Packages changed: Mesa (23.1.6 -> 23.1.7) Mesa-drivers (23.1.6 -> 23.1.7) aaa_base (84.87+git20230329.b39efbc -> 84.87+git20230815.cab7b44) btrfsprogs (6.3 -> 6.5) busybox-links cockpit (298 -> 300.1) cockpit-podman (74 -> 76) conmon (2.1.7 -> 2.1.8) coreutils (9.3 -> 9.4) dracut (059+suse.491.g87f19c22 -> 059+suse.497.ga7feaf12) gcab (1.5 -> 1.6) kdump kexec-tools (2.0.26.0 -> 2.0.27) lastlog2 (1.1.0 -> 1.2.0) libportal (0.6 -> 0.7) libstorage-ng (4.5.139 -> 4.5.141) open-vm-tools (12.2.0 -> 12.3.0) pam-config (2.5 -> 2.8) perl-Bootloader (1.6 -> 1.8) python-PyJWT (2.7.0 -> 2.8.0) python-click (8.1.6 -> 8.1.7) python-psutil python-zope.event (4.6 -> 5.0) python311 (3.11.4 -> 3.11.5) python311-core (3.11.4 -> 3.11.5) sssd (2.9.1 -> 2.9.2) === Details === ==== Mesa ==== Version update (23.1.6 -> 23.1.7) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Update to bugfix release 23.1.7: - -> https://docs.mesa3d.org/relnotes/23.1.7.html - mini-cleanup for python package BuildRequires in specfile - added python3-dataclasses package for sle15/Leap15 to finally fix build for these build targets; dataclasses module is in standard library of python >= 3.7 ... ==== Mesa-drivers ==== Version update (23.1.6 -> 23.1.7) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Update to bugfix release 23.1.7: - -> https://docs.mesa3d.org/relnotes/23.1.7.html - mini-cleanup for python package BuildRequires in specfile - added python3-dataclasses package for sle15/Leap15 to finally fix build for these build targets; dataclasses module is in standard library of python >= 3.7 ... ==== aaa_base ==== Version update (84.87+git20230329.b39efbc -> 84.87+git20230815.cab7b44) Subpackages: aaa_base-extras - Update to version 84.87+git20230815.cab7b44: * Remove broken autocompletion overrides and restore default bash behavior * Add foot to DIR_COLORS * files/u/s/sysconf_addword: avoid bashism, fix shellcheck warnings * files/u/s/smart_agetty: replace shebang with /bin/sh * files/u/s/service: avoid bashism, fix shellcheck warnings * files/u/s/refresh_initrd: make POSIX compliant * files/u/b/safe-rm: make POSIX compliant * aaa_base.post: replace shebang with /usr/sh * files/u/b/old: make POSIX compliant ==== btrfsprogs ==== Version update (6.3 -> 6.5) Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1 - update to 6.5: * crc32c implementation speedup (3x) * btrfstune: * be more strict about option combinations and refuse changing features from incompatible groups * metadata_uuid changes fixes * libbtrfs: fix ABI breakage introduced in 6.3.1, revert struct subvol_info and subvol_uuid_search changes (bsc#1212217) * CI updates * pull request build tests enabled * published static binaries built with backward compatibility (-march=x86-64) * other * documentation updates * new and updated tests * experimental feature updates (json, list-chunks, checksum switch) * code refactoring * remove btrfs-fragments - update to 6.3.3: * add btrfs-find-root to btrfs.box * replace: properly enqueue if there's another replace running * other: * CI updates, more tests enabled, code coverage, badges * documentation updates * build warning fixes - Let btrfsprogs-bash-completion conflict with btrfsprogs <= 6.2.1 as there is a file conflict with the bash completion scripts still being bundled with btrfsprogs in these versions. - update to 6.3.2: * fix mkfs and others on big endian hosts * mkfs: don't print changed defaults notice with --quiet * scrub: fix wrong stats of processed bytes in background and foreground mode * convert: actually create free-space-tree instead of v1 space cache * print-tree: recognize and print CHANGING_FSID_V2 flag (for the metadata_uuid change in progress) * other: documentation updates - update to 6.3.1: * convert: fix checksum of a block relocated from 0-1M range * qgroup show: fix formatting of limit values in json output * receive: report paret subovl UUID on errors * btrfsune: new option --convert-to-free-space-tree to convert from block-group-tree back to extent tree for block group tracking * mkfs: make option --rootdir more verbose and report start when filling from the given directory starts * experimental: * btrfstune: checksum switch logic reimplemented, conversion of all metadata and data now works, resume from various states also supported * other: * test updates and fixes * CI cleanups and old files removed * integration with Github actions - Remove patch: btrfs-progs-qgroup-show-fix-formatting-of-limit-valu.patch (upstreamed) ==== busybox-links ==== Subpackages: busybox-coreutils busybox-grep busybox-gzip busybox-hostname busybox-sed busybox-sendmail busybox-which busybox-xz - Add conflict for coreutils-systemd, package got splitted ==== cockpit ==== Version update (298 -> 300.1) Subpackages: cockpit-bridge cockpit-packagekit cockpit-system - new version 