Packages changed:
emacs
ffmpeg-4
gnome-online-accounts (3.50.4 -> 3.50.5)
gnome-remote-desktop (46.4 -> 46.5)
gnome-shell (46.4 -> 46.5)
gnome-software (46.4 -> 46.5)
groff
groff-full
gtk4 (4.16.0 -> 4.16.1)
gvfs (1.54.2 -> 1.54.3)
kernel-firmware (20240912 -> 20240913)
kexec-tools
kwallet
libadwaita (1.5.3 -> 1.5.4)
libcbor
librsvg (2.58.3 -> 2.58.4)
mc (4.8.31 -> 4.8.32)
mutter (46.4 -> 46.5)
openSUSE-release (20240916 -> 20240918)
ovmf
pam
pam-config (2.11+git.20240906 -> 2.11+git.20240911)
pam-full-src
polari (46.0 -> 46.0+18)
poppler
poppler-qt6
python-cryptography
python-ldap
python-numpy (2.0.0 -> 2.1.1)
python311 (3.11.9 -> 3.11.10)
python311-core (3.11.9 -> 3.11.10)
rpm-config-SUSE
shim
transactional-update (4.8.1 -> 4.8.2)
wayland (1.23.0 -> 1.23.1)
=== Details ===
==== emacs ====
Subpackages: emacs-el emacs-eln emacs-info emacs-nox etags
- Add patch emacs-gcc14.patch to make flymake-tests work even with
gcc14 (backport from upstream master)
==== ffmpeg-4 ====
Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9
- Add ffmpeg-4-CVE-2024-7055.patch:
Backporting 3faadbe2 from upstream, Use 64bit for input size check,
Fixes: out of array read, Fixes: poc3.
(CVE-2024-7055, bsc#1229026)
==== gnome-online-accounts ====
Version update (3.50.4 -> 3.50.5)
Subpackages: libgoa-1_0-0 libgoa-backend-1_0-2
- Update to version 3.50.5:
+ goaimapsmtpprovider: quick fix for yahoo auto-detect
+ Updated translations.
==== gnome-remote-desktop ====
Version update (46.4 -> 46.5)
- Update to version 46.5:
+ Updated translations.
==== gnome-shell ====
Version update (46.4 -> 46.5)
Subpackages: gnome-extensions gnome-shell-calendar
- Update to version 46.5:
+ Fix smartcard logins
+ Fix glitch when quick settings menu animation is interrupted
+ Fix new wifi connections for restricted users
+ Do not disable required animations
+ Fix showing pending PAM messages on login screen
+ Plugged leak
+ Misc. bug fixes and cleanups
+ Updated translations.
- Drop gnome-shell-private-connection.patch: Should not be needed
anymore after changes upstream.
==== gnome-software ====
Version update (46.4 -> 46.5)
Subpackages: gnome-software-plugin-packagekit
- Update to version 46.5:
+ Reduce power usage when the main window is closed.
+ Updated translations.
==== groff ====
- Add groff-restore-hyphen-minus.patch (bsc#1226153)
==== groff-full ====
Subpackages: gxditview
- Add groff-restore-hyphen-minus.patch (bsc#1226153)
==== gtk4 ====
Version update (4.16.0 -> 4.16.1)
Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0
- Update to version 4.16.1:
+ GtkFileChooser: Plug a memory leak
+ GtkCalendar: Avoid ending up with invalid dates
+ Printing: Fix initial printer selection in the print dialog
+ Gsk:
- Fix shadows for opaque textures
- Fix a crash in a corner case
+ Css: Make relative paths work again in theme files
+ Accessibility: Fix detection of the Flatpak portal
+ Updated translations.
==== gvfs ====
Version update (1.54.2 -> 1.54.3)
Subpackages: gvfs-backend-afc gvfs-backend-goa gvfs-backend-samba gvfs-backends gvfs-fuse
- Update to version 1.54.3:
+ onedrive:
- Set name of drive root
- Handle multiple drives with same IDs
- Guess mime type locally if not set by the server
+ Updated translations.
