Packages changed: AppStream (0.16.0 -> 0.16.1) Mesa (22.3.5 -> 23.0.0) Mesa-drivers (22.3.5 -> 23.0.0) apache2-mod_php8 apparmor (3.1.2 -> 3.1.3) brotli curl (7.87.0 -> 7.88.1) enchant ffmpeg-5 flatpak (1.14.2 -> 1.14.3) gd kernel-source (6.1.12 -> 6.2.0) kexec-tools libHX (4.10 -> 4.12) libapparmor (3.1.2 -> 3.1.3) libcbor (0.10.1 -> 0.10.2) libgit2 (1.5.1 -> 1.5.2) libheif (1.14.2 -> 1.15.1) liburing linux-glibc-devel (6.1 -> 6.2) make (4.4 -> 4.4.1) openblas_openmp openblas_pthreads openexr patterns-base patterns-fonts php8 pinentry pinentry-gui python-apipkg python-pexpect python-pycurl qemu radvd strace (6.1 -> 6.2) sudo (1.9.13p1 -> 1.9.13p2) vim (9.0.1307 -> 9.0.1357) vlc xorg-x11-fonts xorg-x11-fonts-converted zsh === Details === ==== AppStream ==== Version update (0.16.0 -> 0.16.1) Subpackages: libAppStreamQt2 libappstream4 - Update to version 0.16.1: Specification: * docs: Clarify the locations where catalog icons should be placed * spec: Expand documentation for elements * spec: Mention that is not part of the description * spec: Give some guidance about tone in release descriptions Bugfixes: * Fix binding helper macro to behave correctly if a function is passed directly * Override-merge icons and provided items correctly * tests: Ensure locale is C.UTF-8 in pool tests Miscellaneous: * release: Add sanity checks at beginning of each function - Add ldconfig_scriptlets for libappstream-compose ==== Mesa ==== Version update (22.3.5 -> 23.0.0) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Add patch to fix GLX with indirect rendering: * n_Revert-glx-Only-compute-client-GL-extensions-for-ind.patch - Update to version 23.0.0 * first stable release of 2023 - refreshed patches * n_drirc-disable-rgb10-for-chromium-on-amd.patch * n_stop-iris-flicker.patch * u_dep_xcb.patch * u_fix-build-on-ppc64le.patch - adjusted n_no-sse2-on-ix86-except-for-intel-drivers.patch - meson: added -Dxmlconfig=enabled to fix link errors (missing "-lexpat") ==== Mesa-drivers ==== Version update (22.3.5 -> 23.0.0) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Add patch to fix GLX with indirect rendering: * n_Revert-glx-Only-compute-client-GL-extensions-for-ind.patch - Update to version 23.0.0 * first stable release of 2023 - refreshed patches * n_drirc-disable-rgb10-for-chromium-on-amd.patch * n_stop-iris-flicker.patch * u_dep_xcb.patch * u_fix-build-on-ppc64le.patch - adjusted n_no-sse2-on-ix86-except-for-intel-drivers.patch - meson: added -Dxmlconfig=enabled to fix link errors (missing "-lexpat") ==== apache2-mod_php8 ==== - change to %bcond conditional build dependencies ==== apparmor ==== Version update (3.1.2 -> 3.1.3) Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - update to AppArmor 3.1.3 - add support for more audit.log formats in libapparmor - add abstractions/groff (boo#1065388) - various additions in abstractions and profiles - several bug fixes in parser and utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.3 for the detailed upstream changelog - drop upstreamed patches: - abstractions-openssl-1_1.diff - dnsmasq-cpu-possible.diff - nscd-systemd-userdb.diff ==== brotli ==== Subpackages: libbrotlicommon1 libbrotlidec1 libbrotlienc1 - add 32bit devel package for Wine development. ==== curl ==== Version update (7.87.0 -> 7.88.1) Subpackages: libcurl4 - Update to 7.88.1: * Bugfix release - Drop upstreamed patch: * curl-fix-uninitialized-value-in-tests.patch - Update to 7.88.0: [bsc#1207990, CVE-2023-23914] [bsc#1207991, CVE-2023-23915] [bsc#1207992, CVE-2023-23916] * Security fixes: - CVE-2023-23914: HSTS ignored on multiple requests - CVE-2023-23915: HSTS amnesia with --parallel - CVE-2023-23916: HTTP