300.1 https://cockpit-project.org/blog/cockpit-300.html https://cockpit-project.org/blog/cockpit-299.html - Re-add pwscore dependency for SLE ==== cockpit-podman ==== Version update (74 -> 76) - New version 76: * performance and stability improvements - deps.patch: upstreamed, dropped ==== conmon ==== Version update (2.1.7 -> 2.1.8) - Update to version 2.1.8: * stdio: ignore EIO for terminals * ensure console socket buffers are properly sized * conmon: drop return after pexit() * ctrl: make accept4 failures fatal * logging: avoid opening /dev/null for each write * oom: restore old OOM score * Use default umask 0022 * cli: log parsing errors to stderr * Changes to build conmon for riscv64 * Changes to build conmon for ppc64le * Fix close_other_fds on FreeBSD ==== coreutils ==== Version update (9.3 -> 9.4) Subpackages: coreutils-doc - Update to 9.4: Bug fixes: * b2sum --check will no longer read unallocated memory when presented with malformed checksum lines. [bug introduced in coreutils-9.2] * cp --parents again succeeds when preserving mode for absolute directories. Previously it would have failed with a "No such file or directory" error. [bug introduced in coreutils-9.1] * cp --sparse=never will avoid copy-on-write (reflinking) and copy offloading, to ensure no holes present in the destination copy. [bug introduced in coreutils-9.0] * cksum again diagnoses read errors in its default CRC32 mode. [bug introduced in coreutils-9.0] * cksum --check now ensures filenames with a leading backslash character are escaped appropriately in the status output. This also applies to the standalone checksumming utilities. [bug introduced in coreutils-8.25] * dd again supports more than two multipliers for numbers. Previously numbers of the form '1024x1024x32' gave "invalid number" errors. [bug introduced in coreutils-9.1] * factor, numfmt, and tsort now diagnose read errors on the input. [This bug was present in "the beginning".] * install --strip now supports installing to files with a leading hyphen. Previously such file names would have caused the strip process to fail. [This bug was present in "the beginning".] * ls now shows symlinks specified on the command line that can't be traversed. Previously a "Too many levels of symbolic links" diagnostic was given. [This bug was present in "the beginning".] * pr --length=1 --double-space no longer enters an infinite loop. [This bug was present in "the beginning".] * tac now handles short reads on its input. Previously it may have exited erroneously, especially with large input files with no separators. [This bug was present in "the beginning".] * uptime no longer incorrectly prints "0 users" on OpenBSD, and is being built again on FreeBSD and Haiku. [bugs introduced in coreutils-9.2] * wc -l and cksum no longer crash with an "Illegal instruction" error on x86 Linux kernels that disable XSAVE YMM. This was seen on Xen VMs. [bug introduced in coreutils-9.0] Changes in behavior: * cp -v and mv -v will no longer output a message for each file skipped due to -i, or -u. Instead they only output this information with --debug. I.e., 'cp -u -v' etc. will have the same verbosity as before coreutils-9.3. * cksum -b no longer prints base64-encoded checksums. Rather that short option is reserved to better support emulation of the standalone checksum utilities with cksum. * mv dir x now complains differently if x/dir is a nonempty directory. Previously it said "mv: cannot move 'dir' to 'x/dir': Directory not empty", where it was unclear whether 'dir' or 'x/dir' was the problem. Now it says "mv: cannot overwrite 'x/dir': Directory not empty". Similarly for other renames where the destination must be the problem. [problem introduced in coreutils-6.0] - Enable systemd-logind support - Add gnulib-readutmp.patch: Fix seg.fault of who, pinky, uptime [dgo#65617] - Create -systemd flavor with binaries linked against libsystemd - Drop coreutils-invalid-ids.patch to get consistent behavior, most tools where already removed from that patch. - coreutils-misc.patch: adjust paths - coreutils-skip-some-sort-tests-on-ppc.patch: adjust paths - coreutils-test_without_valgrind.patch: adjust paths - coreutils-i18n.patch: update from Fedora ==== dracut ==== Version update (059+suse.491.g87f19c22 -> 059+suse.497.ga7feaf12) Subpackages: dracut-ima - Update to version 059+suse.497.ga7feaf12: * chore(suse): disable fips and ima subpackages for i?86 * fix(dracut.sh): remove microcode check based on CONFIG_MICROCODE_[AMD|INTEL] * chore(suse): update SUSE maintainers doc ==== gcab ==== Version update (1.5 -> 1.6) Subpackages: libgcab-1_0-0 - Update to version 1.6: + New Features: Allow specifying the allowed compression formats at runtime. This would allow us, for example, to disable the slightly scary LZX compression format when parsing unknown