Packages changed: Mesa (23.1.8 -> 23.2.0) Mesa-drivers (23.1.8 -> 23.2.0) SDL2 (2.28.3 -> 2.28.4) catatonit (0.1.7 -> 0.2.0) container-selinux (2.215.0 -> 2.222.0) crypto-policies (20230614.5f3458e -> 20230920.570ea89) dLeyna (0.8.2 -> 0.8.3) glib2 grub2 gtk4 (4.12.2 -> 4.12.3) kbd (2.6.2 -> 2.6.3) keylime (7.5.0 -> 7.6.0) libblockdev (3.0.2 -> 3.0.3) libdecor (0.1.1 -> 0.2.0) libsigc++2 (2.12.0 -> 2.12.1) libwebp mozjs115 (115.2.1 -> 115.3.1) qalculate (4.8.0 -> 4.8.1) qpdf (11.6.0 -> 11.6.1) qt6-base (6.5.2 -> 6.5.3) qt6-declarative (6.5.2 -> 6.5.3) qt6-imageformats (6.5.2 -> 6.5.3) qt6-translations (6.5.2 -> 6.5.3) qt6-wayland (6.5.2 -> 6.5.3) screen (4.9.0 -> 4.9.1) shadow systemd (254.3 -> 254.5) tracker-miners (3.6.0 -> 3.6.1) webkit2gtk3 (2.42.0 -> 2.42.1) webkit2gtk4 (2.42.0 -> 2.42.1) xdg-dbus-proxy (0.1.4 -> 0.1.5) yast2-trans (84.87.20230922.91d997adab -> 84.87.20230930.5f9e01162a) === Details === ==== Mesa ==== Version update (23.1.8 -> 23.2.0) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Update to Mesa 23.2.0-rc4 - -> https://lists.freedesktop.org/archives/mesa-announce/2023-September/000731.html - supersedes U_llvmpipe-only-include-old-Transform-includes-when-ne.patch - disabled u_fix-build-on-ppc64le.patch (no longer needed?) - adjusted n_drirc-disable-rgb10-for-chromium-on-amd.patch ==== Mesa-drivers ==== Version update (23.1.8 -> 23.2.0) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Update to Mesa 23.2.0-rc4 - -> https://lists.freedesktop.org/archives/mesa-announce/2023-September/000731.html - supersedes U_llvmpipe-only-include-old-Transform-includes-when-ne.patch - disabled u_fix-build-on-ppc64le.patch (no longer needed?) - adjusted n_drirc-disable-rgb10-for-chromium-on-amd.patch ==== SDL2 ==== Version update (2.28.3 -> 2.28.4) - Update to release 2.28.4 * Enable clipping for zero sized rectangles in the SDL renderer * Notify X11 clipboard managers when the clipboard changes * Fixed sensor timestamps for third-party PS5 controllers * Added detection for Logitech and Simagic racing wheels ==== catatonit ==== Version update (0.1.7 -> 0.2.0) - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Remove upstreamed patches: - 99bb9048f.patch ==== container-selinux ==== Version update (2.215.0 -> 2.222.0) - Update to version 2.222: * Allow containers to read/write inherited dri devices - Update to version 2.221: * Allow containers to shutdown sockets inherited from container runtimes * Allow spc_t to use execmod libraries on container file systems * Add boolean to allow containers to read all cert files * More MLS Policy allow rules * Allow container runtimes using pasta bind icmp_socket to port_t * Fix spc_t transitions from container_runtime_domain ==== crypto-policies ==== Version update (20230614.5f3458e -> 20230920.570ea89) Subpackages: crypto-policies-scripts - nss: Skip the NSS policy check if the mozilla-nss-tools package is not installed. This avoids adding more dependencies in ring0. * Add crypto-policies-nss.patch [bsc#1211301] - Update to version 20230920.570ea89: * fips-mode-setup: more thorough --disable, still unsupported * FIPS:OSPP: tighten beyond reason for OSPP 4.3 * krb5: sort enctypes mac-first, cipher-second, prioritize SHA-2 ones * openssl: implement relaxing EMS in FIPS (NO-ENFORCE-EMS) * gnutls: prepare for tls-session-hash option coming * nss: prepare for TLS-REQUIRE-EMS option coming * NO-ENFORCE-EMS: add subpolicy * FIPS: set __ems = ENFORCE * cryptopolicies: add enums and __ems tri-state * docs: replace `FIPS 140-2` with just `FIPS 140` * .gitlab-ci: remove forcing OPENSSH_MIN_RSA_SIZE * cryptopolicies: add comments on dunder options * nss: retire NSS_OLD and replace with NSS_LAX 3.80 check * BSI: start a BSI TR 