Packages changed: SVT-AV1 (1.4.1 -> 1.6.0) acpica (20221020 -> 20230331) cloud-init-config-MicroOS flac (1.4.2 -> 1.4.3) kdump (1.0.3 -> 1.9.2) libcontainers-common libnettle lockdev lvm2 lvm2-device-mapper mozjs102 (102.11.0 -> 102.12.0) perl-Bootloader (1.2 -> 1.4) pipewire (0.3.71 -> 0.3.72) publicsuffix (20230613 -> 20230616) python-Twisted python-cryptography (40.0.2 -> 41.0.1) python-service_identity (21.1.0 -> 23.1.0) rtkit snapper (0.10.4 -> 0.10.5) strace (6.3 -> 6.4) yast2-kdump (4.6.0 -> 4.6.1) zlib-ng-compat === Details === ==== SVT-AV1 ==== Version update (1.4.1 -> 1.6.0) - Enable build on riscv64 - Update to release 1.6.0 * Improved the tradeoffs for the random access mode across presets M1-M13: * Speeding up the higher quality presets by 30-40% * Improving the BD-rate by 1-4% for the faster presets * Improved the tradeoffs for the low delay mode for both screen content and non-screen content encoding modes * Added a toggle to remove the legacy one-frame buffer at the input of the pipeline allowing the low delay mode to operate at sub-frame processing latencies * Added a new API allowing the user to specify quantization offsets for a region of interest per frame ==== acpica ==== Version update (20221020 -> 20230331) - Update to version 20230331 * Add C Flexible Array support. * Add support for 64 bit LoongArch compilation. * Add first batch of RISC-V related definitions. * hwvalid: Drop port I/O validation. * iASL: Added full macro support in the preprocessor. * Add support for AMD Secure Processor Table (ASPT) version 1. * Add support for Arm's MPAM ACPI table version 2. * ACPI 6.5: MADT: add support for trace buffer extension in GICC. * Headers: Delete bogus NodeArray array of pointers from AEST table. ==== cloud-init-config-MicroOS ==== - set distro to opensuse-microos in cloud.cfg ==== flac ==== Version update (1.4.2 -> 1.4.3) - Update to version 1.4.3: + General * All PowerPC-specific code has been removed, as it turned out those improvements didn't actually improve anything * Large improvements in encoder speed for all presets. The largest change is for the fastest presets and for 24-bit and 32-bit inputs. * Small improvement in decoder speed for BMI2-capable CPUs * Various documentation fixes and cleanups * Various fixes * Fix building on Universal Windows Platform + flac * A lot of small fixes for bugs found by fuzzing * Various improvements to the --keep-foreign-metadata and - -keep-foreign-metadata-if-present options on decoding + The output format (WAV/AIFF/RF64 etc.) is now automatically selected based on what kind of foreign metadata is stored + Decoded file is checked afterwards, to see whether stored foreign format data agrees with FLAC audio properties + AIFF-C sowt data can now be restored * Add --force-legacy-wave-format option, to decode to WAV with WAVEFORMATPCM where WAVE_FORMAT_EXTENSIBLE would be more appropriate * Add --force-aiff-c-none-format and --force-aiff-c-sowt-format to decode to AIFF-C * The storage of WAVEFORMATEXTENSIBLE_CHANNEL_MASK is no longer restricted to known channel orderings * Throw an error when WAV or AIFF files are over 4GiB in length and the --ignore-chunk-sizes option is not set * Warn on testing files when ID3v2 tags are found * Warn when data trails the audio data of a WAV/AIFF/RF64/W64 file * Fix output file not being deleted after error on Windows * Removal of the --sector--align option + metaflac * A lot of small fixes for bugs found by fuzzing * Added options --append and --data-format, which makes it possible to copy metadata blocks from one FLAC file to another * Added option --remove-all-tags-except * Added option --show-all-tags + libFLAC * No longer write seektables to Ogg, even when specifically asked for. Seektables in Ogg are not defined * Add functions FLAC__metadata_object_set_raw and FLAC__metadata_object_get_raw to convert between blob and FLAC__StreamMetadata + Build system * Autoconf (configure): The option --enable-64-bit-words is