files. + Bugfixes: Do not require git when building from a tarball. ==== kdump ==== - update calibrate values, newly added SLE15-SP6 values ==== kexec-tools ==== Version update (2.0.26.0 -> 2.0.27) - update to 2.0.27: * ppc64: add --reuse-cmdline parameter support * kexec: make -a the default * x86: add devicetree support * ppc64: document elf-ppc64 options and --dt-no-old-root * LoongArch: kdump: set up kernel image segment * arm64: zboot support - Disable Xen support in ALP ==== lastlog2 ==== Version update (1.1.0 -> 1.2.0) Subpackages: liblastlog2-1 - Version 1.2.0 - show_lastlogin: Don't read if no database - Fix -flto for clang - Documentation fixes ==== libportal ==== Version update (0.6 -> 0.7) Subpackages: libportal-1 libportal-gtk3-1 libportal-gtk4-1 - Update to version 0.7: + Add support for the new SetStatus() method of the Background portal. + Add support for the new ConnectToEIS() method of the Remote Desktop portal. + Improve unit and integration tests. + Documentation improvements. + CI improvements. ==== libstorage-ng ==== Version update (4.5.139 -> 4.5.141) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Swedish) (bsc#1149754) - 4.5.141 - merge gh#openSUSE/libstorage-ng#947 - handle json output of btrfs version 6.5 - 4.5.140 ==== open-vm-tools ==== Version update (12.2.0 -> 12.3.0) Subpackages: libvmtools0 open-vm-tools-desktop - Update to 12.3.0 (build 22234872) (boo#1214850) - There are no new features in the open-vm-tools 12.3.0 release. This is primarily a maintenance release that addresses a few critical problems, including: - This release integrates CVE-2023-20900 without the need for a patch. For more information on this vulnerability and its impact on VMware products, see https://www.vmware.com/security/advisories/VMSA-2023-0019.html. - A tools.conf configuration setting is available to temporaily direct Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior of ignoring file systems already frozen. - Building of the VMware Guest Authentication Service (VGAuth) using "xml-security-c" and "xerces-c" is being deprecated. - A number of Coverity reported issues have been addressed. - A number of GitHub issues and pull requests have been handled. Please see the Resolves Issues section of the Release Notes. - For issues resolved in this release, see the Resolved Issues section of the Release Notes. - For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0 - Release Notes are available at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md - The granular changes that have gone into the 12.3.0 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog - Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests - jsc-PED-1344 - reinable building containerinfo plugin for SLES 15 SP4. - Drop patch now contained in 12.3.0: + 0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch + 0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch + 2023-20867-Remove-some-dead-code.patch + CVE-20230-20900.patch ==== pam-config ==== Version update (2.5 -> 2.8) - Update to version 2.8 - Replace aad module with himmelblau - Update to version 2.7 - Add support for aad module - Update to version 2.6 - Remove pam_cracklib from config even if no successor is installed - Run update in %posttrans after all other PAM modules got installed/removed - Both are required for [bsc#1214885] ==== perl-Bootloader ==== Version update (1.6 -> 1.8) - merge gh#openSUSE/perl-bootloader#158 - skip warning about unsupported options when in compat mode - 1.8 - merge gh#openSUSE/perl-bootloader#156 - bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) - 1.7 ==== python-PyJWT ==== Version update (2.7.0 -> 2.8.0) - Update to version 2.8.0 * Update python version test matrix by @auvipy in #895 * Add ``strict_aud`` as an option to ``jwt.decode`` by @woodruffw in #902 * Export PyJWKClientConnectionError class by @daviddavis in #887 * Allows passing of ssl.SSLContext to PyJWKClient by @juur in #891 - Skip test_get_jwt_set_sslcontext_default test in testsuite ==== python-click ==== Version update (8.1.6 -> 8.1.7) - update to 8.1.7: * Fix issue with regex flags in shell completion. * Bash version detection issues a warning instead of an error. * Fix issue with completion script for Fish shell. ==== python-psutil ==== - BuildRequire /usr/bin/who: called by the test suite. With coreutils 9.4 'who' is no longer part of the main package but is shipped as part of coreutils-systemd. ==== python-zope.event ==== Version update (4.6 -> 5.0) - update to 5.0: * Drop support for Python 2.7, 3.5, 3.6. ==== python311 ==== Version update (3.11.4 -> 3.11.5) Subpackages: python311-curses python311-dbm - Update to 3.11.5 (bsc#1214692): - Security - gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith. - Core and Builtins - gh-104432: Fix potential unaligned memory access on C APIs