers. + Leaks plugged. - Drop 63ea8f1a.patch: Fixed upstream. - Drop %systemd_user_postun_with_restart macro from the %postun directive. It's been deprecated and emptied (expands to nil) on both Tumbleweed and Leap already. - Comment unneded "/usr/bin/env python3" shebang line on utils/ trackertestutils/__main__.py Python script. - Change tracker-data-files package's architecture to noarch, as it doesn't contain any binaries. ==== vulkan-loader ==== Version update (1.3.247 -> 1.3.250.0) - Update to release SDK-1.3.250.0 * No changes over 1.3.247 [SDK-250 is a branch of regular-243 with some cherry-picks bringing it to roughly regular-247; there is little relation to regular-250] ==== vulkan-tools ==== Version update (1.3.247 -> 1.3.250.0) - Update to release SDK-1.3.250.0 * vulkaninfo: Issue flush before exiting ==== webkit2gtk3 ==== Version update (2.40.1 -> 2.40.2) Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.40.2 (boo#1211846): + Fix scrollbar jumping to top when drag released outside window in GTK4. + Fix video rendering when GL is disabled. + Fix flickering on looped videos when starting again. + Fix CPU usage on autoplaying videos. + Choose amount of painting threads depending on available CPU cores on GTK4. + Fix several crashes and rendering issues. + Security fixes: CVE-2023-28204 CVE-2023-32373 (boo#1211658 boo#1211659). - Drop gcc13-fix.patch: fixed upstream. ==== webkit2gtk4 ==== Version update (2.40.1 -> 2.40.2) Subpackages: WebKitGTK-6.0-lang libjavascriptcoregtk6_0-1 libwebkitgtk6_0-4 webkitgtk-6_0-injected-bundles - Update to version 2.40.2 (boo#1211846): + Fix scrollbar jumping to top when drag released outside window in GTK4. + Fix video rendering when GL is disabled. + Fix flickering on looped videos when starting again. + Fix CPU usage on autoplaying videos. + Choose amount of painting threads depending on available CPU cores on GTK4. + Fix several crashes and rendering issues. + Security fixes: CVE-2023-28204 CVE-2023-32373 (boo#1211658 boo#1211659). - Drop gcc13-fix.patch: fixed upstream. ==== yast2-control-center ==== Version update (4.6.0 -> 4.6.1) Subpackages: yast2-control-center-qt - Require xdg-utils since it's no longer required by desktop-data-openSUSE and yast-control-center-qt needs it to start modules with 'xdg-su'. (bsc#1211869) - 4.6.1