Packages changed: ImageMagick (7.1.0.57 -> 7.1.0.60) c-ares (1.18.1 -> 1.19.0) dLeyna libimagequant (2.17.0 -> 2.18.0) libnvme (1.2 -> 1.3) librdkafka (1.9.2 -> 2.0.2) libreoffice nvme-cli (2.2.1 -> 2.3) perl-Net-Patricia systemd (252.4 -> 252.5) systemd-presets-branding-MicroOS (20200323 -> 20230130) xterm (377 -> 378) yast2-samba-client (4.5.2 -> 4.5.3) zsh === Details === ==== ImageMagick ==== Version update (7.1.0.57 -> 7.1.0.60) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - Update to 7.1.0.60 * https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#710-60 ==== c-ares ==== Version update (1.18.1 -> 1.19.0) - Update to version 1.19.0 Security: * Low. Stack overflow in ares_set_sortlist() which is used during c-ares initialization and typically provided by an administrator and not an end user. Changes: * Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for specifying a custom hosts file location. Bug fixes: * Fix memory leak in reading /etc/hosts when using localhost fallback. * Fix chain building c-ares when libresolv is already included by another project. * File lookup should not immediately abort as there may be other tries due to search criteria. * Asterisks should be allowed in host validation as CNAMEs may reference wildcard domains. * AutoTools build system referenced bad STDC_HEADERS macro. * Even if one address class returns a failure for ares_getaddrinfo() we should still return the results we have. * Fix ares_getaddrinfo() numerical address resolution with AF_UNSPEC * Fix tools and help information. * Various documentation fixes and cleanups. * Add include guards to ares_data.h * c-ares could try to exceed maximum number of iovec entries supported by system. * The RFC6761 6.3 states localhost subdomains must be offline too ==== dLeyna ==== - Add dLeyna-no-python-shebang.patch: remove /usr/bin/python shebang from download_sync_controller.py. The file is installed into a python 3.10 site-directory and thus clearly does not need a python2 shebang. ==== libimagequant ==== Version update (2.17.0 -> 2.18.0) - update to 2.18: - added more perceptually-weighed color selection - dropped problematic omp_set_nested() - fixed a rare memory leak ==== libnvme ==== Version update (1.2 -> 1.3) Subpackages: libnvme-mi1 libnvme1 - Update to version 1.3: * Support added for Flexible Data Placement (TP4146) * Fabrics: added support for Persistent Discovery Controllers. * libnvme-mi added a quirk framework to workaround special behavior of certain devices * The python binding behaves more friendly in a threading environment by release the GIL on blocking calls. * Replaced 3the libsystemd dependency with libdbus * A lot of small fixes everywhere (leaks, wrong ordering of arguments, ...) - Update spec file * Project depends on meson >= 0.50.0 ==== librdkafka ==== Version update (1.9.2 -> 2.0.2) - update to 2.0.2: * OffsetFetch Protocol Update (#3995). * Add Consumer Group operations to Admin API (started by @lesterfan, #3995). * Allow listing consumer groups per state (#3995). * Partially implemented: support for AlterConsumerGroupOffsets * OpenSSL 3.0.x support - the maximum bundled OpenSSL version is now 3.0.7 (previously 1.1.1q). * Fixes to the transactional and idempotent producer. * The introduction of OpenSSL 3.0.x in the self-contained librdkafka bundles changes the default set of available ciphers, in particular all obsolete or insecure ciphers and algorithms as listed in the OpenSSL legacy manual page are now disabled by default. Should you need to use any of these old ciphers you'll need to explicitly enable the `legacy` provider by configuring `ssl.providers=default,legacy` on the librdkafka client. OpenSSL 3.0.x deprecates the use of engines, which is being replaced by providers. As such librdkafka will emit a deprecation warning if `ssl.engine.location` is configured. OpenSSL providers may be configured with the new `ssl.providers` configuration property. The default value for `ssl.endpoint.identification.algorithm` has been changed from `none` (no hostname verification) to `https`, which enables broker hostname verification (to counter man-in-the-middle impersonation attacks) by default. To restore the previous behaviour, set `ssl.endpoint.identification.algorithm` to `none`. * The Consumer Batch APIs `rd_kafka_consume_batch()` and `rd_kafka_consume_batch_queue()` are not thread safe if `rkmessages_size` is greater than 1 and any of the **seek**, * *pause**, **resume** or **rebalancing** operation is performed in parallel with any of the above APIs. Some of the messages might be lost, or erroneously returned to the application, in the above scenario. * It is strongly recommended to use the Consumer Batch APIs and the mentioned operations in sequential order in order to get consistent result. * For **rebalancing** operation to work in sequencial manner, please set `rebalance_cb` configuration property (refer [examples/rdkafka_complex_consumer_example.c] * (examples/rdkafka_complex_consumer_example.c) for the help with the usage) for the consumer. * Added `rd_kafka_sasl_set_credentials()` API to update SASL credentials. * Setting `allow.auto.create.topics` will no longer give a warning if used by a producer, since that is an expected use case. Improvement in documentation for this property. * Added a `resolve_cb` configuration setting that permits using custom DNS resolution