involving returned sequences of char * pointers within the grp and socket modules. These were revealed using a - fsaniziter=alignment build on ARM macOS. Patch by Christopher Chavez. - gh-77377: Ensure that multiprocessing synchronization objects created in a fork context are not sent to a different process created in a spawn context. This changes a segfault into an actionable RuntimeError in the parent process. - gh-106092: Fix a segmentation fault caused by a use-after-free bug in frame_dealloc when the trashcan delays the deallocation of a PyFrameObject. - gh-106719: No longer suppress arbitrary errors in the __annotations__ getter and setter in the type and module types. - gh-106723: Propagate frozen_modules to multiprocessing spawned process interpreters. - gh-105979: Fix crash in _imp.get_frozen_object() due to improper exception handling. - gh-105840: Fix possible crashes when specializing function calls with too many __defaults__. - gh-105588: Fix an issue that could result in crashes when compiling malformed ast nodes. - gh-105375: Fix bugs in the builtins module where exceptions could end up being overwritten. - gh-105375: Fix bug in the compiler where an exception could end up being overwritten. - gh-105375: Improve error handling in PyUnicode_BuildEncodingMap() where an exception could end up being overwritten. - gh-105235: Prevent out-of-bounds memory access during mmap.find() calls. - gh-101006: Improve error handling when read marshal data. - Library - gh-105736: Harmonized the pure Python version of OrderedDict with the C version. Now, both versions set up their internal state in __new__. Formerly, the pure Python version did the set up in __init__. - gh-107963: Fix multiprocessing.set_forkserver_preload() to check the given list of modules names. Patch by Dong-hee Na. - gh-106242: Fixes os.path.normpath() to handle embedded null characters without truncating the path. - gh-107845: tarfile.data_filter() now takes the location of symlinks into account when determining their target, so it will no longer reject some valid tarballs with LinkOutsideDestinationError. - gh-107715: Fix doctest.DocTestFinder.find() in presence of class names with special characters. Patch by Gertjan van Zwieten. - gh-100814: Passing a callable object as an option value to a Tkinter image now raises the expected TclError instead of an AttributeError. - gh-106684: Close asyncio.StreamWriter when it is not closed by application leading to memory leaks. Patch by Kumar Aditya. - gh-107077: Seems that in some conditions, OpenSSL will return SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification verification has failed, but the error parameters will still contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are now detecting this situation and raising the appropiate ssl.SSLCertVerificationError. Patch by Pablo Galindo - gh-107396: tarfiles; Fixed use before assignment of self.exception for gzip decompression - gh-62519: Make gettext.pgettext() search plural definitions when translation is not found. - gh-83006: Document behavior of shutil.disk_usage() for non-mounted filesystems on Unix. - gh-106186: Do not report MultipartInvariantViolationDefect defect when the email.parser.Parser class is used to parse emails with headersonly=True. - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION result in _ssl.c. - gh-106774: Update the bundled copy of pip to version 23.2.1. - gh-106752: Fixed several bug in zipfile.Path in name/suffix/suffixes/stem operations when no filename is present and the Path is not at the root of the zipfile. - gh-106602: Add __copy__ and __deepcopy__ in enum - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused division by zero for certain almost-white inputs. Patch by Terry Jan Reedy. - gh-106052: re module: fix the matching of possessive quantifiers in the case of a subpattern containing backtracking. - gh-106510: Improve debug output for atomic groups in regular expressions. - gh-105497: Fix flag mask inversion when unnamed flags exist. - gh-90876: Prevent multiprocessing.spawn from failing to import in environments where sys.executable is None. This regressed in 3.11 with the addition of support for path-like objects in multiprocessing. - gh-106350: Detect possible memory allocation failure in the libtommath function mp_init() used by the _tkinter module. - gh-102541: Make pydoc.doc catch bad module ImportError when output stream is not None. ... changelog too long, skipping 124 lines ... data: *consumed was not set. ==== python311-core ==== Version update (3.11.4 -> 3.11.5) Subpackages: libpython3_11-1_0 python311-base - Update to 3.11.5 (bsc#1214692): - Security - gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith. - Core and Builtins - gh-104432: Fix potential unaligned memory access on C APIs involving