02102 policy [jsc#PED-4933] * Rebase patches: - crypto-policies-policygenerators.patch - crypto-policies-revert-rh-allow-sha1-signatures.patch - crypto-policies-FIPS.patch - Conditionally recommend the crypto-policies-scripts package when python is not installed in the system [bsc#1215201] ==== dLeyna ==== Version update (0.8.2 -> 0.8.3) - Update to version 0.8.3: + Build: Fix compatibility with Meson 1.2 + Renderer: Fix locale initialization + Server: - Fix locate initialization - Fix uninitialized variable warning - Properly handle optional actions - Fix browse not working properly - Drop 61d24fdc.patch: Fixed upstream. - Change compression of tarball in service and spec to zst from xz. ==== glib2 ==== Subpackages: glib2-lang glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0 - Fix NetworkManager crashing repeatedly with glib 2.78.0; (bsc#1215709); Add patch 0005-gthreadedresolver-Fix-race.patch ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi - Only build with fde-tpm-helper-rpm-macros for the architectures supporting the newer UEFI and TPM 2.0. * Also correct the location of %fde_tpm_update_requires - Fix a boot delay regression in PowerPC PXE boot (bsc#1201300) * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch - Add the new BuildRequires for EFI builds for the better FDE support: fde-tpm-helper-rpm-macros + Also add the the macros to %post and %posttrans - Correct the type of allocated EFI pages for ARM64 kernel (bsc#1215151) * arm64-Use-proper-memory-type-for-kernel-allocation.patch ==== gtk4 ==== Version update (4.12.2 -> 4.12.3) Subpackages: gtk4-lang gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.12.3: + GtkWindow: Don't assume titlebars are GtkHeaderBar + GtkTreeView: Fix a crash in gtk_tree_view_is_blank_at_pos + printing: Fix some issues with the portal implementation + GSK: - Some optimizations in the GL renderer - Fix memory leaks in the Broadway renderer + demos: Fix a crash in gtk4-demo + Updated translations. ==== kbd ==== Version update (2.6.2 -> 2.6.3) Subpackages: kbd-legacy - Update to version 2.6.3: - libkfont: * Don't look for fonts in the current directory. - showkey: * Add parameter to allow to change timeout. - po: * Update po files. ==== keylime ==== Version update (7.5.0 -> 7.6.0) Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python311-keylime - Update to version v7.6.0: * Monthly release (7.6.0) * test-requirements: remove types-atomicwrites * Fixed an inappropriate test expression to remove a logical short circuit * remove prov_db_filename from config * Fix for key parse error in tpm2_objects * Fix mapping.json path in the comments * ima: Emit a warning when a file signature could not be parsed * Initial PR to add support for IDevID and IAK * Implement automatic agent API version bump * tests: avoid fail when epel-release is installed - M2Crypto is not used anymore. - Clean up SPEC file. ==== libblockdev ==== Version update (3.0.2 -> 3.0.3) Subpackages: libbd_btrfs3 libbd_crypto3 libbd_fs3 libbd_loop3 libbd_lvm3 libbd_mdraid3 libbd_nvme3 libbd_part3 libbd_swap3 libbd_utils3 libblockdev3 - Update to version 3.0.3: * Always use "--fs ignore" with lvresize * nvme: - Use interim buffer for nvme_get_log_sanitize() - Generate HostID when missing * tests: - Specificy required versions when importing GLib and BlockDev introspection - Minor NVMe HostNQN fixes - Replace deprecated unittest assert calls * fs: - Fix leaking directories with temporary mounts - Fix memory leak * crypto: Correctly convert passphrases from Python to C ==== libdecor ==== Version update (0.1.1 -> 0.2.0) Subpackages: libdecor-0-0 - Update to version 0.2.0: * Various bug and leak fixes. * New gtk plugin. - Update URL and source to new