Packages changed: MicroOS-release (20240410 -> 20240414) btrfsmaintenance gcr (4.2.1 -> 4.3.0) gettext-runtime gnome-control-center gnome-online-accounts (3.50.0 -> 3.50.1) gnome-text-editor (46.0 -> 46.1) gobject-introspection gptfdisk (1.0.9 -> 1.0.10) grep gupnp jack kernel-source (6.8.4 -> 6.8.5) libcontainers-common (20240206 -> 20240408) liblouis libssh multipath-tools (0.9.8+87+suse.f72b9f3 -> 0.9.8+88+suse.d504d83) openSUSE-build-key openssh pam (1.6.0 -> 1.6.1) pam-config (2.11 -> 2.11+git.20240411) pam-full-src (1.6.0 -> 1.6.1) patterns-kde perl pipewire postfix schily texlive transactional-update (4.6.0 -> 4.6.5) update-alternatives (1.22.5 -> 1.22.6) vim (9.1.0151 -> 9.1.0301) xorg-x11-server xz === Details === ==== MicroOS-release ==== Version update (20240410 -> 20240414) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== btrfsmaintenance ==== - Use full URL for Source0 (.gz compressed as upstream does not ship .bz2 ones). ==== gcr ==== Version update (4.2.1 -> 4.3.0) Subpackages: gcr-ssh-agent gcr-ssh-askpass gcr-viewer libgck-2-2 libgcr-4-4 typelib-1_0-Gck-2 typelib-1_0-Gcr-4 - Update to version 4.3.0: + certificate: Add API to retrieve version. + Bump required GnuTLS version to 3.8.5. + Avoid potential integer overflow spotted by UBSan> + Support GnuTLS as an alternative crypto backend. + Updated translations. ==== gettext-runtime ==== Subpackages: libtextstyle0 - Add missing Requires: find to gettext-tools ==== gnome-control-center ==== Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces gnome-control-center-users - Add gnome-control-center-datetime-Avoid-emitting-the-time-changed-signal.patch: Avoid emitting the time-changed signal (bsc#1222149, bsc#1221799, glgo#GNOME/gnome-control-center#2943). ==== gnome-online-accounts ==== Version update (3.50.0 -> 3.50.1) Subpackages: libgoa-1_0-0 libgoa-backend-1_0-2 - Update to version 3.50.1: + Fix translation domain in account dialogs. + Fix OAuth 2.0 URI handler for some users. + Fix crash in Kerberos/Fedora provider. + Improved WebDAV support for Fastmail and mailbox.org. + Fixes for WebDAV discovery. + OAuth 2.0 PKCE support. + Fix issues caught by static analysis. + Update Microsoft Client ID. + Updated translations. ==== gnome-text-editor ==== Version update (46.0 -> 46.1) - Update to version 46.1: + Remove DBusActicatable=true from the .desktop file to fix an issue where you could spawn Text Editor via D-Bus and not have the session restored at startup. + AppData fixes. + Updated translations. - Drop data-desktop-disable-DBusActivatable.patch: fixed upstream. ==== gobject-introspection ==== Subpackages: girepository-1_0 libgirepository-1_0-1 - gi-find-deps.sh: further expand on the java script scanner. ==== gptfdisk ==== Version update (1.0.9 -> 1.0.10) - Update to release 1.0.10 * Fix failure & crash of sgdisk when compiled with latest popt * Fix NULL dereference when duplicating string argument * Allow partition dynamically allocated by --largest-new to be referenced by other options * Truncate decimal inputs (e.g. "9.5G" becomes "9G") * New partition type codes from the Discoverable Partitions Specification - Delete 0001-Fix-failure-crash-of-sgdisk-when-compiled-with-lates.patch gptfdisk-1.0.9-libuuid.patch, gptfdisk-fix-null-pointer-dereference.patch (merged) ==== grep ==== - restore texinfo macros for SLE15 ==== gupnp ==== - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== jack ==== - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== kernel-source ==== Version update (6.8.4 -> 6.8.5) - gcc-plugins/stackleak: Avoid .head.text section (git-fixes). - commit 542f698 - Linux 6.8.5 (bsc#1012628). - x86: set SPECTRE_BHI_ON as default (bsc#1012628). - KVM: x86: Add BHI_NO (bsc#1012628). - x86/bhi: Mitigate KVM by default (bsc#1012628). - x86/bhi: Add BHI mitigation knob (bsc#1012628 bsc#1217339 CVE-2024-2201). - Update config files (set SPECTRE_BHI_ON=y which is the default later). - x86/bhi: Enumerate Branch History Injection (BHI) bug (bsc#1012628). - x86/bhi: Define SPEC_CTRL_BHI_DIS_S (bsc#1012628). - x86/bhi: Add support for clearing branch history at syscall entry (bsc#1012628). - x86/syscall: Don't force use of indirect calls for system calls (bsc#1012628). - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (bsc#1012628). - x86/efistub: Remap kernel text read-only before dropping NX attribute (bsc#1012628). - x86/sev: Move early startup code into .head.text section (bsc#1012628). - x86/sme: Move early SME kernel encryption handling into .head.text (bsc#1012628). - x86/boot: Move mem_encrypt= parsing to the decompressor (bsc#1012628). - efi/libstub: Add generic support for parsing mem_encrypt= (bsc#1012628). - bpf: support deferring bpf_link dealloc to after RCU grace period (bsc#1012628). - bpf: put uprobe link's path and task in release callback (bsc#1012628). - Revert "x86/mpparse: Register APIC address only once" (bsc#1012628). - drm/xe: Rework rebinding (bsc#1012628). - drm/xe: Use ring ops TLB invalidation for rebinds (bsc#1012628). - drm/i915/gt: Enable only one CCS for compute workload (bsc#1012628). - drm/i915/gt: Do not generate the command streamer for all the CCS (bsc#1012628). - drm/i915/gt: Disable HW load balancing for CCS (bsc#1012628). - drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY < 13 (bsc#1012628). - drm/i915/mst: Reject FEC+MST on ICL (bsc#1012628). - drm/i915/mst: Limit MST+DSC to TGL+ (bsc#1012628). - smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1012628). - smb: client: fix potential UAF in smb2_is_network_name_deleted() (bsc#1012628). - smb: client: fix potential UAF in is_valid_oplock_break() (bsc#1012628). - smb: client: fix potential UAF in smb2_is_valid_lease_break() (bsc#1012628). - smb: client: fix potential UAF in smb2_is_valid_oplock_break() (bsc#1012628). - smb: client: fix potential UAF in cifs_dump_full_key() (bsc#1012628). - smb: client: fix potential UAF in cifs_stats_proc_show() (bsc#1012628). - smb: client: fix potential UAF in cifs_stats_proc_write() (bsc#1012628). - smb: client: fix potential UAF in cifs_debug_files_proc_show() (bsc#1012628). - smb3: retrying on failed server close (bsc#1012628). - smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex (bsc#1012628). - smb: client: handle DFS tcons in cifs_construct_tcon() (bsc#1012628). - smb: client: refresh referral without acquiring refpath_lock (bsc#1012628). - smb: client: guarantee refcounted children from parent session (bsc#1012628). - smb: client: fix UAF in smb2_reconnect_server() (bsc#1012628). - riscv: process: Fix kernel gp leakage (bsc#1012628). - riscv: Fix spurious errors from __get/put_kernel_nofault (bsc#1012628). - s390/entry: align system call table on 8 bytes (bsc#1012628). - selftests/mm: include strings.h for ffsl (bsc#1012628). - mm/secretmem: fix GUP-fast succeeding on secretmem folios (bsc#1012628). - arm64/ptrace: Use saved floating point state type to determine SVE layout (bsc#1012628). - riscv: Fix vector state restore in rt_sigreturn() (bsc#1012628). - aio: Fix null ptr deref in aio_complete() wakeup (bsc#1012628). - perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event (bsc#1012628). - x86/coco: Require seeding RNG with RDRAND on CoCo systems (bsc#1012628). - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (bsc#1012628). - x86/mm/pat: fix VM_PAT handling in COW mappings (bsc#1012628). - of: module: prevent NULL pointer dereference in vsnprintf() (bsc#1012628). - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals (bsc#1012628). - driver core: Introduce device_link_wait_removal() (bsc#1012628). - ASoC: SOF: Intel: hda: Compensate LLP in case it is not reset (bsc#1012628). - ASoC: SOF: ipc4-pcm: Correct the delay calculation (bsc#1012628). ... changelog too long, skipping 395 lines ... - commit f362b5c ==== libcontainers-common ==== Version update (20240206 -> 20240408) Subpackages: libcontainers-default-policy - Add patch to keep containers.conf modifications in sync with upstream (bsc#1213556) + 