returned sequences of char * pointers within the grp and socket modules. These were revealed using a - fsaniziter=alignment build on ARM macOS. Patch by Christopher Chavez. - gh-77377: Ensure that multiprocessing synchronization objects created in a fork context are not sent to a different process created in a spawn context. This changes a segfault into an actionable RuntimeError in the parent process. - gh-106092: Fix a segmentation fault caused by a use-after-free bug in frame_dealloc when the trashcan delays the deallocation of a PyFrameObject. - gh-106719: No longer suppress arbitrary errors in the __annotations__ getter and setter in the type and module types. - gh-106723: Propagate frozen_modules to multiprocessing spawned process interpreters. - gh-105979: Fix crash in _imp.get_frozen_object() due to improper exception handling. - gh-105840: Fix possible crashes when specializing function calls with too many __defaults__. - gh-105588: Fix an issue that could result in crashes when compiling malformed ast nodes. - gh-105375: Fix bugs in the builtins module where exceptions could end up being overwritten. - gh-105375: Fix bug in the compiler where an exception could end up being overwritten. - gh-105375: Improve error handling in PyUnicode_BuildEncodingMap() where an exception could end up being overwritten. - gh-105235: Prevent out-of-bounds memory access during mmap.find() calls. - gh-101006: Improve error handling when read marshal data. - Library - gh-105736: Harmonized the pure Python version of OrderedDict with the C version. Now, both versions set up their internal state in __new__. Formerly, the pure Python version did the set up in __init__. - gh-107963: Fix multiprocessing.set_forkserver_preload() to check the given list of modules names. Patch by Dong-hee Na. - gh-106242: Fixes os.path.normpath() to handle embedded null characters without truncating the path. - gh-107845: tarfile.data_filter() now takes the location of symlinks into account when determining their target, so it will no longer reject some valid tarballs with LinkOutsideDestinationError. - gh-107715: Fix doctest.DocTestFinder.find() in presence of class names with special characters. Patch by Gertjan van Zwieten. - gh-100814: Passing a callable object as an option value to a Tkinter image now raises the expected TclError instead of an AttributeError. - gh-106684: Close asyncio.StreamWriter when it is not closed by application leading to memory leaks. Patch by Kumar Aditya. - gh-107077: Seems that in some conditions, OpenSSL will return SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification verification has failed, but the error parameters will still contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are now detecting this situation and raising the appropiate ssl.SSLCertVerificationError. Patch by Pablo Galindo - gh-107396: tarfiles; Fixed use before assignment of self.exception for gzip decompression - gh-62519: Make gettext.pgettext() search plural definitions when translation is not found. - gh-83006: Document behavior of shutil.disk_usage() for non-mounted filesystems on Unix. - gh-106186: Do not report MultipartInvariantViolationDefect defect when the email.parser.Parser class is used to parse emails with headersonly=True. - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION result in _ssl.c. - gh-106774: Update the bundled copy of pip to version 23.2.1. - gh-106752: Fixed several bug in zipfile.Path in name/suffix/suffixes/stem operations when no filename is present and the Path is not at the root of the zipfile. - gh-106602: Add __copy__ and __deepcopy__ in enum - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused division by zero for certain almost-white inputs. Patch by Terry Jan Reedy. - gh-106052: re module: fix the matching of possessive quantifiers in the case of a subpattern containing backtracking. - gh-106510: Improve debug output for atomic groups in regular expressions. - gh-105497: Fix flag mask inversion when unnamed flags exist. - gh-90876: Prevent multiprocessing.spawn from failing to import in environments where sys.executable is None. This regressed in 3.11 with the addition of support for path-like objects in multiprocessing. - gh-106350: Detect possible memory allocation failure in the libtommath function mp_init() used by the _tkinter module. - gh-102541: Make pydoc.doc catch bad module ImportError when output stream is not None. ... changelog too long, skipping 124 lines ... data: *consumed was not set. ==== sssd ==== Version update (2.9.1 -> 2.9.2) Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Update to release 2.9.2 * sssctl cert-show and cert-show cert-eval-rule can now be run as non-root user. * New option local_auth_policy is added to control which offline authentication methods will be enabled by SSSD.