Packages changed: MicroOS-release (20240402 -> 20240403) bash bubblewrap (0.8.0 -> 0.9.0) c-ares (1.27.0 -> 1.28.1) harfbuzz (8.3.0 -> 8.4.0) kate kernel-source (6.8.1 -> 6.8.2) libproxy-backend (0.5.3 -> 0.5.4) libproxy-client (0.5.3 -> 0.5.4) libssh2_org libuv (1.47.0 -> 1.48.0) libx86emu libzypp (17.32.0 -> 17.32.2) pango plasma6-desktop python-cryptography (42.0.4 -> 42.0.5) python-httpcore (1.0.4 -> 1.0.5) python-numpy python-pyzmq === Details === ==== MicroOS-release ==== Version update (20240402 -> 20240403) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== bash ==== Subpackages: bash-doc bash-lang bash-sh - Help dependcy resolver to identify package split done with bash-sh ==== bubblewrap ==== Version update (0.8.0 -> 0.9.0) - update to v0.9.0: * Build system changed to Meson from Autotools * Add --argv0 https://github.com/containers/bubblewrap/issues/91 * --symlink is now idempotent, meaning it succeeds if the symlink already exists and already has the desired target * Clarify security considerations in documentation * Clarify documentation for --cap-add * Report a better error message if mount(2) fails with ENOSPC * Fix a double-close on error reading from --args, --seccomp or - -add-seccomp-fd argument * Improve memory allocation behaviour ==== c-ares ==== Version update (1.27.0 -> 1.28.1) - c-ares 1.28.1 Features: * Emit warnings when deprecated c-ares functions are used. This can be disabled by passing a compiler definition of `CARES_NO_DEPRECATED`. [PR #732] * Add function `ares_search_dnsrec()` to search for records using the new DNS record data structures. [PR #719] * Rework internals to pass around `ares_dns_record_t` instead of binary data, this introduces new public functions of `ares_query_dnsrec()` and `ares_send_dnsrec()`. [PR #730] Changes: * tests: when performing simulated queries, reduce timeouts to make tests run faster * Replace configuration file parsers with memory-safe parser. [PR #725] * Remove `acountry` completely, the manpage might still get installed otherwise. [Issue #718] Bugfixes: * CMake: don't overwrite global required libraries/definitions/includes which could cause build errors for projects chain building c-ares. [Issue #729] * On some platforms, `netinet6/in6.h` is not included by `netinet/in.h` and needs to be included separately. [PR #728] * Fix a potential memory leak in `ares_init()`. [Issue #724] * Some platforms don't have the `isascii()` function. Implement as a macro. [PR #721] * CMake: Fix Chain building if CMAKE runtime paths not set * NDots configuration should allow a value of zero. [PR #735] ==== harfbuzz ==== Version update (8.3.0 -> 8.4.0) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - update to version 8.4.0: + When subsetting, place variation store at the end of “GDEF” table to fix shaping issues with some versions of Adobe InDesign. + Various build fixes - update to version 8.3.1: + Fix hb_style_get_value() in fonts with “STAT” table + Properly handle negative offsets in CFF table + Update IANA Language Subtag Registry to 2024-03-07 + Subsetter now supports subsetting “BASE” table + Subsetter will update “hhea” font metrics in sync with “OS/2” ones. + “--variations” option of “hb-subset” now supports leaving out values that should be unchanged, e.g. “wght=:500:” will change the default and keep max and min unchanged. It also supports “*=drop” to to pin all axes to default location. + Fix hb_ot_math_get_glyph_kerning() to match updated “MATH” table spec. + Support legacy MacRoman encoding in “cmap” table. + Various build fixes. + Various subsetting and instancing fixes. ==== kate ==== Subpackages: kate-lang kate-plugins - Add a couple recommended plugins to preview files in kate ==== kernel-source ==== Version update (6.8.1 -> 6.8.2) - Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync (bluetooth-fix). - commit 2eb0f0f - Revert "io_uring: remove unconditional looping in local task_work handling" (liburing_failure). - commit 5b857cb - powerpc/crypto/chacha-p10: Fix failure on non Power10 (boo#1218114). - commit 9b2d264 - Linux 6.8.2 (bsc#1012628). - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (bsc#1012628). - workqueue.c: Increase workqueue name length (bsc#1012628). - workqueue: Move pwq->max_active to wq->max_active (bsc#1012628). - workqueue: Factor out pwq_is_empty() (bsc#1012628). - workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work() (bsc#1012628). - workqueue: Move nr_active handling into helpers (bsc#1012628). - workqueue: Make