==== kernel-firmware ====
Version update (20240912 -> 20240913)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network
- Update to version 20240913 (git commit bcbdd1670bc3):
* amdgpu: update DMCUB to v0.0.233.0 DCN351
* copy-firmware: Handle links to uncompressed files
* WHENCE: Fix battmgr.jsn entry type
- Drop obsoleted workaround patch:
copy-firmware-fix-symlink-without-compress.patch
- Temporary revert for ath12k firmware (bsc#1230596)
==== kexec-tools ====
- To create rckexec-reload, the service binary is required at
build time. This binary is provided by aaa_base. Make sure this
package is available during build.
==== kwallet ====
- Use the %lang_package macro for kwallet-tools-lang (boo#1230570)
==== libadwaita ====
Version update (1.5.3 -> 1.5.4)
Subpackages: libadwaita-1-0 typelib-1_0-Adw-1
- Update to version 1.5.4:
+ AdwAboutDialog/Window: Support non-deprecated GPL-2/3.0-only
SPDX IDs
+ AdwHeaderBar: Fix back button menu picking up phantom pages in
some situations
+ AdwTabBar/Overview: Fix 2 crashes with drag-n-drop
+ Stylesheet: Fix scroll undershoot in dropdowns and emoji picker
+ Updated translations.
==== libcbor ====
- The doc fails to build with an assert in sphinx in 15sp6 also.
==== librsvg ====
Version update (2.58.3 -> 2.58.4)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0
- Update to version 2.58.4:
+ Fix regression when using an SVG inside a feImage element.
==== mc ====
Version update (4.8.31 -> 4.8.32)
Subpackages: mc-lang
- Update to 4.8.32:
- Core
- Tell the current directory to the terminal using OSC 7 sequence (so it can open new tabs there) (#3088)
- Preserve ext2fs attributes on copy/move operations (#4532)
- Change name of temporary directory: make it unique for each run (#4535)
- Hide password in file operation progress dialog (#4541)
- Support reget in file move operation (#4563)
- Implement nanosecond precision timestamps on non-Linux (macOS, BSD, AIX, Solaris) (#4563)
- Remove remaining mmap code to simplify maintenance (#3960)
- VFS
- extfs: support unrar-7 (#4518)
- Editor
- Improve syntax highlighting:
- C and C++ (MidnightCommander?/mc#195, #4556)
- Viewer
- Diff viewer
- Add man page mcdiff.1 (#4224)
- Misc
- Code cleanup (#4524)
- New skins
- xoria256-thin, xoria256root-thin (#4530)
- modarcon16-defbg-thin, modarcon16-thin, modarcon16root-defbg-thin, modarcon16root-thin (#4530)
- modarin256-defbg-thin, modarin256-thin, modarin256root-defbg-thin, modarin256root-thin (#4530)
- julia256root (#4536)
- mc.ext.ini: clarify escaping of spaces and parenthesis (#4502)
- Fixes
- External editor does not work with arguments in $EDITOR (#4533)
- fish shell: strings " cd (printf '%b' ... " in history (#4521)
- Redundant back slashes for autocomplete (#4292)
- subshell: call execl with argv[0] that is not an actual path to Bash (#4549)
- mcedit: php.syntax: comment highlight from start of light only (#4519)
- mcedit: wrong replacement using regular expressions with begin or end of line (#4525, #4526)
- mcedit: losing column position when navigating up/down (MidnightCommander?/mc#194)
- mcedit: macro deletes text (#4540)
- mcedit: macros are applied to the pasted text (#4562)
- extfs: iso9660: xorriso is slow to open an ISO image (#3570, #4567)
- extfs: u7z: wrong add of nested directories to archive (#4559)
- extfs: segfault on enter to deleted archive (#4560)
- tar: segfault on copy files from archive (#4561)
- man: typo (#4550)
- Remove mc-extfs-iso9660-xorriso.patch patch which doesn't apply anymore.
- Other patches reapplied.
==== mutter ====
Version update (46.4 -> 46.5)
- Update to version 45.5:
+ Fix drag and drop between X11 and wayland clients
+ Fix drag and drop from grabbing popups
+ Fix EGLDevice support
+ Fix frozen cursor on some hybrid machines
+ Fix touch window dragging with pointer lock enabled
+ Fix propagating tablet device removals to clients
+ Fix tablet input in maximized windows
+ Reduce damage on window movement
+ Fix frozen cursor after suspend
+ Fix using modifiers on multi-GPU setups
+ Fixed crashes
+ Misc. bug fixes and cleanups
+ Updated translations.