now on by default * CMake: The option ENABLE_64_BIT_WORDS is now on by default + Testing/validation * Fuzzers were added for the flac and metaflac command line tools * Fuzzer coverage was improved - Changed source to github link since it wasn't released in the xiph page. ==== kdump ==== Version update (1.0.3 -> 1.9.2) - upgrade to version 1.9.2 * adapt kdumptool to work with YaST * wait for SMTP server to become reachable - upgrade to version 1.9.1 * reimplement e-mail notifications - upgrade to version 1.9 * complete rewrite of kdump-save and parts of initrd generation * mounts are now entirely handled by dracut * deprecated: split dumps (saving to more than one targets at once) * deprecated: KDUMPTOOL_FLAGS option removed; original XENALLDOMAINS is now the default, disable with MAKEDUMPFILE_OPTIONS=-X * deprecated: notification e-mails * deprecated: copying of the kernel image (KDUMP_COPY_KERNEL) * FTP and SFTP are now handled by lftp, added to the spec file as Recommends: * SSH and SFTP now support passwords provided in the URL * fixed KDUMP_SSH_HOST_KEY, now needs to include the key type * new KDUMP_DUMPFORMAT=raw, will save an unmodified /proc/vmcore * the output directory name is now YYYY-MM-DD-HH-MM, i.e. the separator between HH and MM changed * unified default KDUMP_SAVEDIR across config, code and man to /var/crash * ping is now used to detect network is up; disable with KDUMP_NET_TIMEOUT=0 * all the yes/no options changed to true/false; yes/no/1/0 still accepted * put the kdump initrd in /var/lib/kdump/initrd * use default kernel symlink (/boot/vmlinuz) instead of kernel autodetection * KDUMP_KERNELVER can specify an absolute path to a kernel image * improved mkdumprd detection of changed settings * removed all of kdumptool except the calibrate subcommand * cleaned up dependencies (ssh now only Recommended) ==== libcontainers-common ==== Subpackages: libcontainers-default-policy - Remove unused grep requirement - Resolve choice on openSUSE distributions for libcontainer-policy by suggesting the libcontainers-openSUSE-policy explicitly. ==== libnettle ==== Subpackages: libhogweed6 libnettle8 - Add the architecture specific READMEs as provided by upstream. ==== lockdev ==== Subpackages: liblockdev1 - lock group is created by system-group-hardware - use sysusers mechanism to create lock group and tmpfiles for /{var/,}run (boo#1078466) - add lockdev-debug.diff ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613) - bug-1212613_apply-multipath_component_detection-0-to-duplicate-P.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613) - bug-1212613_apply-multipath_component_detection-0-to-duplicate-P.patch ==== mozjs102 ==== Version update (102.11.0 -> 102.12.0) - Update to version 102.12.0: + Various security fixes. + CVE-2023-34414: Click-jacking certificate exceptions through rendering lag. ==== perl-Bootloader ==== Version update (1.2 -> 1.4) - merge gh#openSUSE/perl-bootloader#151 - default-settings: support non-x86 architectures - add man pages for all commands - 1.4 - merge gh#openSUSE/perl-bootloader#149 - use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) - 1.3 ==== pipewire ==== Version update (0.3.71 -> 0.3.72) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 0.3.72: * Highlights - Fix a critical bug that would refuse to update the samplerate or buffersize in JACK clients. - A new module-netjack2-driver and module-netjack2-manager were added that are compatible with NETJACK2. This allows PipeWire to become a NETJACK2 manager or a driver between JACK2 or PipeWire servers. - Support was added for firewire devices with FFADO. This is untested for now and MIDI is not implemented yet. - The node scheduling was optimized some more. External drivers are now as efficient as in-server ones. This should improve performance of various drivers such as bluetooth and JACK based drivers. - Many, many bug fixes and a ton of improvements. * PipeWire - pw-filter can now be used to write sinks and