Packages changed: AppStream Mesa (23.2.0 -> 23.2.1) Mesa-drivers (23.2.0 -> 23.2.1) chrony e2fsprogs fde-tools gdm geoclue2 (2.7.0 -> 2.7.1) glibc icewm (3.4.0 -> 3.4.3) javapackages-tools ldb (2.7.2 -> 2.8.0) libX11 (1.8.6 -> 1.8.7) libXpm (3.5.16 -> 3.5.17) libev libnvme libselinux libsemanage mpg123 (1.32.2 -> 1.32.3) netcfg nvme-cli python-SQLAlchemy (2.0.19 -> 2.0.21) python-greenlet (3.0.0~rc3 -> 3.0.0) python-psutil rubygem-nokogiri rubygem-ruby-dbus (0.23.0.beta2 -> 0.23.1) samba (4.18.6+git.320.cfda27bacb -> 4.19.0+git.306.19d2e214c58) selinux-policy srt (1.5.2 -> 1.5.3) talloc (2.4.0 -> 2.4.1) tdb (1.4.8 -> 1.4.9) tevent (0.14.1 -> 0.15.0) xdg-desktop-portal xscreensaver (6.06 -> 6.07) xterm (384 -> 385) === Details === ==== AppStream ==== Subpackages: AppStream-lang libAppStreamQt2 libappstream4 - Enable vala support when building in SLE-15 SP6 - Fix condition in files section for the case where vala support is disabled, where some files are being generated but were not included ==== Mesa ==== Version update (23.2.0 -> 23.2.1) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Update to Mesa 23.2.1 * Mesa 23.2.1 is a new development release. People who are concerned with stability and reliability should stick with a previous release or wait for Mesa 23.2.2. * Mesa 23.2.1 is an unusual first stable release due to the accidentl tagging of 23.2.0 durring the rc cycle. * Mesa 23.2.1 implements the OpenGL 4.6 API, but the version reported by glGetString(GL_VERSION) or glGetIntegerv(GL_MAJOR_VERSION) / glGetIntegerv(GL_MINOR_VERSION) depends on the particular driver being used. Some drivers don't support all the features required in OpenGL 4.6. OpenGL 4.6 is **only** available if requested at context creation. Compatibility contexts may report a lower version depending on each driver. * Mesa 23.2.1 implements the Vulkan 1.3 API, but the version reported by the apiVersion property of the VkPhysicalDeviceProperties struct depends on the particular driver being used. * More details in: - -> https://gitlab.freedesktop.org/mesa/mesa/-/blob/23.2/docs/relnotes/23.2.1.rst ==== Mesa-drivers ==== Version update (23.2.0 -> 23.2.1) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Update to Mesa 23.2.1 * Mesa 23.2.1 is a new development release. People who are concerned with stability and reliability should stick with a previous release or wait for Mesa 23.2.2. * Mesa 23.2.1 is an unusual first stable release due to the accidentl tagging of 23.2.0 durring the rc cycle. * Mesa 23.2.1 implements the OpenGL 4.6 API, but the version reported by glGetString(GL_VERSION) or glGetIntegerv(GL_MAJOR_VERSION) / glGetIntegerv(GL_MINOR_VERSION) depends on the particular driver being used. Some drivers don't support all the features required in OpenGL 4.6. OpenGL 4.6 is **only** available if requested at context creation. Compatibility contexts may report a lower version depending on each driver. * Mesa 23.2.1 implements the Vulkan 1.3 API, but the version reported by the apiVersion property of the VkPhysicalDeviceProperties struct depends on the particular driver being used. * More details in: - -> https://gitlab.freedesktop.org/mesa/mesa/-/blob/23.2/docs/relnotes/23.2.1.rst ==== chrony ==== Subpackages: chrony-pool-openSUSE - Use make quickcheck instead of make check to avoid >1h build times and failures due to timeouts. This was the default before 3.2 but it changed to make tests more reliable. Here a seed is already set to get deterministic execution. ==== e2fsprogs ==== Subpackages: libcom_err2 libext2fs2 - Update specfile to make sure regenerate_initrd_post macro is defined ==== fde-tools ==== - Add fde-tools-remove-redundant-2nd-pw-creation.patch to remove the creation of the secondary password in 'add-secondary-key' ==== gdm ==== Subpackages: gdm-lang gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Explicitly buildrequire /usr/bin/dbus-run-session: the dbus package is being restructured to be usable with dbus-broker and so far we just relied on implicit dependencies bringing this in. Meson checks for it, so it is correct to BR it though. ==== geoclue2 ==== Version update (2.7.0 -> 2.7.1) Subpackages: system-user-srvGeoClue typelib-1_0-Geoclue-2_0 - Update to version 2.7.1: + Add 'age' field to MLS locate queries + Location updates now always have