home. - Add pkgconfig(gtk-3.0) BuildRequires, new dependency. - Use ldconfig_scriptlets macro for post(un) handling. ==== libsigc++2 ==== Version update (2.12.0 -> 2.12.1) - Update to version 2.12.1: + Documentation: - slot, signal: Describe the slot syntax more - connection: Improve the class documentation - Improve Visual Studio build documentation - Remove AUTHORS and add general information to README.md + Build: - Meson: . Don't copy files with configure_file() . Fix the evaluation of is_git_build on Windows - Visual Studio: Support static builds - Use ldconfig_scriptlets macro for post(un) handling. - Update URL to new home. ==== libwebp ==== Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3 - Add 0001-Fix-invalid-incremental-decoding-check.patch A fuzzing finding fixed in the SLE/Leap updates ==== mozjs115 ==== Version update (115.2.1 -> 115.3.1) - Update to version 115.3.1: + Security fix: CVE-2023-5217: Heap buffer overflow in libvpx. - Changes from version 115.3.0: + Various security fixes and other quality improvements. + CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1 + CVE-2023-5169: Out-of-bounds write in PathOps + CVE-2023-5171: Use-after-free in Ion Compiler + CVE-2023-5174: Double-free in process spawning on Windows + CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 ==== qalculate ==== Version update (4.8.0 -> 4.8.1) Subpackages: libqalculate22 qalculate-data - version update to 4.8.1 * Fix besselj() and bessely() * Fix display of matrices and vectors with complex number form other than rectangular (default) * Fix conflict between decibel units (e.g. "0dB") and duodecimal 0d… syntax (now requires at least two digits) * Fixes for title options in plot() function * Add additional buttons and button menus to general keypad (Qt) * Add option to show all functions, units, and variables in tool button menus (Qt) * Add recently used objects to functions, units, and variables menus (Qt) * Add option to bypass dialog for functions in menu (Qt) * Add option, in context menu, to display text for tool buttons (Qt) * Open functions, units, and variables tool button menus using long-press or right-click (in addition to arrow button), and add keyboard shortcuts (Qt) * Use keypad tool button menu as context menu and show keypad type in title bar of keypad (Qt) * Auto-update number bases above programming keypad when entering simple integers, even if calculate-as-you-type is deactivated (GTK) ==== qpdf ==== Version update (11.6.0 -> 11.6.1) - version update to 11.6.1 * Bug fixes: - Fix a logic error introduced in 11.6.0 in the fix to copyForeignObject. The bug could result in some pages not being copied. ==== qt6-base ==== Version update (6.5.2 -> 6.5.3) Subpackages: libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6Sql6 libQt6Test6 libQt6Widgets6 qt6-network-tls qt6-platformtheme-gtk3 - Update to 6.5.3 * https://www.qt.io/blog/qt-6.5.3-released - Drop patch, merged upstream: * CVE-2023-38197-qtbase-6.5.diff - Enable the experimental native painting feature to improve remote desktop performances (boo#1214915) exporting QT_XCB_NATIVE_PAINTING is required to use the feature. ==== qt6-declarative ==== Version update (6.5.2 -> 6.5.3) Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlModels6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 qt6-declarative-imports - Update to 6.5.3 * https://www.qt.io/blog/qt-6.5.3-released ==== qt6-imageformats ==== Version update (6.5.2 -> 6.5.3) - Update to 6.5.3 * https://www.qt.io/blog/qt-6.5.3-released ==== qt6-translations ==== Version update (6.5.2 -> 6.5.3) - Update to 6.5.3 * https://www.qt.io/blog/qt-6.5.3-released ==== qt6-wayland ==== Version update (6.5.2 -> 6.5.3) Subpackages: libQt6WaylandClient6 