Packages changed: 389-ds (2.4.0~git18.37ec5cd -> 2.4.0~git74.4297d88) bluez busybox-links ca-certificates-mozilla (2.60 -> 2.62) gdm gnome-disk-utility gtk3 gtk4 (4.10.5 -> 4.12.0) kmod mozjs102 (102.12.0 -> 102.14.0) ndctl (76 -> 78) postgresql15 (15.3 -> 15.4) python-M2Crypto python-PyYAML (6.0 -> 6.0.1) python-alembic (1.11.1 -> 1.11.2) python-cryptography (41.0.2 -> 41.0.3) python-gevent (22.10.2 -> 23.7.0) python-lxml (4.9.2 -> 4.9.3) python-typing_extensions (4.5.0 -> 4.7.1) w3m yast2-trans (84.87.20230729.64eca7e0a1 -> 84.87.20230811.13616e3be9) === Details === ==== 389-ds ==== Version update (2.4.0~git18.37ec5cd -> 2.4.0~git74.4297d88) Subpackages: lib389 libsvrcore0 - Update to version 2.4.0~git74.4297d88: * issue 5890 part 2 - Need a tester for testing multiple listening thread feature (#5897) * Issue i5846 - Crash when lmdb import is aborted (#5881) * Issue 5894 - lmdb import error fails with Could not store the entry (#5895) * Issue 5890 - Need a tester for testing multiple listening thread feature (#5891) * Issue 5082 - slugify: ModuleNotFoundError when running test cases - Update to version 2.4.0~git69.89c2de5: * Issue 4551 - Part 2 - Fix build warning of previous PR (#5888) * Issue 5834 - AccountPolicyPlugin erroring for some users (#5866) * Issue 5872 - part 2 - fix is_dbi regression (#5887) * Issue 4758 - Add tests for WebUI * Issue 5848 - dsconf should prevent setting the replicaID for hub and consumer roles (#5849) * Issue 5883 - Remove connection mutex contention risk on autobind (#5886) * Issue 5872 - `dbscan()` in lib389 can return bytes * Bump version to 2.4.3 * Issue 5729 - Memory leak in factory_create_extension (#5814) * Issue 5870 - ns-slapd crashes at startup if a backend has no suffix (#5871) ==== bluez ==== Subpackages: bluez-auto-enable-devices bluez-cups bluez-zsh-completion libbluetooth3 - For pushing bluez 5.68 to 15-SP6 (bluez-5.65), sync change log: (jsc#PED-5599) - The avrcp-Fix-crash-while-handling-unsupported-events.patch be merged to bluez-5.67 since 2023. (bsc#1210398)(CVE-2023-27349) ==== busybox-links ==== Subpackages: busybox-bzip2 busybox-coreutils busybox-ed busybox-findutils busybox-gawk busybox-grep busybox-gzip busybox-misc busybox-psmisc busybox-sed busybox-sendmail busybox-tar busybox-which busybox-xz - Check in filelists instead of buildrequiring all non-busybox utils ==== ca-certificates-mozilla ==== Version update (2.60 -> 2.62) - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ==== gdm ==== Subpackages: gdm-lang gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Do not use %autopatch to build on SLE where rpm version is not ready for the macro. ==== gnome-disk-utility ==== Subpackages: gnome-disk-utility-lang - Support build environments like SLE 15 SP5 and Leap 15.5 which had %{_distconfdir) not defined yet. ==== gtk3 ==== Subpackages: gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-tigrigna gtk3-immodule-vietnamese gtk3-immodule-xim gtk3-lang gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Do not use %autopatch to build on SLE where rpm version is not ready for the macro. ==== gtk4 ==== Version update (4.10.5 -> 4.12.0) Subpackages: gtk4-lang gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.12.0: + List widgets: Add scroll_to APIs + GtkFileLauncher: Add an always-ask property + GtkTextView: Make backspace behavior match GtkEntry + gsk: Fix handling of luminance in mask nodes + Text rendering: Automate the setting of gtk-hint-font-metrics from the scale factor. This improves font rendering in flatpaks + Wayland: - Fix behavior of stylus buttons - Support suspended window state + Vulkan: Many improvements + Tools: Add gtk4-rendernode-tool + Debugging: Drop the GTK_DEBUG_TOUCHSCREEN flag + Build: Some build options have been renamed: - gtk_doc -> documentation - update_screenshots -> screenshots - The old names still work + Updated translations. - Update option passed to meson following upstream changes. - Update to version 4.11.4: + GtkFileChooser: - Default to sorting folders first - Fix a crash when visiting recent files + GtkTextView: Fix corner cases in word navigation + GtkMenuButton: Normalize label layout + GtkDropDown: Add support for sections + GtkVideo: Make the overlay icon clickable + GtkWindow: Clear the resize cursors to avoid artifacts + GtkFileDialog: Always set initial-folder + GtkDropDown: Update on expression changes + GtkMapListModel: Implement GtkSectionModel + Accessibility: - Improvements all over the place: GtkButton, GtkPasswordEntry, GtkFontChooserDialog, GtkColorChooserDialog, GtkShortcutsWindow, GtkMenuButton, GtkAboutDialog, GtkFileChooserDialog, GtkStackSidebar, GtkStackSwitcher, GtkMediaControls, GtkColorDialogButton, GtkDropDown, GtkInfoBar, GtkNotebook, GtkPrintUnixDialog, GtkModelButton - Make name computation follow the ARIA spec more closely - Adapt name computation for the common 'nested button' scenario - Change many containers to use `generic` instead of `group` - Use `generic` as the default role - Use `application` instead of `window` for windows - Add properties for accessible names of not directly exposed widgets in GtkListView, GtkGridView and GtkColumnView + DND: Fix criticals when drops are rejected + X11: Fix regressions in GLX setup + Windows: Center newly created transient windows + Vulkan: - Add antialising for gradients - Do less work on clipped away nodes - Redo image uploading - Support different image depths and formats - Add a pipeline cache + Demos: - gtk4-demo: Improve window sizing - gtk4-demo: Improve focus behavior - gtk4-demo: Add many missing a11y properties + Tools: gtk4-builder-tool: Make render an alias screenshot + Inspector: - Show more information in the a11y tab - Add an accessibility overlay with warnings and recommendations - Limit the width of the a11y tab + Build: - Require GLib 2.76 - Make asan builds work again - Fix the build if ld is not ld.bdf + Updated translations. ==== kmod ==== Subpackages: kmod-bash-completion libkmod2 - Remove compatibility patches, add README.usrmerge (boo#1212835). * Delete Provide-fallback-for-successfully-running-make-modules_install.patch * Delete compat-module_directory-module_prefix.patch ==== mozjs102 ==== Version update (102.12.0 -> 102.14.0) - Update to version 102.14.0: + Various security fixes and other quality improvements. + CVE-2023-4045: Offscreen Canvas could have bypassed cross-origin restrictions. + CVE-2023-4046: Incorrect value used during WASM compilation. + CVE-2023-4047: Potential permissions request bypass via clickjacking. + CVE-2023-4048: Crash in DOMParser due to out-of-memory conditions. + CVE-2023-4049: Fix potential race conditions when releasing platform objects. + CVE-2023-4050: Stack buffer overflow in StorageManager. + CVE-2023-4054: Lack of warning when opening appref-ms files. + CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar state. + CVE-2023-4056: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14. - Changes from version 102.13.0: + Various security fixes and other quality improvements. + CVE-2023-37201: Use-after-free in WebRTC certificate generation + CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey + CVE-2023-37207: Fullscreen notification obscured + CVE-2023-37208: Lack of warning when opening Diagcab files + CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 ==== ndctl ==== Version update (76 -> 78) - Update to version 78 * Improved CXL support (jsc#PED-5804, jsc#PED-6162) - Remove upstreamed patches - cxl-monitor-fix-include-paths-for-tracefs-and-tracee.patch - cxl-event-trace-use-the-wrapped-util_json_new_u64.patch ==== postgresql15 ==== Version update (15.3 -> 15.4) Subpackages: libpq5 postgresql15-contrib postgresql15-server - Update to 15.4: * bsc#1214059, CVE-2023-39417: Disallow substituting a schema or owner name into an extension script if the name contains a quote, backslash, or dollar sign. * bsc#1214061, CVE-2023-39418: Fix MERGE to enforce row security policies properly. * https://www.postgresql.org/docs/15/release-15-4.html - Restore the independence of mini builds from the main build after the -mini name change from April 4, 2023. - Adjust icu handling to prepare for PostgreSQL 16. - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. ==== python-M2Crypto ==== - Make tests running again. ==== python-PyYAML ==== Version update (6.0 -> 6.0.1) - update to 6.0.1: * pin Cython to < 3.0 ==== python-alembic ==== Version update (1.11.1 -> 1.11.2) - update to 1.11.2: * Added typing to the default script mako templates. * Added support in autogenerate for NULLS NOT DISTINCT in * the PostgreSQL dialect. * Fixed format string logged when running a post write hook * Added parameters if_exists and if_not_exists for index operations. ==== python-cryptography ==== Version update (41.0.2 -> 41.0.3) - update to 41.0.3: * Fixed performance regression loading DH public keys. * Fixed a memory leak when using * :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20 Poly1305`. ==== python-gevent ==== Version update (22.10.2 -> 23.7.0) - update to 23.7.0: * Add preliminary support for Python 3.12, using greenlet 3.0a1. * Update the bundled c-ares version to 1.19.1. * Fix an edge case connecting a non-blocking ``SSLSocket`` that could result in an AttributeError. In a change to match the standard library, calling ``sock.connect_ex()`` on a subclass of ``socket`` no longer calls the subclass's ``connect`` method. * Make gevent's ``FileObjectThread`` (mostly used on Windows) implement ``readinto`` cooperatively. * Work around an ``AttributeError`` during cyclic garbage collection when Python finalizers (``__del__`` and the like) attempt to use gevent APIs. This is not a recommended practice, and it is unclear if catching this ``AttributeError`` will fix any problems or just shift them. * Remove support for obsolete Python versions. This is everything prior to 3.8. * Stop using ``pkg_resources`` to find entry points (plugins). Instead, use ``importlib.metadata``. * Honor ``sys.unraisablehook`` when a callback function produces an exception, and handling the exception in the hub * also* produces an exception. - drop skip-tests-in-leap.patch handle-python-ssl-changes.patch (obsolete) ==== python-lxml ==== Version update (4.9.2 -> 4.9.3) - update to 4.9.3: * ``lxml.objectify`` accepted non-decimal numbers like ``²²²`` as integers. * A memory leak in ``lxml.html.clean`` was resolved by switching to Cython 0.29.34+. * GH#348: URL checking in the HTML cleaner was improved. * GH#371, GH#373: Some regex strings were changed to raw strings to fix Python warnings. * Built with Cython 0.29.36 to adapt to changes in Python 3.12. ==== python-typing_extensions ==== Version update (4.5.0 -> 4.7.1) - update to version 4.7.1: - Fix support for `TypedDict`, `NamedTuple` and `is_protocol` on PyPy-3.7 and PyPy-3.8. Patch by Alex Waygood. Note that PyPy-3.7 and PyPy-3.8 are unsupported by the PyPy project. The next feature release of typing-extensions will drop support for PyPy-3.7 and may also drop support for PyPy-3.8. - update to version 4.7.0: - This is expected to be the last feature release supporting Python 3.7, which reaches its end of life on June 27, 2023. Version 4.8.0 will support only Python 3.8.0 and up. - Fix bug where a `typing_extensions.Protocol` class that had one or more non-callable members would raise `TypeError` when `issubclass()` was called against it, even if it defined a custom `__subclasshook__` method. The correct behaviour -- which has now been restored -- is not to raise `TypeError` in these situations if a custom `__subclasshook__` method is defined. Patch by Alex Waygood (backporting https://github.com/python/cpython/pull/105976). - update to version 4.7.0rc1: - Add `typing_extensions.get_protocol_members` and `typing_extensions.is_protocol` (backport of CPython PR #104878). Patch by Jelle Zijlstra. - `typing_extensions` now re-exports all names in the standard library's `typing` module, except the deprecated `ByteString`. Patch by Jelle Zijlstra. - Due to changes in the implementation of `typing_extensions.Protocol`, `typing.runtime_checkable` can now be used on `typing_extensions.Protocol` (previously, users had to use `typing_extensions.runtime_checkable` if they were using `typing_extensions.Protocol`). - Align the implementation of `TypedDict` with the implementation in the standard library on Python 3.9 and higher. `typing_extensions.TypedDict` is now a function instead of a class. The private functions `_check_fails`, `_dict_new`, and `_typeddict_new` have been removed. `is_typeddict` now returns `False` when called with `TypedDict` itself as the argument. Patch by Jelle Zijlstra. - Declare support for Python 3.12. Patch by Jelle Zijlstra. - Fix tests on Python 3.13, which removes support for creating `TypedDict` classes through the keyword-argument syntax. Patch by Jelle Zijlstra. - Fix a regression introduced in v4.6.3 that meant that ``issubclass(object, typing_extensions.Protocol)`` would erroneously raise ``TypeError``. Patch by Alex Waygood (backporting the CPython PR https://github.com/python/cpython/pull/105239). - Allow `Protocol` classes to inherit from `typing_extensions.Buffer` or `collections.abc.Buffer`. Patch by Alex Waygood (backporting https://github.com/python/cpython/pull/104827, by Jelle Zijlstra). - Allow classes to inherit from both `typing.Protocol` and `typing_extensions.Protocol` simultaneously. Since v4.6.0, this caused `TypeError` to be raised due to a metaclass conflict. Patch by Alex Waygood. - Backport several deprecations from CPython relating to unusual ways to create `TypedDict`s and `NamedTuple`s. CPython PRs #105609 and #105780 by Alex Waygood; `typing_extensions` backport by Jelle Zijlstra. - Creating a `NamedTuple` using the functional syntax with keyword arguments (`NT = NamedTuple("NT", a=int)`) is now deprecated. - Creating a `NamedTuple` with zero fields using the syntax `NT = NamedTuple("NT")` or `NT = NamedTuple("NT", None)` is now deprecated. - Creating a `TypedDict` with zero fields using the syntax `TD = TypedDict("TD")` or `TD = TypedDict("TD", None)` is now deprecated. - Fix bug on Python 3.7 where a protocol `X` that had a member `a` would not be considered an implicit subclass of an unrelated protocol `Y` that only has a member `a`. Where the members of `X` are a superset of the members of `Y`, `X` should always be considered a subclass of `Y` iff `Y` is a runtime-checkable protocol that only has callable members. Patch by Alex Waygood (backporting CPython PR https://github.com/python/cpython/pull/105835). - update to version 4.6.3 (June 1, 2023) - Fix a regression introduced in v4.6.0 in the implementation of runtime-checkable protocols. The regression meant that doing `class Foo(X, typing_extensions.Protocol)`, where `X` was a class that had `abc.ABCMeta` as its metaclass, would then cause subsequent `isinstance(1, X)` calls to erroneously raise `TypeError`. Patch by Alex Waygood (backporting the CPython PR https://github.com/python/cpython/pull/105152). - Sync the repository's LICENSE file with that of CPython. `typing_extensions` is distributed under the same license as CPython itself. - Skip a problematic test on Python 3.12.0b1. The test fails on 3.12.0b1 due to a bug in CPython, which will be fixed in 3.12.0b2. The `typing_extensions` test suite now passes on 3.12.0b1. - update to version 4.6.2: - Fix use of `@deprecated` on classes with `__new__` but no `__init__`. Patch by Jelle Zijlstra. - Fix regression in version 4.6.1 where comparing a generic class against a runtime-checkable protocol using `isinstance()` would cause `AttributeError` to be raised if using Python 3.7. - update to version 4.6.1: - Change deprecated `@runtime` to formal API `@runtime_checkable` in the error message. Patch by Xuehai Pan. - Fix regression in 4.6.0 where attempting to define a `Protocol` that was generic over a `ParamSpec` or a `TypeVarTuple` would cause `TypeError` to be raised. Patch by Alex Waygood. - update to version 4.6.0: - `typing_extensions` is now documented at https://typing-extensions.readthedocs.io/en/latest/. Patch by Jelle Zijlstra. - Add `typing_extensions.Buffer`, a marker class for buffer types, as proposed by PEP 688. Equivalent to `collections.abc.Buffer` in Python 3.12. Patch by Jelle Zijlstra. - Backport two CPython PRs fixing various issues with `typing.Literal`: https://github.com/python/cpython/pull/23294 and https://github.com/python/cpython/pull/23383. Both CPython PRs were originally by Yurii Karabas, and both were backported to Python >=3.9.1, but ... changelog too long, skipping 69 lines ... https://github.com/python/cpython/pull/104048). Patch by Alex Waygood. ==== w3m ==== - CVE-2023-38253: out-of-bounds read in growbuf_to_Str() at w3m/indep.c (bsc#1213323) - CVE-2023-38252 out-of-bounds read in Strnew_size() at w3m/Str.c (bsc#1213324) - add 0001-Fix-OOB-access-due-to-multiple-backspaces.patch ==== yast2-trans ==== Version update (84.87.20230729.64eca7e0a1 -> 84.87.20230811.13616e3be9) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sr yast2-trans-sv yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20230811.13616e3be9: * Translated using Weblate (Georgian) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Czech) * Translated using Weblate (Dutch) * Translated using Weblate (Czech) * Translated using Weblate (Dutch) * Translated using Weblate (Czech) * New POT for text domain 'users'. * New POT for text domain 'storage'. * New POT for text domain 'sap-installation-wizard'. * New POT for text domain 'qt-pkg'. * New POT for text domain 'qt'. * New POT for text domain 'pam'. * New POT for text domain 'ncurses'. * New POT for text domain 'migration_sle'. * New POT for text domain 'kdump'. * New POT for text domain 'installation'. * New POT for text domain 'control'.