0001-containers.conf-SUSE-clear-cni-config-dir-for-ALP.patch - Fallback to podman's default capabilities and journal driver via containers.conf - New release 20240408 - bump bundled c/common to 0.58.0 - bump bundled c/image to 5.30.0 - bump bundled c/storage to 1.53.0 ==== liblouis ==== Subpackages: liblouis-data liblouis20 python3-louis - Run python tests in %check ==== libssh ==== Subpackages: libssh-config libssh4 - Don't change the path for crypto-policies libssh.config (bsc#1222716) ==== multipath-tools ==== Version update (0.9.8+87+suse.f72b9f3 -> 0.9.8+88+suse.d504d83) Subpackages: kpartx libmpath0 - Update to version 0.9.8+88+suse.d504d83: * Revert "libmultipath: fix max_sectors_kb on adding path" (bsc#1222458) ==== openSUSE-build-key ==== - SLM 6.0 key (ALP / SLF1) RSA 4096 bit key - gpg-pubkey-09d9ea69-645b99ce.asc - 2024 SUSE Linux Enterprise 15 SP6 RSA 4096 bit key - gpg-pubkey-3fa1d6ce-63c9481c.asc - SLM 6.0 key (ALP / SLF1) RSA 4096 bit reserve key - gpg-pubkey-73f03759-626bd414.asc - 2024 SUSE Linux Enterprise 15 SP6 RSA 4096 bit reserve key - gpg-pubkey-d588dc46-63c939db.asc - obsoleted a incorrectly used DSA1024 key (used in Slowroll). ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Fix duplicate loading of dropins. (boo#1222467) ==== pam ==== Version update (1.6.0 -> 1.6.1) - Update to version 1.6.1 - pam_env: fixed --disable-econf --enable-vendordir support. - pam_unix: do not warn if password aging is disabled. - pam_unix: try to set uid to 0 before unix_chkpwd invocation. - pam_unix: allow empty passwords with non-empty hashes. - Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. - Remove backports: - pam_env-fix_vendordir.patch - pam_env-fix-enable-vendordir-fallback.patch - pam_env-remove-escaped-newlines.patch - pam_unix-fix-password-aging-disabled.patch ==== pam-config ==== Version update (2.11 -> 2.11+git.20240411) - Update to version 2.11+git.20240411: * Configure Himmelblau correctly w/ other services present * Configure other services correctly w/ Himmelblau present * Himmelblau session is only optional ==== pam-full-src ==== Version update (1.6.0 -> 1.6.1) - Update to version 1.6.1 - pam_env: fixed --disable-econf --enable-vendordir support. - pam_unix: do not warn if password aging is disabled. - pam_unix: try to set uid to 0 before unix_chkpwd invocation. - pam_unix: allow empty passwords with non-empty hashes. - Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. - Remove backports: - pam_env-fix_vendordir.patch - pam_env-fix-enable-vendordir-fallback.patch - pam_env-remove-escaped-newlines.patch - pam_unix-fix-password-aging-disabled.patch ==== patterns-kde ==== Subpackages: patterns-kde-kde_plasma patterns-kde-kde_yast - xwaylandvideobridge has always been unversioned (boo#1222640) ==== perl ==== Subpackages: perl-base - Revert commit 7af2d2037375d58e700f9e1b217efb2c4db66133 as suggested by upstream perl * fixed locale being clobbered by perl [bsc#1220195] * new patch: perl-locale-backport.diff ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Move the jack spa plugin from the pipewire-spa-plugins-0_2 package to a new pipewire-spa-plugins-0_2-jack package. This allows to not Suggest the pipewire-libjack package from pipewire-spa-plugins-0_2 since that's only used to connect pipewire as a client to a jack server which is not common at all (boo#1222253). ==== postfix ==== - Move qshape(1) out of -doc, install it as a binary with the main package ==== schily ==== Subpackages: libcdrdeflt1_0 libdeflt1_0 libfile1_0 libfind4_0 librmt1_0 librscg1_0 libscg1_0 libscgcmd1_0 libschily2_0 mkisofs spax star - Update to release 2024.03.21 * mkisofs: produce less scrollback when logging progress to ttys. ==== texlive ==== - Add patch source-dvipdfm-x.dif * dvipdfmx: repeated inclusion of the same image did not share the image data, but had separate copies for each inclusion. ==== transactional-update ==== Version update (4.6.0 -> 4.6.5) Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit - Version 4.6.5 - Rework