multi-header compression denial of service * Changes: - curl.h: add CURL_HTTP_VERSION_3ONLY - share: add sharing of HSTS cache among handles - src: add --http3-only - tool_operate: share HSTS between handles - urlapi: add CURLU_PUNYCODE - writeout: add %{certs} and %{num_certs} * Bugfixes: - cf-socket: keep sockaddr local in the socket filters - cfilters:Curl_conn_get_select_socks: use the first non-connected filter - curl.h: allow up to 10M buffer size - curl.h: mark CURLSSLBACKEND_MESALINK as deprecated - curl/websockets.h: extend the websocket frame struct - curl: output warning at --verbose output for debug-enabled version - curl_free.3: fix return type of `curl_free` - curl_log: for failf/infof and debug logging implementations - dict: URL decode the entire path always - docs/DEPRECATE.md: deprecate gskit - easyoptions: fix header printing in generation script - haxproxy: send before TLS handhshake - hsts.d: explain hsts more - hsts: handle adding the same host name again - HTTP/[23]: continue upload when state.drain is set - http: decode transfer encoding first - http_aws_sigv4: remove typecasts from HMAC_SHA256 macro - http_proxy: do not assign data->req.p.http use local copy - lib: connect/h2/h3 refactor - libssh2: try sha2 algos for hostkey methods - md4: fix build with GnuTLS + OpenSSL v1 - ngtcp2: replace removed define and stop using removed function - noproxy: support for space-separated names is deprecated - nss: implement data_pending method - openldap: fix missing sasl symbols at build in specific configs - openssl: adapt to boringssl's error code type - openssl: don't ignore CA paths when using Windows CA store (redux) - openssl: don't log raw record headers - openssl: make the BIO_METHOD a local variable in the connection filter - openssl: only use CA_BLOB if verifying peer - openssl: remove attached easy handles from SSL instances - openssl: store the CA after first send (ClientHello) - setopt: use >, not >=, when checking if uarg is larger than uint-max - smb: return error on upload without size - socketpair: allow localhost MITM sniffers - strdup: name it Curl_strdup - tool_getparam: fix hiding of command line secrets - tool_operate: fix error codes on bad URL & OOM - tool_operate: repair --rate - transfer: break the read loop when RECV is cleared - typecheck: accept expressions for option/info parameters - urlapi: avoid Curl_dyn_addf() for hex outputs - urlapi: skip path checks if path is just "/" - urlapi: skip the extra dedotdot alloc if no dot in path - urldata: cease storing TLS auth type - urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP - urldata: make set.http200aliases conditional on HTTP being present - urldata: move the cookefilelist to the 'set' struct - urldata: remove unused struct fields, made more conditional - vquic: stabilization and improvements - vtls: fix hostname handling in filters - vtls: manage current easy handle in nested cfilter calls - vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used * Rebase libcurl-ocloexec.patch * Fix regression tests: f1d09231adfc695d15995b9ef2c8c6e568c28091 - runtests: fix "uninitialized value $port" - Add curl-fix-uninitialized-value-in-tests.patch ==== enchant ==== Subpackages: enchant-2-backend-hunspell enchant-data libenchant-2-2 - Use %bcond_without aspell, ref ALP push for as few mandatory dependencies as possible/ability to turn off dependencies. ==== ffmpeg-5 ==== Subpackages: libavcodec59 libavdevice59 libavfilter8 libavformat59 libavutil57 libpostproc56 libswresample4 libswscale6 - Add ``Requires: this-is-only-for-build-envs`` [boo#1208652] ==== flatpak ==== Version update (1.14.2 -> 1.14.3) Subpackages: flatpak-remote-flathub flatpak-zsh-completion libflatpak0 system-user-flatpak - Update to version 1.14.3: + When splitting an upgrade into two steps (download without installing, and then upgrade without allowing further downloads) like GNOME Software does, if an app is marked EOL and superseded by a replacement, don't remove the superseded app in the first step, which would result in the replacement incorrectly not being installed. + Fix a crash when --socket=gpg-agent is used. + Fix a crash when listing apps if one of them is broken or misconfigured. + If an app has invalid syntax in its overrides or metadata, mention the filename in the error message. + Unset $GDK_BACKEND for apps, ensuring GTK apps with - -socket=fallback-x11 can work. + Never try to export a parent of reserved directories as a - -filesystem, for example /run, which would prevent the app from starting. + Never try to export a --filesystem below /run/flatpak or /run/host, which could similarly prevent the app from starting. + The above change also fixes apps not starting if a --filesystem is a symlink to the root directory. + Show a warning when the --filesystem exists but cannot be shared with the sandbox. - Drop flatpak-fix-gpg-agent-double-free.patch: Fixed upstream. ==== gd ==== Subpackages: libgd3 - add %bcond for avif - fix dejavu fonts package name in BR ==== kernel-source ==== Version update (6.1.12 -> 6.2.0) - Update to 6.2 final - refresh configs - commit 28fe266 - Update config files. Disable CONFIG_BLK_CGROUP_IOPRIO. io.prio.class is a misdesigned mechanism that doesn't fit well with the cgroup (especially v2): - it's not properly hierarchical - cgroup-wise: parent cgroup has no contol over child cgroup - task-wise: priority impact outside of a cgroup (i.e. affects cousins competition) - it's not device dependent (device oblivious) Disable it in openSUSE Tumbleweed (and future products) so that we don't teach users to use it and force ourselves to support it. - commit 35713cd ==== kexec-tools ==== - kexec-bootloader: Add -a argument to load using kexec_load_file() when available (boo#1202820). ==== libHX ==== Version update (4.10 -> 4.12) - Update to release 4.12 * Plug a memory leak in HX_inet_listen - Update to release 4.11 * Four new socket utility functions ==== libapparmor ==== Version update (3.1.2 -> 3.1.3) - update to AppArmor 3.1.3 - add support for more audit.log formats in libapparmor - add abstractions/groff (boo#1065388) - various additions in abstractions and profiles - several bug fixes in parser and utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.3 for the detailed upstream changelog - drop upstreamed patches: - abstractions-openssl-1_1.diff - dnsmasq-cpu-possible.diff - nscd-systemd-userdb.diff ==== libcbor ==== Version update (0.10.1 -> 0.10.2) - Update to 0.10.2: * Fixed minor test bug causing failures for x86 Linux * Made tests platform-independent ==== libgit2 ==== Version update (1.5.1 -> 1.5.2) - update to 1.5.2: * Improve SSH key handling functionality: examine all keys in known_hosts files for matches, to support remote hosts with multiple key types ==== libheif ==== Version update (1.14.2 -> 1.15.1) Subpackages: gdk-pixbuf-loader-libheif libheif1 - update to 1.15.1 * fix compilation without plugins - update to 1.15.0 * codec plugin system now also works with Windows * heif_convert: manually choose which decoder should be used * support for CLLI (content light level box), MDCV (mastering display colour volume), PASP (pixel aspect) information * ICC profile support in gdk-pixbuf loader * various fixes - build with plugins enabled on Tumbleweed - remove upstreamed patches - 2ca02a128b2f76f7f293aa86a2ce1e04a8306c65.patch - b6812284a2d70f29a5121ec3dbe652da07fdbbb7.patch ==== liburing ==== - add 0001-Do-not-always-expect-multishot-recv-to-stop-posting-.patch fixes tests with kernel 6.2 ==== linux-glibc-devel ==== Version update (6.1 -> 6.2) - Update to kernel headers 6.2 ==== make ==== Version update (4.4 -> 4.4.1) - Update to make 4.4.1 * WARNING: Backward-incompatibility! In previous releases it was not well-defined when updates to MAKEFLAGS made inside a makefile would be visible. This release ensures they are visible immediately, even when invoking $(shell ...) functions. * New feature: Parallel builds of archives Previously it was not possible to use parallel builds with archives. It is still not possible using the built-in rules, however you can now override the built-in rules with a slightly different set of rules and use parallel builds with archive creation. * Previously target-specific variables would inherit their "export" capability from parent target-specific variables even if they were marked private. Now private parent target-specific variables have no affect. - sigpipe-fatal.patch: removed ==== openblas_openmp ==== - Recreate old library scheme for existing products: It turned out the new scheme on existing systems has been causing package breakages. - Do not generate baselibs.conf for HPC builds. - Add support for gcc11 & 12. - For SLE/Leap on x86_64 and s390x do not mix compiler versions as this will make the gfortran ABI version inconsistent. Instead use the stock compiler and set the list of kernels for x86_64 cores explicitly as Cooperlake requires compiler intrinsics which are not provided by gcc 7. - Require at least 7G of disk space for building. ==== openblas_pthreads ==== - Recreate old library scheme for existing products: It turned out the new scheme on existing systems has been causing package breakages. - Do not generate baselibs.conf for HPC builds. - Add support for gcc11 & 12. - For SLE/Leap on x86_64 and s390x do not mix compiler versions as this will make the gfortran ABI version inconsistent. Instead use the stock compiler and set the list of kernels for x86_64 cores explicitly as Cooperlake requires compiler intrinsics which are not provided by gcc 7. - Require at least 7G of disk space for building. ==== openexr ==== Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30 - fltk not needed (openexr-3.1.5/ASWF/tsc-meetings/2021-01-14.md) ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - enhanced_base: + Drop systemd-sysvinit recommends: that package has been renamed to systemd-sysvcompat, but should not be needed on modern systems anymore. + Add systemd-coredump recommends: if already we see crashes, it'd be good if users can report usable bugs (boo#1208713). ==== patterns-fonts ==== Subpackages: patterns-fonts-fonts patterns-fonts-fonts_opt - Switch efont-unicode-bitmap-fonts with babelstone-han-fonts * The efonts have not been updated since 2004 * Babelstone Han fonts just got another update on Jan 1 2023 ==== php8 ==== Subpackages: php8-cli php8-ctype php8-dom php8-gd php8-gettext php8-iconv php8-mbstring php8-mysql php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - change to %bcond conditional build dependencies ==== pinentry ==== - add %bcond option to disable fltk backend ==== pinentry-gui ==== Subpackages: pinentry-gnome3 pinentry-gtk2 pinentry-qt5 - add %bcond option to disable fltk backend ==== python-apipkg ==== - Don't use fdupes -s, it hurts. ==== python-pexpect ==== - Clean up SPEC file ==== python-pycurl ==== - Disable http3 tests if it's not supported ==== qemu ==== Subpackages: qemu-arm qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-ipxe qemu-ksm qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios - Fix build issue with Linux 6.2's headers (bsc#1208657) by dropping linux-user-add-more-compat-ioctl-definit.patch and adding Revert-linux-user-fix-compat-with-glibc-.patch - Patches meson-enforce-a-minimum-Linux-kernel-hea.patch and linux-user-drop-conditionals-for-obsolet.patch were added as downstream patches as they were part of a series, but they never made it upstream, so we don't want them here either * Patches dropped: linux-user-add-more-compat-ioctl-definit.patch linux-user-drop-conditionals-for-obsolet.patch meson-enforce-a-minimum-Linux-kernel-hea.patch * Patches added: Revert-linux-user-fix-compat-with-glibc-.patch - Fixes bsc#1197653, CVE-2022-1050 * Patches added: block-Handle-curl-7.55.0-7.85.0-version-.patch hw-pvrdma-Protect-against-buggy-or-malic.patch ==== radvd ==== - /run/radvd/ is owned by the radvd group, not daemon - Drop redundant directory creation in %post ==== strace ==== Version update (6.1 -> 6.2) - Update to strace 6.2 * Implemented collision resolution for overlapping ioctl commands from tty and snd subsystems. * Implemented decoding of IFLA_BRPORT_MAB and IFLA_DEVLINK_PORT netlink attributes. * Updated lists of ALG_*, BPF_*, IFLA_*, KEY_*, KVM_*, LANDLOCK_*, MEMBARRIER_*, NFT_*, NTF_*, and V4L2_* constants. * Updated lists of ioctl commands from Linux 6.2. ==== sudo ==== Version update (1.9.13p1 -> 1.9.13p2) Subpackages: sudo-plugin-python - Update to 1.9.13p2: Fixed the --enable-static-sudoers option, broken in sudo 1.9.13. GitHub issue #245. Fixed a potential double-free bug when matching a sudoers rule that contains a per-command chroot directive (CHROOT=dir). This bug was introduced in sudo 1.9.8. [bsc#1208595] ==== vim ==== Version update (9.0.1307 -> 9.0.1357) Subpackages: vim-data vim-data-common - Updated to version 9.0.1357, fixes the following problems * Setting 'formatoptions' with :let doesn't check for errors. * The code for setting options is too complicated. * Scrolling two lines with even line count and 'scrolloff' set. * 'splitkeep' test has failures. * Coverity warns for using a NULL pointer. * Cursor position wrong when splitting window in insert mode. * Some settings use the current codepage instead of 'encoding'. * :messages behavior depends on 'fileformat' of current buffer. * Escaping for completion of map command not properly tested. * Crash when using an unset object variable. * Code style test fails. * PRQL files are not recognized. * Checking the type of a null object causes a crash. * vimscript test fails where using {expr} syntax. * Crash when indexing "any" which is an object. * Build failure with +eval feature. * "gj" and "gk" do not move correctly over a closed fold. * 'colorcolumn' highlight wrong with virtual text above. * Relative line number not updated with virtual text above. * Cursor in wrong position below line with virtual text below ending in multi-byte character. * Error when using "none" for GUI color is confusing. * Completion of map includes simplified ones. * Handling new value of an option has a long "else if" chain. * Illegal memory access when using :ball in Visual mode. * Crash when using buffer-local user command in cmdline window. (Karl Yngve LervÄg) * When redo'ing twice may not get the script ID. * Using tt_member for the class leads to mistakes. * No test for bad use of spaces in help files. * Functions without arguments are not always declared properly. * Yuck files are not recognized. * :defcompile and :disassemble can't find class method. (Ernie Rael) * No test for :disassemble with class function. * Coverity warns for using NULL pointer. * Build error with