sources. - The node activation for drivers was changed. The driver now does not need to go to the server to start the processing cycle. This makes out-of-server drivers as efficient as in-server drivers. - Don't try to use drivers with 0 priority as fallback drivers. This avoids making the screencast driver a driver for audio. - Improve xrun count reporting in pw-top and the profiler. Now each node has their own xrun counter updated when it fails to complete processing during the cycle. - pw-filter now also has support for TRIGGER. - A potential fd leak was found when fds were send to a zombie client. - Fix a bug where monitor or capture streams were logged twice in the profiler. - Remove stream hooks safely. - A bug in serialization of container properties was fixed. This could result in truncated property values. - The PIPEWIRE_AUTOCONNECT environment variable now always overrides the autoconnect settings of streams. - Node, port and link destroy now avoids some useless work. - Port will now try to renegotiate a new format when idle. * Modules - The module-sap now is more compatible with AES67. - A new FFADO driver module was added. This is completely untested because of lack of hardware. Please test and report issues. - A new NETJACK2 driver and a NETJACK2 manager module were added. These should be drop in replacements for the JACK2 parts. - The RAOP discover module now tries harder to only list devices once. - The zeroconf discover module now tries harder to only list devices once. - The RAOP sink module now handles latency better and is compatible with some more devices. - The loopback and filter-chain modules now always dequeue the last input buffer to avoid stuttering in some cases. - The SPA node factory module can now also export nodes. This is used to export the PTP clock from the AES67 config file. - A bug in module-jack-tunnel was fixed that would cause stuttering and corrupted output in some cases. - The resampler is now disabled in module-loopback and filter-chain when the samplerate is set to follow the graph rate. - The way the mixer peer is sent to clients was improved. It is now also possible to let a remote node know about mixer port removes, which can avoid memory leaks and some code simplifications. * SPA - Monitor ports now report latency correctly. - The ALSA plugin now uses htimestamp to get a more accurate ringbuffer position to estimate the clock skew. - The channelmixer now has min/max-volume settings to limit or fix the volume. - The ALSA plugin can now control the playback and capture rate of USB gadgets. This can avoid resampling and instead use the USB feedback to control the rate. - The ALSA output to multiple devices has been improved, some lockups are avoided when the device ringbuffer is full. - The compress-offload sink has improved negotiation. * pulse-server - Only try to use GSettings when the schema exists. - @DEFAULT_SOURCE@, @DEFAULT_SINK@ and @DEFAULT_MONITOR@ are now correctly handled as targets in playback and capture streams. - 2 new quirks are added to disable volume updates on sinks/sources. - The virtual-sink and virtual-source modules were added. These are really example modules but actually also work and are useful on PulseAudio so implement them as well. - Fix initial stream volumes. * Bluetooth - Only register A2DP or BAP when we have codecs. - Include codec into the media.name * JACK - Fix a critical bug that would refuse to update the samplerate or buffersize. - Improve updates of samplerate/buffersize, delay the updates until the client is activated. - Use the new mix-info updates to simplify the mixer setup and peer detection. * GStreamer ... changelog too long, skipping 5 lines ... the ld.so.conf.d file). ==== publicsuffix ==== Version update (20230613 -> 20230616) - Update to version 20230616: * Add 63 geographical domains for .vn ccTLD (#1776) * util: gTLD data autopull updates for 2023-06-16T15:12:40 UTC (#1778) * util: gTLD data autopull updates for 