soft-reboot support introduced in 4.6.0: - On transactional systems with systemd 254 the system could hang with with a soft-reboot, as /var and /etc have to be mounted in /run/nextroot explicitly. As a soft-reboot can also be triggered by an admin the mounting of the corresponding mount points was moved to a systemd service to be independent of t-u itself. - Support for systemd 255 - Don't decrease reboot level on multiple commands - Various other bugfixes - soft-reboot support is disabled by default now to gather more feedback - libtukit: Fix kexec reboot method to boot kernel / initrd of next snapshot - tukit: Don't clone lock file handle on exec [boo#1222411] - t-u: Always use zypper of installed system [bsc#1221346] - t-u: Remove remaining telemetrics references - Add prepare-nextroot-for-softreboot service - Add (empty) %check section ==== update-alternatives ==== Version update (1.22.5 -> 1.22.6) - Update to version 1.22.6. The changelog for this version isn't very large, so it's provided in full: * dpkg-deb: Fix up compressor parameters for default legacy format. * Perl modules: - Dpkg::Vendor::Debian: Make it possible to disable qa=-bug-implicit-func. - Dpkg::Vendor::Debian: Unconditionally set qa bug-implicit-func. * Documentation: - man: Document dpkg versions supporting SOURCE_DATE_EPOCH for various tools. * Code internals: - libdpkg: Use array access instead of pointer arithmetic for meminfo parser. - libdpkg: Use a macro to define the zstd default compression level. * Build system: - Test with minimal library dependencies in CI. - Add gen-release script. * Packaging: - Fix typo in man page reference in changelog. * Test suite: - Refactor OpenPGP backend and commands list. - Refactor certfile and keyfile filenames for OpenPGP test. - Skip OpenPGP tests if the backend does not have a verify command. * Localization: - Fix typos in Swedish man pages translations. - Fix typos in Swedish man pages translations. - Update Dutch man pages translations. - Update Portuguese man pages translations. - Update German man pages translation. ==== vim ==== Version update (9.1.0151 -> 9.1.0301) Subpackages: vim-data vim-data-common vim-small xxd - update to 9.1.0301 * Vim9: heredoc start may be recognized in string * Missing test for what patch v9.1.0285 fixes * Vim9: return type not set for a lambda assigned to script var * add runtime/doc/tags-* to ignore files * Updated translation * Update documentation * Patch 9.1.0296 causes too many issues * Fix a few issues with gvim.nsi * regexp: engines do not handle case-folding well * filetype: pip config files are not recognized * Text height function does not respect it's argument * filetype: lxqt config files are not recognized * filetype: XDG mimeapps.list file is not recognized * filetype: libreoffice config files are not recognized * filetype: xilinx files are not recognized * filetype: some TeX files are not recognized * Vim9: comment may be treated as heredoc start * Vim9: E1027 with defcompile for abstract methods * Still problems with cursor position for CTRL-D/U * fix inaccuracies in pandoc compiler * make testclean is not able to delete failed screendumps * Update base-syntax, no curly-brace names in Vim9 script * Several small issues in doc and tests * Finding highlighting attributes is inefficient * Update cuda keywords, remove uncommonly used enumeration constants * several issues with 'smoothscroll' support * filetype: roc files are not recognized * filetype: zathurarc files not recognized * Cannot highlight the Command-line * No pandoc syntax support * filetype: R history files are not recognized * filetype: keymap files are not recognized * autocmd may change cwd after :tcd and :lcd * Update syntax generator, autocmd event list parsing * Normalise builtin-function optional parameter formatting * Correctly distribute libsodium with the installer * a few minor issues to fix * Test for TextChanged is still flaky with ASAN * Two tests in test_filechanged.vim are slow * File name entered