Packages changed: bc busybox-links dnsmasq (2.89 -> 2.90) e2fsprogs ebook-tools ed (1.20 -> 1.20.1) efont-unicode-bitmap-fonts gcc gd graphviz grub2 hdparm hiredis hplip hyper-v ibus ibus_gtk4 intlfonts iso_ent kernel-firmware (20240201 -> 20240220) keyutils libdnf (0.72.0 -> 0.73.0) libjxl-gtk (0.9.2 -> 0.10.0) libphonenumber (8.13.23 -> 8.13.30) libstorage-ng (4.5.190 -> 4.5.191) musepack neon parted pcr-oracle pcre2 (10.42 -> 10.43) prctl python-cryptography (41.0.7 -> 42.0.4) qemu samba (4.19.4+git.339.acf1ccaa020 -> 4.19.5+git.342.57620c4f7e) systemd tigervnc unzip xml-commons-apis xorg-x11-server xwayland yast2-perl-bindings (5.0.0 -> 5.0.1) zchunk zlib === Details === ==== bc ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== busybox-links ==== Subpackages: busybox-coreutils busybox-diffutils busybox-grep busybox-gzip busybox-hostname busybox-sed busybox-which busybox-xz - busybox-udhcpc conflicts with udhcp. ==== dnsmasq ==== Version update (2.89 -> 2.90) - update to 2.90: * CVE-2023-50387, CVE-2023-50868, bsc#1219823, bsc#1219826: Denial Of Service while trying to validate specially crafted DNSSEC responses * Fix reversion in --rev-server introduced in 2.88 which caused breakage if the prefix length is not exactly divisible by 8 (IPv4) or 4 (IPv6). * Fix possible SEGV when there server(s) for a particular domain are configured, but no server which is not qualified for a particular domain. * Set the default maximum DNS UDP packet sice to 1232. Obsoletes: dnsmasq-CVE-2023-28450.patch * Add --no-dhcpv4-interface and --no-dhcpv6-interface for better control over which inetrfaces are providing DHCP service. * Fix issue with stale caching * Add configurable caching for arbitrary RR-types. * Add --filter-rr option, to filter arbitrary RR-types. ==== e2fsprogs ==== Subpackages: libcom_err2 libext2fs2 - Use %patch -P N instead of deprecated %patchN. ==== ebook-tools ==== - Use %patch -P N instead of deprecated %patchN. ==== ed ==== Version update (1.20 -> 1.20.1) - GNU ed 1.20.1: * New command-line options '+line', '+/RE', and '+?RE' have been implemented to set the current line to the line number specified or to the first or last line matching the regular expression 'RE'. * File names containing control characters 1 to 31 are now rejected unless they are allowed with the command-line option '--unsafe-names'. * File names containing control characters 1 to 31 are now printed using octal escape sequences. * Ed now rejects file names ending with a slash. * Intervening commands that don't set the modified flag no longer make a second 'e' or 'q' command fail with a 'buffer modified' warning. * Tilde expansion is now performed on file names supplied to commands; if a file name starts with '~/', the tilde (~) is expanded to the contents of the variable HOME. * Ed now warns the first time that a command modifies a buffer loaded from a read-only file. * It has been documented that 'e' creates an empty buffer if file does not exist. * It has been documented that 'f' sets the default filename, whether or not its argument names an existing file. * The description of the exit status has been improved in '--help' and in the manual. ==== efont-unicode-bitmap-fonts ==== - Use %patch -P N instead of deprecated %patchN. ==== gcc ==== - Add gcc-build flavor for building ALP packages, but disabled for openSUSE. - Support building suffixed packages, but only allow installing one variant at the same time. - Remove obsolete obsoletes. ==== gd ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. ==== graphviz ==== Subpackages: libcdt5 libcgraph6 libgvc6 libpathplan4 - Use %patch -P N instead of deprecated %patchN. - Update graphviz-rpmlintrc ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi - Fix grub.xen memdisk script