wq_adjust_max_active() round-robin pwqs while activating (bsc#1012628). - workqueue: RCU protect wq->dfl_pwq and implement accessors for it (bsc#1012628). - workqueue: Introduce struct wq_node_nr_active (bsc#1012628). - workqueue: Implement system-wide nr_active enforcement for unbound workqueues (bsc#1012628). - workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active() (bsc#1012628). - iomap: clear the per-folio dirty bits on all writeback failures (bsc#1012628). - fs: Fix rw_hint validation (bsc#1012628). - io_uring: remove looping around handling traditional task_work (bsc#1012628). - io_uring: remove unconditional looping in local task_work handling (bsc#1012628). - s390/dasd: Use dev_*() for device log messages (bsc#1012628). - s390/dasd: fix double module refcount decrement (bsc#1012628). - fs/hfsplus: use better @opf description (bsc#1012628). - md: fix kmemleak of rdev->serial (bsc#1012628). - rcu/exp: Fix RCU expedited parallel grace period kworker allocation failure recovery (bsc#1012628). - rcu/exp: Handle RCU expedited grace period kworker allocation failure (bsc#1012628). - nbd: null check for nla_nest_start (bsc#1012628). - fs/select: rework stack allocation hack for clang (bsc#1012628). - block: fix deadlock between bd_link_disk_holder and partition scan (bsc#1012628). - md: Don't clear MD_CLOSING when the raid is about to stop (bsc#1012628). - kunit: Setup DMA masks on the kunit device (bsc#1012628). - ovl: Always reject mounting over case-insensitive directories (bsc#1012628). - kunit: test: Log the correct filter string in executor_test (bsc#1012628). - lib/cmdline: Fix an invalid format specifier in an assertion msg (bsc#1012628). - lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (bsc#1012628). - time: test: Fix incorrect format specifier (bsc#1012628). - rtc: test: Fix invalid format specifier (bsc#1012628). - net: test: Fix printf format specifier in skb_segment kunit test (bsc#1012628). - drm/xe/tests: Fix printf format specifiers in xe_migrate test (bsc#1012628). - drm: tests: Fix invalid printf format specifiers in KUnit tests (bsc#1012628). - md/raid1: factor out helpers to add rdev to conf (bsc#1012628). - md/raid1: record nonrot rdevs while adding/removing rdevs to conf (bsc#1012628). - md/raid1: fix choose next idle in read_balance() (bsc#1012628). - io_uring/net: unify how recvmsg and sendmsg copy in the msghdr (bsc#1012628). - io_uring/net: move receive multishot out of the generic msghdr path (bsc#1012628). - io_uring/net: fix overflow check in io_recvmsg_mshot_prep() (bsc#1012628). - nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse() (bsc#1012628). - x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (bsc#1012628). - x86/resctrl: Remove hard-coded memory bandwidth limit (bsc#1012628). - x86/resctrl: Read supported bandwidth sources from CPUID (bsc#1012628). - x86/resctrl: Implement new mba_MBps throttling heuristic (bsc#1012628). - x86/sme: Fix memory encryption setting if enabled by default and not overridden (bsc#1012628). - timekeeping: Fix cross-timestamp interpolation on counter wrap (bsc#1012628). - timekeeping: Fix cross-timestamp interpolation corner case decision (bsc#1012628). - timekeeping: Fix cross-timestamp interpolation for non-x86 (bsc#1012628). - x86/asm: Remove the __iomem annotation of movdir64b()'s dst argument (bsc#1012628). - sched/fair: Take the scheduling domain into account in select_idle_smt() (bsc#1012628). - sched/fair: Take the scheduling domain into account in select_idle_core() (bsc#1012628). ... changelog too long, skipping 1132 lines ... - commit 6a29422 ==== libproxy-backend ==== Version update (0.5.3 -> 0.5.4) - Update to version 0.5.4: + Add golang link to application page. + Improve libproxy test coverage. + Improve coverage. + Specify library version more completely. + Use the correct separator character for Windows ProxyOverride. + Improve handling of Windows proxy settings. + Add curl option to the generated config for backend instead. + Set initial state to online. + Windows: Detect scheme presence in proxy URLs more robustly. + Fix broken WPAD proxy resolution. ==== libproxy-client ==== Version update (0.5.3 -> 0.5.4) - Update to version 0.5.4: + Add golang link to application page. + Improve libproxy test coverage. + Improve coverage. + Specify library version more completely. + Use the correct separator character for Windows ProxyOverride. + Improve handling of Windows proxy settings. + Add curl option to the generated config for backend