Packages changed: brotli curl (7.87.0 -> 7.88.1) enchant kernel-source (6.1.12 -> 6.2.0) kexec-tools libcbor (0.10.1 -> 0.10.2) libcontainers-common libheif (1.14.2 -> 1.15.1) liburing openexr python-apipkg python-pycurl qemu strace (6.1 -> 6.2) vim (9.0.1307 -> 9.0.1357) === Details === ==== brotli ==== Subpackages: libbrotlicommon1 libbrotlidec1 libbrotlienc1 - add 32bit devel package for Wine development. ==== curl ==== Version update (7.87.0 -> 7.88.1) Subpackages: libcurl4 - Update to 7.88.1: * Bugfix release - Drop upstreamed patch: * curl-fix-uninitialized-value-in-tests.patch - Update to 7.88.0: [bsc#1207990, CVE-2023-23914] [bsc#1207991, CVE-2023-23915] [bsc#1207992, CVE-2023-23916] * Security fixes: - CVE-2023-23914: HSTS ignored on multiple requests - CVE-2023-23915: HSTS amnesia with --parallel - CVE-2023-23916: HTTP multi-header compression denial of service * Changes: - curl.h: add CURL_HTTP_VERSION_3ONLY - share: add sharing of HSTS cache among handles - src: add --http3-only - tool_operate: share HSTS between handles - urlapi: add CURLU_PUNYCODE - writeout: add %{certs} and %{num_certs} * Bugfixes: - cf-socket: keep sockaddr local in the socket filters - cfilters:Curl_conn_get_select_socks: use the first non-connected filter - curl.h: allow up to 10M buffer size - curl.h: mark CURLSSLBACKEND_MESALINK as deprecated - curl/websockets.h: extend the websocket frame struct - curl: output warning at --verbose output for debug-enabled version - curl_free.3: fix return type of `curl_free` - curl_log: for failf/infof and debug logging implementations - dict: URL decode the entire path always - docs/DEPRECATE.md: deprecate gskit - easyoptions: fix header printing in generation script - haxproxy: send before TLS handhshake - hsts.d: explain hsts more - hsts: handle adding the same host name again - HTTP/[23]: continue upload when state.drain is set - http: decode transfer encoding first - http_aws_sigv4: remove typecasts from HMAC_SHA256 macro - http_proxy: do not assign data->req.p.http use local copy - lib: connect/h2/h3 refactor - libssh2: try sha2 algos for hostkey methods - md4: fix build with GnuTLS + OpenSSL v1 - ngtcp2: replace removed define and stop using removed function - noproxy: support for space-separated names is deprecated - nss: implement data_pending method - openldap: fix missing sasl symbols at build in specific configs - openssl: adapt to boringssl's error code type - openssl: don't ignore CA paths when using Windows CA store (redux) - openssl: don't log raw record headers - openssl: make the BIO_METHOD a local variable in the connection filter - openssl: only use CA_BLOB if verifying peer - openssl: remove attached easy handles from SSL instances - openssl: store the CA after first send (ClientHello) - setopt: use >, not >=, when checking if uarg is larger than uint-max - smb: return error on upload without size - socketpair: allow localhost MITM sniffers - strdup: name it Curl_strdup - tool_getparam: fix hiding of command line secrets - tool_operate: fix error codes on bad URL & OOM - tool_operate: repair --rate - transfer: break the read loop when RECV is cleared - typecheck: accept expressions for option/info parameters - urlapi: avoid Curl_dyn_addf() for hex outputs - urlapi: skip path checks if path is just "/" - urlapi: skip the extra dedotdot alloc if no dot in path - urldata: cease storing TLS auth type - urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP - urldata: make set.http200aliases conditional on HTTP being present - urldata: move the cookefilelist to the 'set' struct - urldata: remove unused struct fields, made more conditional - vquic: stabilization and improvements - vtls: fix hostname handling in filters - vtls: manage current easy handle in nested cfilter calls - vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used * Rebase libcurl-ocloexec.patch * Fix regression tests: f1d09231adfc695d15995b9ef2c8c6e568c28091 - runtests: fix "uninitialized value $port" - Add curl-fix-uninitialized-value-in-tests.patch ==== enchant ==== Subpackages: enchant-2-backend-hunspell enchant-data libenchant-2-2 - Use %bcond_without aspell, ref ALP push for as few mandatory dependencies as possible/ability to turn off dependencies. ==== kernel-source ==== Version update (6.1.12 -> 6.2.0) - Update to 6.2 final - refresh configs - commit 28fe266 - Update config files. Disable CONFIG_BLK_CGROUP_IOPRIO. io.prio.class is a misdesigned mechanism that doesn't fit well with the cgroup (especially v2): - it's not properly hierarchical - cgroup-wise: parent cgroup has no contol over child cgroup - task-wise: priority impact outside of a cgroup (i.e. affects cousins competition) - it's not device dependent (device oblivious) Disable it in openSUSE Tumbleweed (and future products) so that we don't teach users to use it and force ourselves to support it. - commit 35713cd ==== kexec-tools ==== - kexec-bootloader: Add -a argument to load using kexec_load_file() when available (boo#1202820). ==== libcbor ==== Version update (0.10.1 -> 0.10.2) - Update to 0.10.2: * Fixed minor test bug causing failures for x86 Linux * Made tests platform-independent ==== libcontainers-common ==== - Add registry.suse.com to the unqualified-search-registries ==== libheif ==== Version update (1.14.2 -> 1.15.1) Subpackages: gdk-pixbuf-loader-libheif libheif1 - update to 1.15.1 * fix compilation without plugins - update to 1.15.0 * codec plugin system now also works with Windows * heif_convert: manually choose which decoder should be used * support for CLLI (content light level box), MDCV (mastering display colour volume), PASP (pixel aspect) information * ICC profile support in gdk-pixbuf loader * various fixes - build with plugins enabled on Tumbleweed - remove upstreamed patches - 2ca02a128b2f76f7f293aa86a2ce1e04a8306c65.patch - b6812284a2d70f29a5121ec3dbe652da07fdbbb7.patch ==== liburing ==== - add 0001-Do-not-always-expect-multishot-recv-to-stop-posting-.patch fixes tests with kernel 6.2 ==== openexr ==== Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30 - fltk not needed (openexr-3.1.5/ASWF/tsc-meetings/2021-01-14.md) ==== python-apipkg ==== - Don't use fdupes -s, it hurts. ==== python-pycurl ==== - Disable http3 tests if it's not supported ==== qemu ==== - Fix build issue with Linux 6.2's headers (bsc#1208657) by dropping linux-user-add-more-compat-ioctl-definit.patch and adding Revert-linux-user-fix-compat-with-glibc-.patch - Patches meson-enforce-a-minimum-Linux-kernel-hea.patch and linux-user-drop-conditionals-for-obsolet.patch were added as downstream patches as they were part of a series, but they never made it upstream, so we don't want them here either * Patches dropped: linux-user-add-more-compat-ioctl-definit.patch linux-user-drop-conditionals-for-obsolet.patch meson-enforce-a-minimum-Linux-kernel-hea.patch * Patches added: Revert-linux-user-fix-compat-with-glibc-.patch - Fixes bsc#1197653, CVE-2022-1050 * Patches added: block-Handle-curl-7.55.0-7.85.0-version-.patch hw-pvrdma-Protect-against-buggy-or-malic.patch ==== strace ==== Version update (6.1 -> 6.2) - Update to strace 6.2 * Implemented collision resolution for overlapping ioctl commands from tty and snd subsystems. * Implemented decoding of IFLA_BRPORT_MAB and IFLA_DEVLINK_PORT netlink attributes. * Updated lists of ALG_*, BPF_*, IFLA_*, KEY_*, KVM_*, LANDLOCK_*, MEMBARRIER_*, NFT_*, NTF_*, and V4L2_* constants. * Updated lists of ioctl commands from Linux 6.2. ==== vim ==== Version update (9.0.1307 -> 9.0.1357) Subpackages: vim-data vim-data-common vim-small - Updated to version 9.0.1357, fixes the following problems * Setting 'formatoptions' with :let doesn't check for errors. * The code for setting options is too complicated. * Scrolling two lines with even line count and 'scrolloff' set. * 'splitkeep' test has failures. * Coverity warns for using a NULL pointer. * Cursor position wrong when splitting window in insert mode. * Some settings use the current codepage instead of 'encoding'. * :messages behavior depends on 'fileformat' of current buffer. * Escaping for completion of map command not properly tested. * Crash when using an unset object variable. * Code style test fails. * PRQL files are not recognized. * Checking the type of a null object causes a crash. * vimscript test fails where using {expr} syntax. * Crash when indexing "any" which is an object. * Build failure with +eval feature. * "gj" and "gk" do not move correctly over a closed fold. * 'colorcolumn' highlight wrong with virtual text above. * Relative line number not updated with virtual text above. * Cursor in wrong position below line with virtual text below ending in multi-byte character. * Error when using "none" for GUI color is confusing. * Completion of map includes simplified ones. * Handling new value of an option has a long "else if" chain. * Illegal memory access when using :ball in Visual mode. * Crash when using buffer-local user command in cmdline window. (Karl Yngve LervÄg) * When redo'ing twice may not get the script ID. * Using tt_member for the class leads to mistakes. * No test for bad use of spaces in help files. * Functions without arguments are not always declared properly. * Yuck files are not recognized. * :defcompile and :disassemble can't find class method. (Ernie Rael) * No test for :disassemble with class function. * Coverity warns for using NULL pointer. * Build error with mzscheme but without GUI. * Check for OSC escape sequence doesn't work. * Too many "else if" statements for handling options. * Starlark files are not recognized. * "gr CTRL-O" stays in Insert mode. (Pierre Ganty) * Un-grammar files are not recognized. * "gr" with a count fails. * CPON files are not recognized. * Dhall files are not recognized. * "ignore" files are outdated. * Too many "else if" statements to handle option values. * "gr CTRL-G" stays in virtual replace mode. (Pierre Ganty) * No error when declaring a class twice. (Ernie Rael) * Cannot cancel "gr" with Esc. * Using null_object results in an internal error. (Ernie Rael)