doesn't look for /boot/grub/grub.cfg (bsc#1219248) (bsc#1181762) * grub2-xen-pv-firmware.cfg * 0001-disk-Optimize-disk-iteration-by-moving-memdisk-to-th.patch ==== hdparm ==== - Use %patch -P N instead of deprecated %patchN. ==== hiredis ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== hplip ==== Subpackages: hplip-hpijs hplip-udev-rules - Use %patch -P N instead of deprecated %patchN. ==== hyper-v ==== - Use %patch -P N instead of deprecated %patchN. ==== ibus ==== Subpackages: ibus-dict-emoji ibus-gtk ibus-gtk3 ibus-lang libibus-1_0-5 typelib-1_0-IBus-1_0 - Use %patch -P N instead of deprecated %patchN. ==== ibus_gtk4 ==== - Use %patch -P N instead of deprecated %patchN. ==== intlfonts ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== iso_ent ==== - Use %patch -P N instead of deprecated %patchN. ==== kernel-firmware ==== Version update (20240201 -> 20240220) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Update to version 20240220 (git commit 73b4429fae36): * linux-firmware: update firmware for en8811h 2.5G ethernet phy * linux-firmware: add firmware for MT7996 * xe: First GuC release for LNL and Xe * i915: Add GuC v70.20.0 for ADL-P, DG1, DG2, MTL and TGL * linux-firmware: Add CS35L41 firmware for Lenovo Legion 7i gen7 laptop (16IAX7) * brcm: Add nvram for the Asus Memo Pad 7 ME176C tablet * ice: update ice DDP package to 1.3.36.0 * Intel IPU3 ImgU: Move firmware file under intel/ipu * Intel IPU6: Move firmware binaries under ipu/ * check_whence: Add a check for duplicate link entries * WHENCE: Clean up section separators * linux-firmware: Add CS35L41 firmware for additional ASUS Zenbook 2023 models * panthor: Add initial firmware for Gen10 Arm Mali GPUs * amdgpu: DMCUB Updates for DCN321: 7.0.38.0 * amdgpu: DMCUB updates for Yellow Carp: 4.0.68.0 * qcom: update venus firmware file for v5.4 * Montage: add firmware for Mont-TSSE * amdgpu: update DMCUB to v0.0.203.0 for DCN314 and DCN32 * linux-firmware: Remove 2 HP laptops using CS35L41 Audio Firmware * linux-firmware: Fix filenames for some CS35L41 firmwares for HP - Use patch macro -P option for RPM 4.20 ==== keyutils ==== Subpackages: libkeyutils1 - Use %patch -P N instead of deprecated %patchN. ==== libdnf ==== Version update (0.72.0 -> 0.73.0) Subpackages: libdnf-repo-config-zypp libdnf2 - version update to 0.73.0 * Major changes: * filelists metadata not loaded by default * deltarpm disabled by default * New features: * conf: Introduce new optional_metadata_types option to load filelists on demand * goal: Method for detecting file dependency problems ==== libjxl-gtk ==== Version update (0.9.2 -> 0.10.0) - Update to release 0.10 * decoder: added ``JxlDecoderGetBoxSizeContents`` for getting the size of the content of a box without the headers. * encoder: implemented new API functions for streaming encoding. ==== libphonenumber ==== Version update (8.13.23 -> 8.13.30) - Update to version 8.13.30: * Update alternate formatting data, phone metadata, geocoding data, carrier data * Updated / refreshed time zone meta data. * New geocoding data - Add patch submitted to upstream at gh#google/libphonenumber#3394 to fix building with protobuf 3.25.1: * 0001-Add-support-to-protobuf-3.25.1.patch - Add patch submitted in gh#sergiomb2/libphonenumber#1 by Fabian Vogt: * 0002-Avoid-intermediate-proto-object-library.patch ==== libstorage-ng ==== Version update (4.5.190 -> 4.5.191) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Finnish) (bsc#1149754) - 4.5.191 ==== musepack ==== - Use %patch -P N instead of deprecated %patchN. ==== neon ==== - Use %patch -P N instead of deprecated %patchN. ==== parted ==== Subpackages: libparted-fs-resize0 libparted2 parted-lang - avoid deprecated rpm syntax ==== pcr-oracle ==== - Add fix_loader_conf.patch to measure