instead. + Set initial state to online. + Windows: Detect scheme presence in proxy URLs more robustly. + Fix broken WPAD proxy resolution. ==== libssh2_org ==== - Fix an issue with Encrypt-then-MAC family. [bsc#1221622] * Test the ETM feature in the remote end's configuration when receiving data. Upstream issue: #1331. * Add libssh2_org-ETM-remote.patch - Always add the KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com" when configuring custom method list. [bsc#1218971, CVE-2023-48795] * The strict-kex extension is announced in the list of available KEX methods. However, when the default KEX method list is modified or replaced, the extension is not added back automatically. * Add libssh2_org-CVE-2023-48795-ext.patch ==== libuv ==== Version update (1.47.0 -> 1.48.0) - Update to version 1..48.0 * CVE-2024-24806: Improper Domain Lookup that potentially leads to SSRF attacks (bsc#1219724) * misc: remove deprecated stalebot file * misc: ignore libuv-release-tool files * build,win: remove extraneous -lshell32 * build,win: work around missing uuid.dll on MinGW * build: disable windows asan buildbot * build: add .cache clangd folder to .gitignore * build: re-enable msvc-asan job on CI * linux: disable io_uring on hppa below kernel 6.1.51 * linux: remove HAVE_IFADDRS_H macro * linux: fix bind/connect for abstract sockets * linux: retry fs op if unsupported by io_uring * linux: disable io_uring on ppc64 and ppc64le * unix,win: utility for setting priority for thread * unix,win: fix read past end of pipe name buffer * unix,win: fix busy loop with zero timeout timers * unix,win: reset the timer queue on stop * unix: ignore ifaddrs with NULL ifa_addr * unix: unbreak macOS < 10.14 * unix: correct pwritev conditional * unix: support full TCP keep-alive on Solaris * unix: optimize uv__tcp_keepalive cpp directives * freebsd: fix F_KINFO file path handling * freebsd: fix build on non-intel archs * aix: disable ipv6 link local * aix,ibmi: use uv_interface_addresses instead of getifaddrs * win: remove check for UV_PIPE_NO_TRUNCATE * win: honor NoDefaultCurrentDirectoryInExePath env var * win: stop using deprecated names * win: replace c99 comments with c89 comments * win: fix ESRCH implementation * win/spawn: optionally run executable paths with no file extension * test: don't run tcp_writealot under msan * test: check if ipv6 link-local traffic is routable * test: skip tcp-write-in-a-row on IBM i * test: empty strings are not valid IDNA * test_fs.c: Fix issue on 32-bit systems using btrfs * idna: fix compilation warning * pipe: add back error handling to connect / bind * fix: always zero-terminate idna output * fix: reject zero-length idna inputs * doc: move cjihrig to emeriti * doc: add very basic Security Policy document * Merge pull request from GHSA-f74f-cvh7-c6q6 - Remove ppc64-disable-liburing.patch because it was applied in the current source code ==== libx86emu ==== - fix build on non-suse distributions ==== libzypp ==== Version update (17.32.0 -> 17.32.2) - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) Fixed the name of the keyword to "support_superseded" as it was agreed on in jsc#OBS-301. - version 17.32.2 (32) - Add resolver option 'removeUnneeded' to file weak remove jobs for unneeded packages (bsc#1175678) - version 17.32.1 (32) ==== pango ==== Subpackages: libpango-1_0-0 typelib-1_0-Pango-1_0 - added GraphicsMagick package as Recommends. The invocation of pango-view with the ft2 backend requires the gm command found in that package ==== plasma6-desktop ==== Subpackages: plasma6-desktop-emojier plasma6-desktop-lang plasma6-kimpanel-ibus - Add "-DBUILD_KCM_MOUSE_X11=OFF" for s390x - Move touchpad and mouse configuration to all (also for s390x) ==== python-cryptography ==== Version update (42.0.4 -> 42.0.5) - update to 42.0.5: * Limit the number of name constraint checks that will be performed in :mod:`X.509 path validation ` to protect against denial of service attacks. * Upgrade pyo3 version, which fixes building on PowerPC. ==== python-httpcore ==== Version update (1.0.4 -> 1.0.5) - update to 1.0.5: * Handle `EndOfStream` exception for anyio backend. * Allow trio `0.25.*` series in package dependancies. ==== python-numpy ==== - Add patch to fix detection of some features: * 0001-feature-module-Fix-handling-of-multiple-conflicts-pe.patch - Add patch to fix test failure on some platforms (boo#1221902): * 0001-BUG-Fix-test_impossible_feature_enable-failing-witho.patch ==== python-pyzmq ==== - Add %{?sle15_python_module_pythons}