an accuracy value + Improvements to NMEA parsing: - Parse NMEA timestamps with sub-second accuracy - Add default accuracy to NMEA RMC locations - Ignore locations from GGA and RMC sentences if the GNSS fix is not valid + Prioritize GNSS sources with a recent fix over other sources, preventing location jumps + Install D-Bus policy in /usr/share, not /etc + Upgrade GLib / Gio dependency to version 2.68.0 + Correct gi annotations in GClueSimple + Various small fixes - Use ldconfig_scriptlets macro for post(un) handling. ==== glibc ==== Subpackages: glibc-extra glibc-lang glibc-locale glibc-locale-base nscd - setxid-propagate-glibc-tunables.patch: Propagate GLIBC_TUNABLES in setxid binaries - tunables-string-parsing.patch: tunables: Terminate if end of input is reached (CVE-2023-4911, bsc#1215501) ==== icewm ==== Version update (3.4.0 -> 3.4.3) Subpackages: icewm-config-upstream icewm-default icewm-lang - Update to version 3.4.3: * New preference "TaskBarShowWindowTitles" for icon-only task buttons. * New winoption "doNotManage" to workaround bugs in picom for plank. * When a battery has no data about full charge, use the capacity. * When cascading windows, include the border size in the displacement. * Let icewmbg interpret command-line file arguments relative to $PWD. * Add a -f,--fork option to icewmbg to detach it from the terminal. * Fix the Window List Menu for #144. * Fix restoring from fullscreen with F11 in chromium for #141. * Support tabs in the Window List Menu. * Control the terminal in icewm-menu-fdo by option or environment. * Let icewm-menu-fdo use a list of default terminals to choose from. - Drop unknown config options: * --enable-guievents * --enable-antialiasing * --enable-gradients * --enable-shaped-decorations ==== javapackages-tools ==== Subpackages: javapackages-filesystem - Added patches: * 0005-Interpolate-properties-also-in-the-current-artifact.patch + interpolate variables also in current artifactId, groupId and version * 0006-Test-variable-expansion-in-artifactId.patch + test previous changes * 0007-Test-that-we-don-t-bomb-on-relativePath.patch + test gracious handling of empty in parent reference of a pom file ==== ldb ==== Version update (2.7.2 -> 2.8.0) Subpackages: libldb2 python3-ldb - Update to 2.8.0 * CVE-2023-0614 Not-secret but access controlled LDAP attributes can be discovered (bug 15270) * pyldb: Raise an exception if ldb_dn_get_parent() fails * Implement ldap_whoami in pyldb and add the RFC4532 LDB_EXTENDED_WHOAMI_OID definition * Documentation and spelling fixes * Add ldb_val -> bool,uint64,int64 parsing functions * Split out ldb_val_as_dn() helper function * add LDB_CHANGETYPE_MODRDN support to ldb_ldif_to_pyobject() * add LDB_CHANGETYPE_DELETE support to ldb_ldif_to_pyobject() * let ldb_ldif_parse_modrdn() handle names without 'rdn_name=' prefix * Don't create error string if there is no error * Avoid allocation and memcpy() for every wildcard match candidate * Make ldb_msg_remove_attr O(n) * pyldb: Throw error on invalid controls * pyldb: remove py2 ifdefs * Call tevent_set_max_debug_level(TEVENT_DEBUG_TRACE) ==== libX11 ==== Version update (1.8.6 -> 1.8.7) Subpackages: libX11-6 libX11-data libX11-xcb1 - update to 1.8.7 This release contains fixes for the issues reported in security advisory here: https://lists.x.org/archives/xorg-announce/2023-October/003424.html * fixes CVE-2023-43785 libX11: out-of-bounds memory access in _XkbReadKeySyms() (boo#1215683) * fixes CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage() (boo#1215684) * fixes CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to a heap overflow (boo#1215685) along with: * Fail XOpenDisplay() if server-provided default visual is invalid (!233) * Bring XKB docs in line with actual implementation (!231, !228) * Xutil.h: declare XEmptyRegion() and XEqualRegion() as Bool (!225) * Assorted updates to en_US.UTF-8 compose keys (!213, !214, !215, !216, !217, !219, !220, !222, !223, !226, !227, !229) ==== libXpm ==== Version update (3.5.16 -> 3.5.17) - Update to 3.5.17 * This release contains fixes for the libXpm issues reported in security advisory here: https://lists.x.org/archives/xorg-announce/2023-October/003424.html * fixes CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (boo#1215686) * fixes CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap (boo#1215687) ==== libev ==== - run signify only on Factory ==== libnvme ==== Subpackages: libnvme-mi1 libnvme1 - Enable tests during build - Set git version tag - Drop unused make dependency - Drop unencessary minimum version depedency on meson. - Re-enable libdbus feature. Upstream defaults changed. ==== libselinux ==== Subpackages: libselinux1 selinux-tools - Repair initrd libselinux check in selinux-ready ==== libsemanage ==== Subpackages: libsemanage-conf libsemanage2 - Remove build counter syncing for real ==== mpg123 ==== Version update (1.32.2 -> 1.32.3) Subpackages: libmpg123-0 mpg123-openal - Update to version 1.32.3 * libmpg123, libsyn123: always ifdef LFS_LARGEFILE_64 (not just if) * libsyn123: re-introduce _32 wrappers in addition to suffix-less ones (regression from 1.31, bug 363) ==== netcfg ==== - Remove ftpusers, none of our ftp servers uses that anymore - Remove defaultdomain, NIS got dropped - Remove hosts.equiv and hosts.lpd, the tools using them got dropped long ago. ==== nvme-cli ==== Subpackages: nvme-cli-bash-completion - Enable test during build - Drop minimum version meson dependency - Add asciidoc dependency - Build documentation when requested ==== python-SQLAlchemy ==== Version update (2.0.19 -> 2.0.21) - Update to 2.0.21: * Changes from 2.0.21: https://docs.sqlalchemy.org/en/20/changelog/changelog_20.html#change-2.0.21 * Changes from 2.0.20: https://docs.sqlalchemy.org/en/20/changelog/changelog_20.html#change-2.0.20 - Remove .gitignore files from source tree, removes all rpmlint warnings. ==== python-greenlet ==== Version update (3.0.0~rc3 -> 3.0.0) - Update to 3.0.0: * No changes from 3.0rc3 aside from the version number. - Ignore some slow and flaky tests ==== python-psutil ==== - Require /usr/bin/who only for suse_version > 1500: 15.X does not provide it, but has it in coreutils. - PEP517 - Clean up specfile from obsolete python2 stuff ==== rubygem-nokogiri ==== - Buildrequire openssl gem to fix building with Ruby 3.0 ==== rubygem-ruby-dbus ==== Version update (0.23.0.beta2 -> 0.23.1) - 0.23.1 API: * Add DBus::Object.dbus_reader_attr_accessor to declare a common use case with a single call (gh#mvidner/ruby-dbus#140). * BusConnection#request_name defaults to the simple use case: single owner without queuing, failing fast; documented the complex use cases. ==== samba ==== Version update (4.18.6+git.320.cfda27bacb -> 4.19.0+git.306.19d2e214c58) Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-libs samba-libs samba-libs-python3 samba-python3 - Update to 4.19.0 * File doesn't show when user doesn't have permission if aio_pthread is loaded; (bso#15453). * ctdb_killtcp fails to work with --enable-pcap and libpcap ≥ 1.9.1; (bso#15451). * Logging to stdout/stderr with DEBUG_SYSLOG_FORMAT_ALWAYS can log to syslog; (bso#15460). * ‘samba-tool domain level raise’ fails unless given a URL; (bso#15458). * reply_sesssetup_and_X() can dereference uninitialized tmp pointer; (bso#15420). * missing return in reply_exit_done(); (bso#15430). * TREE_CONNECT without SETUP causes smbd to use uninitialized pointer; (bso#15432). * Avoid infinite loop in initial user sync with Azure AD Connect when synchronising a large Samba AD domain; (bso#15401). * Samba replication logs show (null) DN; (bso#15407). * 2-3min delays at reconnect with smb2_validate_sequence_number: bad message_id 2; (bso#15346). * DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed; (bso#15446). * CID 1539212 causes real issue when output contains only newlines; (bso#15438). * KDC encodes INT64 claims incorrectly; (bso#15452). * mdssvc: Do an early talloc_free() in _mdssvc_open(); (bso#15449). * Windows client join fails if a second container CN=System exists somewhere; (bso#9959). * regression DFS not working with widelinks = true; (bso#15435). * Heimdal fails to build on 32-bit FreeBSD; (bso#15443). * samba-tool ntacl get segfault if aio_pthread appended; (bso#15441). ==== selinux-policy ==== Subpackages: selinux-policy-targeted - Use /var/adm/update-scripts in macros.selinux-policy. The rpm state directory doesn't exist on SUSE systems (bsc#1213593) - Modified update.sh to require first parameter "full" to also update container-selinux. For maintenance updates you usually don't want it to be updated ==== srt ==== Version update (1.5.2 -> 1.5.3) - version update to 1.5.3 * New Features - PR #2714: Added maximum BW limit for retransmissions. See SRTO_MAXREXMITBW. * Important Bug Fixes - PR #2632: Use overlapped WSASendTo to avoid UDP sending losses. - PR #2766: Fixed spurious group read-ready epoll events. - PR #2772: Fixed RCV buffer initialization in Rendezvous. ⚠️ - PR #2757: Fix memory leak on queuing connection initialization packets. - PR #2745: Fix hang up on not enough space in the RCV buffer. - PR #2740: Fix possible tsbpd() deadlock with processCtrlShutdown(). - PR #2692: Rejection not undertaken in rendezvous after KMX failure. - PR #2774: Fix rendezvous connection mode when processing resulted in ACCEPT it was still sending rejection. - PR #2778: Drop unencrypted packets in AES-GCM mode. * Build - PR #2779, #2780: Fix the build for targets without IP_ADD_SOURCE_MEMBERSHIP. - PR #2784: Added missing public header files in Windows binary installer. * Unit Tests - PR #2681: Added custom main with transparent parameters. * Documentation - PR #2765: Updated the explicit information for binding to IPv6 wildcard. - PR #2785: Fixed API doc: SRT_INVALID_SOCK * https://github.com/Haivision/srt/releases/tag/v1.5.3 ==== talloc ==== Version update (2.4.0 -> 2.4.1) Subpackages: libtalloc2 python3-talloc - Update to 2.4.1 * Remove remaining, but broken python2 support * Spelling fixes * Remove unneeded va_copy() ==== tdb ==== Version update (1.4.8 -> 1.4.9) Subpackages: libtdb1 python3-tdb - Update to 1.4.9 * Remove remaining, but broken python2 support * Spelling fixes * python: Safely clear structure members ==== tevent ==== Version update (0.14.1 -> 0.15.0) Subpackages: libtevent0 python3-tevent - Update to version 0.15.0 * remove py2 ifdefs * python: Safely clear structure members * the tevent_thread_call_depth API is updated in order to allow better tracing. * add tevent_set_max_debug_level() only and don't pass TEVENT_DEBUG_TRACE to tevent_debug() callbacks by default. * Spelling fixes * Make use of epoll_create1() for epoll backend * Optimize overhead in the epoll backend ==== xdg-desktop-portal ==== Subpackages: xdg-desktop-portal-lang - Support building with meson 0.61.x used by SLE, where .pc files in dataonly packages are installed to %_libdir unlike in meson >= 0.62.0 where the default was changed to %_datadir. ==== xscreensaver ==== Version update (6.06 -> 6.07) Subpackages: xscreensaver-data xscreensaver-lang - update to 6.07: * New hacks, droste, skulloop, papercube and cubocteversion * xscreensaver-settings was sometimes turning off the DPMS checkbox * Log pid of caller of deactivate command, to give a hint about who is preventing the screen from blanking * Updates to sphereeversion. * Added some new map sources to mapscroller. * Various other minor bug fixes. - leave a nice notice for a very angry upstream developer in xscreensaver-disable-upgrade-nagging-message.patch - drop xscreensaver-bsc1204744.patch, included upstream ==== xterm ==== Version update (384 -> 385) Subpackages: xterm-bin xterm-resize - update to 385: * fixes for ReGIS (report by Ben Wong). + correct conversion from HLS to RGB + improve font-caching performance. * update tables in wcwidth.c based on Unicode 15.1.0 * improve fastScroll resource: + suppress screen-refreshes for carriage-returns + add -jf option to simplify use of this resource. + add a control sequence for enabling/disabling the resource. + enable this feature by default * extend title-stack feature to allow an additional parameter to directly access the stack, like the XTPUSHCOLORS and XTPOPCOLORS feature. * correct size and position of box shown for double-cell character which happens to be missing from the bitmap font (report by Peter Fabinski). * improved configure script: + add pattern for uClibc-ng to CF_XOPEN_SOURCE (report/patch by Waldemar Brodkorb). + add configure options --with-utmp-path and --with-wtmp-path to override configure script's check for utmp/wtmp pathnames which are shown in the manual (Debian #1042767). + CF_XOPEN_SOURCE provides for defining _DEFAULT_SOURCE for MinGW32 and MinGW64. + sed expression used to report gcc version now works with MinGW * ensure that line-attributes are reset after drawing missing character (report by Christian Weisgerber). * update config.guess, config.sub - rebased all patches