logic. * Added `rd_kafka_mock_broker_error_stack_cnt()`. * The librdkafka.redist NuGet package has been updated to have fewer external dependencies for its bundled librdkafka builds, as everything but cyrus-sasl is now built-in. There are bundled builds with and without linking to cyrus-sasl for maximum compatibility. * Admin API DescribeGroups() now provides the group instance id for static members KIP-345 (#3995). * Fixed memory leak when loading SSL certificates (@Mekk, #3930) * Load all CA certificates from `ssl.ca.pem`, not just the first one. * Each HTTP request made when using OAUTHBEARER OIDC would leak a small amount of memory. * When a PID epoch bump is requested and the producer is waiting to reconnect to the transaction coordinator, a failure in a find coordinator request could cause an assert to fail. This is fixed by retrying when the coordinator is known (#4020). * Transactional APIs (except `send_offsets_for_transaction()`) that timeout due to low timeout_ms may now be resumed by calling the same API again, as the operation continues in the background. * For fatal idempotent producer errors that may be recovered by bumping the epoch the current transaction must first be aborted prior to the epoch bump. This is now handled correctly, which fixes issues seen with fenced transactional producers on fatal idempotency errors. * Timeouts for EndTxn requests (transaction commits and aborts) are now automatically retried and the error raised to the application is also a retriable error. * TxnOffsetCommitRequests were retried immediately upon temporary errors in `send_offsets_to_transactions()`, causing excessive network requests. These retries are now delayed 500ms. * If `init_transactions()` is called with an infinite timeout (-1), the timeout will be limited to 2 * `transaction.timeout.ms`. The application may retry and resume the call if a retriable error is returned. * Back-off and retry JoinGroup request if coordinator load is in progress. * Fix `rd_kafka_consume_batch()` and `rd_kafka_consume_batch_queue()` skipping other partitions' offsets intermittently when **seek**, **pause**, **resume** or **rebalancing** is used for a partition. * Fix `rd_kafka_consume_batch()` and `rd_kafka_consume_batch_queue()` intermittently returing incorrect partitions' messages if **rebalancing** happens during these operations. ==== libreoffice ==== Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - add boost-181.patch to fix build with boost 1.81.x ==== nvme-cli ==== Version update (2.2.1 -> 2.3) Subpackages: nvme-cli-bash-completion nvme-cli-zsh-completion - Update to version 2.3: * Added support for Flexible Data Placement (TP4146) * Added Persistent Discovery Controller support (TP8013/TP8014) * nvme-mi: support for firmware downloads * nvme device-self-test learned the --wait command line argument which makes nvme-cli to wait (incl. progress bar) in foreground until the test has finished. * A lot of bug fixes all over the place - Update spec file * Project depends on meson >= 0.50.0 * make build dependency dropped ==== perl-Net-Patricia ==== - no-libnsl.diff: don't link against libnsl if we don't use it ==== systemd ==== Version update (252.4 -> 252.5) Subpackages: libsystemd0 libsystemd0-32bit libudev1 libudev1-32bit systemd-32bit systemd-container systemd-devel systemd-lang udev - Import commit d87834a33444b7163e741e1089e82b44af663808 (merge of v252.5) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/5a506d73bde7ba9261985f8e9ce084044a519432...d87834a33444b7163e741e1089e82b44af663808 - Move the bash completion support for systemd-cryptenroll in udev. - systemd-testsuite: move the integration tests in a dedicated sub directory. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. ==== systemd-presets-branding-MicroOS ==== Version update (20200323 -> 20230130) - Introduce 50-default-MicroOS-user.preset to allow Systemd user units for MicroOS users - Add transactional-update-notifier Systemd user unit to default user preset. This will allow MicroOS Desktop users to have Desktop notifications about transactional updates either succeeding or failing. The D-Bus service in use have been audited already (boo#1206163). - 20230130 ==== xterm ==== Version update (377 -> 378) Subpackages: xterm-bin xterm-resize - update to 378: * improve descriptions of XTQMODKEYS and XTQALLOWED features in ctlseqs.ms (reports by Bram Moolenaar, Thomas Wolff). * add bracketed+paste and report+version building blocks to terminfo, from ncurses 6.4 * improve check for unsupported formatting characters, e.g., zero-width space, to properly ignore them (report by Thomas Wolff). * improve/document error-checking for some of the controls which return responses: DECRQSS, XTGETXRES, XTSETTCAP, XTGETTCAP (prompted by discussion with David Leadbeater). * improve limit-checks for fallback font cache (report by Dimitrije Erdeljan). * improve check for too-wide glyph in fallback font by allowing xterm to continue searching for a suitable font rather than just failing on the first. Also add limitFontWidth to allow changing the amount by which a glyph must extend outside the font's bounding box to disallow it. ==== yast2-samba-client ==== Version update (4.5.2 -> 4.5.3) - Add join option for enabling group policy; (bsc#1207604). - 4.5.3 ==== zsh ==== - Replace transitional %usrmerged macro with regular version check (boo#1206798)