libQt6WaylandCompositor6 libQt6WaylandEglClientHwIntegration6 libQt6WaylandEglCompositorHwIntegration6 libQt6WlShellIntegration6 - Update to 6.5.3 * https://www.qt.io/blog/qt-6.5.3-released ==== screen ==== Version update (4.9.0 -> 4.9.1) - update to 4.9.1 (bsc#1210272, CVE-2023-24626): * Support stop/parity bits on serial port * Add needed system headers in checks and return values for implicit function declarations * Avoid zombies after shell exit * Missed signal sending permission check on failed query messages (CVE-2023-24626) * manpage fixes * source code fixes during cleanup * UTF-8 encoding can emit invalid UTF-8 sequences * for out of range unicode values ==== shadow ==== Subpackages: libsubid4 login_defs - Add shadow-4.14.0-selinux-labels.patch: Set proper SELinux labels for new homedirs. See gh/shadow-maint/shadow#812. ==== systemd ==== Version update (254.3 -> 254.5) Subpackages: libsystemd0 libudev1 systemd-coredump systemd-doc systemd-lang udev - Import commit 9674bb256205e6c643feadbcccfd1ee8feeee684 (merge of v254.5) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/6ed5b11298005e07509832881a0c5ff1a80bf225...9674bb256205e6c643feadbcccfd1ee8feeee684 - Make sure to call %sysusers_create only when transfiletrigger is disabled. - systemd.spec: switch to %ldconfig_scriptlets - systemd.spec: add `%tmpfiles_create systemd-resolve` It's only needed by SLE distros since systemd packages rely on transtriggerfiles in Factory. - Import commit 6ed5b11298005e07509832881a0c5ff1a80bf225 (merge of v254.4) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/b6b4e5a8a82d1f13f265a4ef170f2d13be82789a...6ed5b11298005e07509832881a0c5ff1a80bf225 ==== tracker-miners ==== Version update (3.6.0 -> 3.6.1) Subpackages: tracker-miner-files tracker-miners-lang - Update to version 3.6.1: + Avoid the special thread in tracker-extract-3, and extend the seccomp jail to the full process. + Updated translations. - Add a tracker_basever define, and set it to 3.6. We have a hard Requires on what tracker version is needed and it is currently set at the same or newer version, change this to tracker_basever (tracker-miners have never been at a higher patch version before). ==== webkit2gtk3 ==== Version update (2.42.0 -> 2.42.1) Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.42.1: + Fix enable-html5-database setting to properly enable/disable IndexedDB API. + Fix the build with GBM disabled. + Fix several crashes and rendering issues. - switch to pkgconfig(icu-i18n) instead of libicu-devel, to allow switching to a different libicu*-devel (jsc#PED-6193) ==== webkit2gtk4 ==== Version update (2.42.0 -> 2.42.1) Subpackages: WebKitGTK-6.0-lang libjavascriptcoregtk6_0-1 libwebkitgtk6_0-4 webkitgtk-6_0-injected-bundles - Update to version 2.42.1: + Fix enable-html5-database setting to properly enable/disable IndexedDB API. + Fix the build with GBM disabled. + Fix several crashes and rendering issues. - switch to pkgconfig(icu-i18n) instead of libicu-devel, to allow switching to a different libicu*-devel (jsc#PED-6193) ==== xdg-dbus-proxy ==== Version update (0.1.4 -> 0.1.5) - Update to version 0.1.5: + Fix handling of object paths > 255 bytes + Print better errors when message parsing fails + Optionally install tests for "as-installed" testing ==== yast2-trans ==== Version update (84.87.20230922.91d997adab -> 84.87.20230930.5f9e01162a) Subpackages: yast2-trans-cs yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-fr yast2-trans-hu yast2-trans-it yast2-trans-ja yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ru yast2-trans-zh_CN yast2-trans-zh_TW - Update to version 84.87.20230930.5f9e01162a: * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * New POT for text domain 'storage'.