the systemd-boot loader.conf file ==== pcre2 ==== Version update (10.42 -> 10.43) Subpackages: libpcre2-16-0 libpcre2-32-0 libpcre2-8-0 - pcre2 10.43: * The JIT code no longer supports ARMv5 architecture. * A new function pcre2_get_match_data_heapframes_size() for finer heap control. * New option flags to restrict the interaction between ASCII and non-ASCII characters for caseless matching and \d and friends. There are also new pattern constructs to control these flags from within a pattern. * Upgrade to Unicode 15.0.0. * Treat a NULL pattern with zero length as an empty string. * Added support for limited-length variable-length lookbehind assertions, with a default maximum length of 255 characters (same as Perl) but with a function to adjust the limit. * Perl changed the meaning of (for example) {,3} which did not used to be recognized as a quantifier. Now it means {0,3} and PCRE2 has also changed. Note that {,} is still not a quantifier. * Following Perl, allow spaces and tabs after { and before } in all Perl- compatible items that use braces, and also around commas in quantifiers. The one exception in PCRE2 is \u{...}, which is from ECMAScript, not Perl, and PCRE2 follows ECMAScript usage. * Changed the meaning of \w and its synonyms and derivatives (\b and \B) in UCP mode to follow Perl. It now matches characters whose general categories are L or N or whose particular categories are Mn (non-spacing mark) or Pc (combining punctuation). * Changed the default meaning of [:xdigit:] in UCP mode to follow Perl. It now matches the "fullwidth" versions of hex digits. PCRE2_EXTRA_ASCII_DIGIT can be used to keep it ASCII only. * Make PCRE2_UCP the default in UTF mode in pcre2grep and add - no_ucp, --case-restrict and --posix-digit. * Add --group-separator and --no-group-separator to pcre2grep. ==== prctl ==== - Use %patch -P N instead of deprecated %patchN. - Move license to %license section ==== python-cryptography ==== Version update (41.0.7 -> 42.0.4) - update to 42.0.4 (bsc#1220210, CVE-2024-26130): * Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to Alexander-Programming for reporting the issue. CVE-2024-26130 * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields SMIMECapabilities and SignatureAlgorithmIdentifier should now be correctly encoded according to the definitions in :rfc:2633 :rfc:3370. - update to 42.0.3: * Fixed an initialization issue that caused key loading failures for some users. - Drop patch skip_openssl_memleak_test.patch not needed anymore. - update to 42.0.2: * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1. * Fixed an issue that prevented the use of Python buffer protocol objects in sign and verify methods on asymmetric keys. * Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive s.asymmetric.ec.EllipticCurvePrivateKey.exchange`, X25519PrivateKey :meth:`~cryptography.hazmat.primitives.asymm etric.x25519.X25519PrivateKey.exchange`, X448PrivateKey :meth :`~cryptography.hazmat.primitives.asymmetric.x448.X448Private Key.exchange`, and DHPrivateKey :meth:`~cryptography.hazmat.p rimitives.asymmetric.dh.DHPrivateKey.exchange`. - update to 42.0.1: * Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive s.asymmetric.ec.EllipticCurvePrivateKey.sign`. * Resolved compatibility issue with loading certain RSA public keys in :func:`~cryptography.hazmat.primitives.serialization. load_pem_public_key`. * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.7. * BACKWARDS INCOMPATIBLE: Loading a PKCS7 with no content field using :func:`~cryptography.hazmat.primitives.serialization.pk cs7.load_pem_pkcs7_certificates` or :func:`~cryptography.hazm at.primitives.serialization.pkcs7.load_der_pkcs7_certificates ` will now raise a ValueError rather than return an empty list. * Parsing SSH certificates no longer permits malformed critical options with values, as documented in the 41.0.2 release notes. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.0. * Updated the minimum supported Rust version (MSRV) to 1.63.0, from 1.56.0. * We now publish both py37 and py39 abi3 wheels. This should resolve some errors relating to initializing a module multiple times per process. * Support :class:`~cryptography.hazmat.primitives.asymmetric.pa dding.PSS` for X.509 certificate signing requests and certificate revocation lists with the keyword-only argument rsa_padding on the sign methods for :class:`~cryptography.x509.CertificateSigningRequestBuilder` and :class:`~cryptography.x509.CertificateRevocationListBuilder`. * Added support for obtaining X.509 certificate signing request signature algorithm parameters (including PSS) via :meth:`~cr yptography.x509.CertificateSigningRequest.signature_algorithm _parameters`. * Added support for obtaining X.509 certificate revocation list signature algorithm parameters (including PSS) via :meth:`~cr yptography.x509.CertificateRevocationList.signature_algorithm _parameters`. * Added mgf property to :class:`~cryptography.hazmat.primitives .asymmetric.padding.PSS`. * Added algorithm and mgf properties to :class:`~cryptography.h azmat.primitives.asymmetric.padding.OAEP`. * Added the following properties that return timezone-aware datetime objects: :meth:`~cryptography.x509.Certificate.not_valid_before_utc`, :meth:`~cryptography.x509.Certificate.not_valid_after_utc`, : meth:`~cryptography.x509.RevokedCertificate.revocation_date_u tc`, :meth:`~cryptography.x509.CertificateRevocationList.next _update_utc`, :meth:`~cryptography.x509.CertificateRevocation List.last_update_utc`. These are timezone-aware variants of existing properties that return naïve datetime objects. * Deprecated the following properties that return naïve datetime objects: :meth:`~cryptography.x509.Certificate.not_valid_before`, :meth:`~cryptography.x509.Certificate.not_valid_after`, :meth :`~cryptography.x509.RevokedCertificate.revocation_date`, :me th:`~cryptography.x509.CertificateRevocationList.next_update` , :meth:`~cryptography.x509.CertificateRevocationList.last_up date` in favor of the new timezone-aware variants mentioned above. * Added support for :class:`~cryptography.hazmat.primitives.cip hers.algorithms.ChaCha20` on LibreSSL. * Added support for RSA PSS signatures in PKCS7 with :meth:`~cr yptography.hazmat.primitives.serialization.pkcs7.PKCS7Signatu reBuilder.add_signer`. * In the next release (43.0.0) of cryptography, loading an X.509 certificate with a negative serial number will raise an exception. This has been deprecated since 36.0.0. * Added support for :class:`~cryptography.hazmat.primitives.cip hers.aead.AESGCMSIV` when using OpenSSL 3.2.0+. * Added the :mod:`X.509 path validation ` APIs for ... changelog too long, skipping 9 lines ... - switch to new cargo-vendor ==== qemu ==== - Just "prettify" the spec files a little: * [openSUSE][RPM] Cosmetic fixes to spec files (copyright, sorting, etc) - Patchqueue shrinking and bugfixing (actually, more of a temporary workaround, until a proper solution is found upstream): * [openSUSE] roms/seabios: revert some upstream commits that break a lot of use-cases * [openSUSE] roms/seabios: Drop an old (and no longer necessary) downstream patch (bsc#1219977) ==== samba ==== Version update (4.19.4+git.339.acf1ccaa020 -> 4.19.5+git.342.57620c4f7e) Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-libs samba-libs samba-libs-python3 samba-python3 - Update to 4.19.5 * Windows 2016 fails to restore previous version of a file from a shadow_copy2 snapshot; (bso#13688). * Symlinks on AIX are broken in 4.19 (and a few version before that); (bso#15549). * Fake directory create times has no effect; (bso#12421). * ctime mixed up with mtime by smbd; (bso#15550). * samba-gpupdate --rsop fails if machine is not in a site; (bso#15548). * gpupdate: The root cert import when NDES is not available is broken; (bso#15557). * samba-gpupdate should print a useful message if cepces-submit can't be found; (bso#15552). * samba-gpupdate logging doesn't work; (bso#15558). * smbpasswd reset permissions only if not 0600; (bso#15555). ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-coredump systemd-doc systemd-lang udev - Import commit 31f1148f75a1155d3eb37fd1a450096d669ec65b 31f1148f75 seccomp: include `fchmodat2` in `@file-system` (bsc#1219766) 001f349c57 service: Demote log level of NotifyAccess= messages to debug (bsc#1210113 jsc#PED-6214) - Add a new %upstream macro to support building from upstream sources. This will allow upstream to build systemd rpms using the opensuse systemd packaging specs. These rpms will be built and used in upstream's mkosi based hacking and testing environment to test changes and in the future to run integration tests as well. By building the rpms using the opensuse packaging specs, the idea is to catch more issues ahead of time as the mkosi environment will behave more like a regular opensuse system. - Add new %version_override and %version_release macros to allow overriding the version and release of the rpm respectively. ==== tigervnc ==== Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module - Set the URL at Source0. - patches have been renamed * u_build_libXvnc_as_separate_library.patch --> u_tigervnc-Build-libXvnc-as-separate-library.patch * n_vncserver.patch --> n_tigervnc-Vncserver.patch * n_correct_path_in_desktop_file.patch --> n_tigervnc-Correct-path-in-desktop-file.patch * n_tigervnc-date-time.patch --> n_tigervnc-Date-time.patch * u_change-button-layout-in-ServerDialog.patch --> u_tigervnc-Change-button-layout-in-ServerDialog.patch * n_dont_sign_java_client.patch --> n_tigervnc-Dont-sign-java-client.patch * u_tigervnc-add-autoaccept-parameter.patch --> u_tigervnc-Add-autoaccept-parameter.patch * u_tigervnc-ignore-epipe-on-write.patch u_tigervnc-Ignore-epipe-on-write.patch - Cleanup specfile * Use the same format for all the patches. * Use autosetup to apply all the patches with -p1. * Clean number of sources. - buildrequire xorg-x11-server-source/-sdk >= 21.1.11 and trigger rebuild with newer xorg-x11-server-source package (bsc#1219311, bsc#1219205) ==== unzip ==== Subpackages: unzip-doc - Use %patch -P N instead of deprecated %patchN. ==== xml-commons-apis ==== - Clean the spec file and simplify it a bit ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - fix permissions of files in xorg-x11-server-source for tigervnc build later (needed since latest autoconf) - Provide again xorg-x11-server-source * xwayland sources are not meant for a generic server. * https://github.com/TigerVNC/tigervnc/issues/1728 - Stop providing xorg-x11-server-source from xorg-x11-server * Now the sources are provided by xwayland because it is more updated. * Fixes bsc#1219892. ==== xwayland ==== - Don't provide xorg-x11-server-source * xwayland sources are not meant for a generic server. * https://github.com/TigerVNC/tigervnc/issues/1728 - Provide xorg-x11-server-source from xwayland * xwayland will be more updated than xorg-x11-server, so the server sources will be more updated too if are provided by xwayland. * Fixes bsc#1219892. ==== yast2-perl-bindings ==== Version update (5.0.0 -> 5.0.1) - Fix the locale after initializing embedded Perl interpreter (bsc#1216689) - 5.0.1 ==== zchunk ==== - remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro, [bsc#1212476] ==== zlib ==== Subpackages: libminizip1 libz1 - Use %patch -P N instead of deprecated %patchN.