==== openSUSE-release ====
Version update (20240916 -> 20240918)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== ovmf ====
Subpackages: qemu-uefi-aarch64
- Add ovmf-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in
(bsc#1230587)
==== pam ====
- baselibs.conf: add pam-userdb
- pam_limits-systemd.patch: update to final PR
- Add systemd-logind support to pam_limits (pam_limits-systemd.patch)
- Remove /usr/etc/pam.d, everything should be migrated
- Remove pam_limits from default common-sessions* files. pam_limits
is now part of pam-extra and not in our default generated config.
- pam_issue-systemd.patch: only count class user sessions
==== pam-config ====
Version update (2.11+git.20240906 -> 2.11+git.20240911)
- Add PreRequires for pam-extra, several other packages depend on
that pam_limits is installed and enabled by default
- Update to version 2.11+git.20240911:
* Only add pam_limits if available
==== pam-full-src ====
- baselibs.conf: add pam-userdb
- pam_limits-systemd.patch: update to final PR
- Add systemd-logind support to pam_limits (pam_limits-systemd.patch)
- Remove /usr/etc/pam.d, everything should be migrated
- Remove pam_limits from default common-sessions* files. pam_limits
is now part of pam-extra and not in our default generated config.
- pam_issue-systemd.patch: only count class user sessions
==== polari ====
Version update (46.0 -> 46.0+18)
- Update to version 46.0+18:
+ joinDialog: Fix closing the dialog.
+ Updated translations.
==== poppler ====
Subpackages: libpoppler-cpp1 libpoppler-glib8 libpoppler139 poppler-tools
- Poppler can load ghostscript fonts (n022003l.pfb and the like)
so the package now recommends the ghostscript-fonts-std package
(boo#1230636).
==== poppler-qt6 ====
- Poppler can load ghostscript fonts (n022003l.pfb and the like)
so the package now recommends the ghostscript-fonts-std package
(boo#1230636).
==== python-cryptography ====
- Fix building on SLE based distributions
==== python-ldap ====
- Enable sle15_python_module_pythons (boo#1229549)
==== python-numpy ====
Version update (2.0.0 -> 2.1.1)
- Update to 2.1.1
* #27259: BUG: revert unintended change in the return value of
set_printoptions
* #27266: BUG: fix reference counting bug in __array_interface__
implementation...
* #27267: TST: Add regression test for missing descr in
array-interface
* #27276: BUG: Fix #27256 and #27257
* #27278: BUG: Fix array_equal for numeric and non-numeric scalar
types
* #27304: BUG: f2py: better handle filtering of public/private
subroutines
- Update to 2.1.0
* Support for Python 3.13.
* Preliminary support for free threaded Python 3.13.
* Support for the array-api 2023.12 standard.
[#]# New functions
* A new function np.unstack(array, axis=...) was added, which
splits an array into a tuple of arrays along an axis. It serves
as the inverse of numpy.stack. (gh-26579)
[#]# Deprecations
* The fix_imports keyword argument in numpy.save is deprecated.
Since NumPy 1.17, numpy.save uses a pickle protocol that no
longer supports Python 2, and ignored fix_imports keyword. This
keyword is kept only for backward compatibility. It is now
deprecated. (gh-26452)
* Passing non-integer inputs as the first argument of bincount is
now deprecated, because such inputs are silently cast to
integers with no warning about loss of precision. (gh-27076)
[#]# Expired deprecations
* Scalars and 0D arrays are disallowed for numpy.nonzero and
numpy.ndarray.nonzero. (gh-26268)
* set_string_function internal function was removed and
PyArray_SetStringFunction was stubbed out. (gh-26611)
[#]# C API changes
* API symbols now hidden but customizable
* Many shims removed from npy_3kcompat.h
* New PyUFuncObject field process_core_dims_func
[#]# New Features
* Preliminary Support for Free-Threaded CPython 3.13
* f2py can generate freethreading-compatible C extensions
[#]# Improvements
* histogram auto-binning now returns bin sizes >=1 for integer
input data
* ndarray shape-type parameter is now covariant and bound to
tuple[int, ...]