2023-06-14T15:13:06 UTC (#1777) ==== python-Twisted ==== Subpackages: python311-Twisted python311-Twisted-tls - add regenerate-cert-to-work-with-latest-service-identity.patch remove-pynacl-optional-dependency.patch: backports from main git to fix tests with newer dependency versions ==== python-cryptography ==== Version update (40.0.2 -> 41.0.1) - update to 41.0.1 (bsc#1212568): * Temporarily allow invalid ECDSA signature algorithm parameters in X.509 certificates, which are generated by older versions of Java. * Allow null bytes in pass phrases when serializing private keys. * **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than 1.1.1d has been removed. Users on older version of OpenSSL will need to upgrade. * **BACKWARDS INCOMPATIBLE:** Support for Python 3.6 has been removed. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.6. * Updated the minimum supported Rust version (MSRV) to 1.56.0, from 1.48.0. * Added support for the :class:`~cryptography.x509.OCSPAcceptableResponses` OCSP extension. * Added support for the :class:`~cryptography.x509.MSCertificateTemplate` proprietary Microsoft certificate extension. * Implemented support for equality checks on all asymmetric public key types. * Added support for ``aes256-gcm@openssh.com`` encrypted keys in :func:`~cryptography.hazmat.primitives.serialization.load_ssh _private_key`. * Added support for obtaining X.509 certificate signature algorithm parameters (including PSS) ==== python-service_identity ==== Version update (21.1.0 -> 23.1.0) - Update to 23.1.0 * Removed - All Python versions up to and including 3.7 have been dropped. - Support for commonName in certificates has been dropped. It has been deprecated since 2017 and isn't supported by any major browser. - The oldest supported pyOpenSSL version (when using the pyopenssl backend) is now 17.0.0. When using such an old pyOpenSSL version, you have to pin cryptography yourself to ensure compatibility between them. Please check out contraints/oldest-pyopenssl.txt to verify what we are testing against. * Deprecated - If you've used service_identity.(cryptography|pyopenssl).extract_ids(), please switch to the new names extract_patterns(). #56 * Added - service_identity.(cryptography|pyopenssl).extract_patterns() are now public APIs (FKA extract_ids()). You can use them to extract the patterns from a certificate without verifying anything. #55 - service-identity is now fully typed. #57 ==== rtkit ==== - rtkit-daemon: Don't log debug messages by default (bsc#1206745). Added patch(es): * rtkit-silent-debug-messages-by-default.patch ==== snapper ==== Version update (0.10.4 -> 0.10.5) Subpackages: libsnapper7 snapper-zypp-plugin - improved responsiveness of snapperd when a btrfs quota rescan is running (see bsc#1211459) - update qgroup in config info in snapperd when running setup-quota - improved waiting for btrfs quota rescan (see bsc #1211459) ==== strace ==== Version update (6.3 -> 6.4) - Update to strace 6.4 * Implemented decoding of IFLA_BRPORT_NEIGH_VLAN_SUPPRESS netlink attribute. * Implemented decoding of IP_PROTOCOL type control messages and socket option. * Updated lists of BPF_*, IP_*, KVM_*, MDBA_*, PACKET_*, PR_*, PTRACE_*, UFFD_*, and V4L2_PIX_FMT_* constants. * Updated lists of ioctl commands from Linux 6.4. * Turn --seccomp-bpf off when --syscall-limit option is specified. * Fixed --trace-fds filtering support of syscalls taking file descriptor arguments that do not normally have a path associated with them. ==== yast2-kdump ==== Version update (4.6.0 -> 4.6.1) - adapt for version kdump versions 1.9+ (bsc#1212646) - call mkdumprd directly, not through tu-rebuild-kdump-initrd - update initrd even in non-fadump case - remove KDUMP_COPY_KERNEL and KDUMPTOOL_FLAGS options - update default config values according to kdump defaults - unify config boolean variables to "true" or "false" - support the snappy, zstd and raw dump formats - 4.6.1 ==== zlib-ng-compat ==== - Add patch to fix boo#1212735: * 1526.patch