in GUI dialog is ignored * fix :compiler leaving behind a g:makeprg variable * Remove more fallback :CompilerSet definitions from compiler plugins * filetype: earthfile files are not recognized * console dialog cannot save unnamed buffers * Fill in a few details regarding :enums * Remove fallback :CompilerSet definition from compiler plugins * libgpm may delete some signal handlers * Improve the matching of contextual keywords * Vim9: Problem with lambda blocks in enums and classes * Test for TextChanged is flaky with ASAN * Vim9: protected class and funcrefs accessible outside the class * Problems with "zb" and scrolling to new topline with 'smoothscroll' * filetype not detected when editing remote files * sort filetype.txt in the alphabetical order * Normal mode TextChanged isn't tested properly * half-page scrolling broke backward compatibility * Vim9: :call may not find imported class members * Finding autocmd events is inefficient * Vim9: no indication of script nr in stack trace of classes * [security]: Heap buffer overflow when calling complete_add() in 'cfu' * filetype: typespec files are not recognized * improve syntax highlighting for YAML * Vim9: segfault with static in super class * Filetype test fails * update syntax * filetype: ldscripts cannot be recognized * filetype: rock_manifest and config.ld files are not recognized * filetype: yarn lock files are not recognized * filetype: bundle config files are not recognized * filetype: fontconfig files are not recognized * filetype: zsh theme, history and zunit files are not recognized * filetype: bash history files are not recognized * filetype: netrw history file is not recognized * filetype: octave history files are not recognized * filetype: mysql history files are not recognized * filetype: some python tools config files are not recognized * filetype: gnuplot history files are not recognised * filetype: jupyterlab and sublime config are not recognized * filetype: mplstyle files are not recognized * filetype: texlua files are not recognized * filetype: supertux files are not recognized * filetype: support for Intel HEX files is lacking * Vim9: string() output of enum is problematic * Conceal test fails when rightleft feature is disabled * Filetype may be undetected when SwapExists sets ft in other buf * TextChanged autocommand not triggered under some circumstances * ensure compiler! sets global options * Distinguish Vim9 builtin object methods from namesake builtin functions * add support for Debian specific @includes * Error E877 is not translated * fix path of uganda.nsis.txt in german.nsi file * Two unrelated things are tested by a single test * Improve docs for empty(), len(), and string() on objects * Recording may still be wrong in Select mode * Not able to assign enum values to an enum static variable * test_matchparen not run in CI * cursor may move too many lines over "right" & "below" virt text * code duplication in loop to add active text properties ... changelog too long, skipping 119 lines ... * Coverity complains about ignoring return value ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - U_render-Avoid-possible-double-free-in-ProcRenderAddGl.patch * fixes regression for security fix for CVE-2024-31083 (bsc#1222312, boo#1222442, gitlab xserver issue #1659) ==== xz ==== Subpackages: liblzma5 - revert the switch to tar_scm which dropped the signature validation - switch back to tarballs because the upstream tarballs are not gone - reinstanciate keyring from Lasse - go back to the last release signed by Lasse (5.4.2) - revert multibuild, drop service and rpmlintrc - use real_ver for the Source, move everything else back to %version like before the hectic XZ downgrade - remove payload setting, we are using zstd now - Switch to using tar_scm for fetching the sources as the upstream tarballs on github are gone - introduce _multibuild to allow building the translations outside of Ring0 and everything else in Ring0 - add rpmlintrc to silence harmless warnings