mzscheme but without GUI. * Check for OSC escape sequence doesn't work. * Too many "else if" statements for handling options. * Starlark files are not recognized. * "gr CTRL-O" stays in Insert mode. (Pierre Ganty) * Un-grammar files are not recognized. * "gr" with a count fails. * CPON files are not recognized. * Dhall files are not recognized. * "ignore" files are outdated. * Too many "else if" statements to handle option values. * "gr CTRL-G" stays in virtual replace mode. (Pierre Ganty) * No error when declaring a class twice. (Ernie Rael) * Cannot cancel "gr" with Esc. * Using null_object results in an internal error. (Ernie Rael) ==== vlc ==== Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau - xosd plugin was removed in 5adefde - Add 104-playback-bar.patch: Backport fix for the playback bar (commit 60771fe7) ==== xorg-x11-fonts ==== Subpackages: xorg-x11-fonts-core xorg-x11-fonts-legacy - encodings-1.0.7 font-adobe-75dpi-1.0.4 font-adobe-utopia-100dpi-1.0.5 font-adobe-utopia-75dpi-1.0.5 font-adobe-utopia-type1-1.0.5 font-alias-1.0.5 font-arabic-misc-1.0.4 font-bh-100dpi-1.0.4 font-bh-75dpi-1.0.4 font-bh-lucidatypewriter-100dpi-1.0.4 font-bh-lucidatypewriter-75dpi-1.0.4 font-bh-ttf-1.0.4 font-bh-type1-1.0.4 font-bitstream-100dpi-1.0.4 font-bitstream-75dpi-1.0.4 font-bitstream-type1-1.0.4 font-cronyx-cyrillic-1.0.4 font-cursor-misc-1.0.4 font-daewoo-misc-1.0.4 font-dec-misc-1.0.4 font-ibm-type1-1.0.4 font-isas-misc-1.0.4 font-jis-misc-1.0.4 font-micro-misc-1.0.4 font-misc-cyrillic-1.0.4 font-misc-ethiopic-1.0.5 font-misc-meltho-1.0.4 font-misc-misc-1.1.3 font-mutt-misc-1.0.4 font-schumacher-misc-1.1.3 font-screen-cyrillic-1.0.5 font-sony-misc-1.0.4 font-sun-misc-1.0.4 font-winitzki-cyrillic-1.0.4 font-xfree86-type1-1.0.5 * These releases bundle up the last twelve years worth of build system improvements, including making the configure script more efficient and using the -n flag to gzip to improve build reproducibility. - font-adobe-100dpi 1.0.4 * This release bundles up the last twelve years worth of build system improvements, including making the configure script more efficient and using the -n flag to gzip to improve build reproducibility. ==== xorg-x11-fonts-converted ==== - encodings-1.0.7 font-adobe-75dpi-1.0.4 font-adobe-utopia-100dpi-1.0.5 font-adobe-utopia-75dpi-1.0.5 font-adobe-utopia-type1-1.0.5 font-alias-1.0.5 font-arabic-misc-1.0.4 font-bh-100dpi-1.0.4 font-bh-75dpi-1.0.4 font-bh-lucidatypewriter-100dpi-1.0.4 font-bh-lucidatypewriter-75dpi-1.0.4 font-bh-ttf-1.0.4 font-bh-type1-1.0.4 font-bitstream-100dpi-1.0.4 font-bitstream-75dpi-1.0.4 font-bitstream-type1-1.0.4 font-cronyx-cyrillic-1.0.4 font-cursor-misc-1.0.4 font-daewoo-misc-1.0.4 font-dec-misc-1.0.4 font-ibm-type1-1.0.4 font-isas-misc-1.0.4 font-jis-misc-1.0.4 font-micro-misc-1.0.4 font-misc-cyrillic-1.0.4 font-misc-ethiopic-1.0.5 font-misc-meltho-1.0.4 font-misc-misc-1.1.3 font-mutt-misc-1.0.4 font-schumacher-misc-1.1.3 font-screen-cyrillic-1.0.5 font-sony-misc-1.0.4 font-sun-misc-1.0.4 font-winitzki-cyrillic-1.0.4 font-xfree86-type1-1.0.5 * These releases bundle up the last twelve years worth of build system improvements, including making the configure script more efficient and using the -n flag to gzip to improve build reproducibility. - font-adobe-100dpi 1.0.4 * This release bundles up the last twelve years worth of build system improvements, including making the configure script more efficient and using the -n flag to gzip to improve build reproducibility. ==== zsh ==== - Disabled zsh-sh subpackage generation for Leap 15.4 to prevent an error when building the package. - don't require yodl for build, doc is not regenerated anyway