* np.quantile with method closest_observation chooses nearest
even order statistic
* lapack_lite is now thread safe
* The numpy.printoptions context manager is now thread and
async-safe
* Type hinting numpy.polynomial
* Improved numpy.dtypes type hints
[#]# Performance improvements and changes
* ma.cov and ma.corrcoef are now significantly faster
[#]# Changes
* ma.corrcoef may return a slightly different result
* Cast-safety fixes in copyto and full
- Release 2.0.1
[#]# Improvements
* np.quantile with method closest_observation chooses nearest
even order statistic
==== python311 ====
Version update (3.11.9 -> 3.11.10)
Subpackages: python311-curses python311-dbm
- Update to 3.11.10:
- Security
- gh-123678: Upgrade libexpat to 2.6.3
- gh-121957: Fixed missing audit events around interactive
use of Python, now also properly firing for ``python -i``,
as well as for ``python -m asyncio``. The event in question
is ``cpython.run_stdin``.
- gh-122133: Authenticate the socket connection for the
``socket.socketpair()`` fallback on platforms where
``AF_UNIX`` is not available like Windows. Patch by
Gregory P. Smith <greg@krypto.org> and Seth Larson
<seth@python.org>. Reported by Ellie <el@horse64.org>
- gh-121285: Remove backtracking from tarfile header parsing
for ``hdrcharset``, PAX, and GNU sparse headers
(bsc#1230227, CVE-2024-6232).
- gh-118486: :func:`os.mkdir` on Windows now accepts
* mode* of ``0o700`` to restrict the new directory to
the current user. This fixes CVE-2024-4030 affecting
:func:`tempfile.mkdtemp` in scenarios where the base
temporary directory is more permissive than the default.
- gh-116741: Update bundled libexpat to 2.6.2
- Library
- gh-123270: Applied a more surgical fix for malformed
payloads in :class:`zipfile.Path` causing infinite loops
(gh-122905) without breaking contents using legitimate
characters (bsc#1229704, CVE-2024-8088).
- gh-123067: Fix quadratic complexity in parsing ``"``-quoted
cookie values with backslashes by :mod:`http.cookies`
(bsc#1229596, CVE-2024-7592).
- gh-122905: :class:`zipfile.Path` objects now sanitize names
from the zipfile.
- gh-121650: :mod:`email` headers with embedded newlines are
now quoted on output. The :mod:`~email.generator` will now
refuse to serialize (write) headers that are unsafely folded
or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`.
(Contributed by Bas Bloemsaat and Petr Viktorin in
:gh:`121650`; CVE-2024-6923, bsc#1228780).
- gh-119506: Fix :meth:`!io.TextIOWrapper.write` method
breaks internal buffer when the method is called again
during flushing internal buffer.
- gh-118643: Fix an AttributeError in the :mod:`email` module
when re-fold a long address list. Also fix more cases of
incorrect encoding of the address separator in the address
list.
- gh-113171: Fixed various false positives and false
negatives in * :attr:`ipaddress.IPv4Address.is_private`
(see these docs for details) *
:attr:`ipaddress.IPv4Address.is_global` *
:attr:`ipaddress.IPv6Address.is_private` *
:attr:`ipaddress.IPv6Address.is_global` Also in the
corresponding :class:`ipaddress.IPv4Network` and
:class:`ipaddress.IPv6Network` attributes.
Fixes bsc#1226448 (CVE-2024-4032).
- gh-102988: :func:`email.utils.getaddresses` and
:func:`email.utils.parseaddr` now return ``('', '')``
2-tuples in more situations where invalid email addresses
are encountered instead of potentially inaccurate
values. Add optional *strict* parameter to these two
functions: use ``strict=False`` to get the old behavior,
accept malformed inputs. ``getattr(email.utils,
'supports_strict_parsing', False)`` can be use to check if
the *strict* paramater is available. Patch by Thomas Dwyer
and Victor Stinner to improve the CVE-2023-27043 fix
(bsc#1210638).
- gh-67693: Fix :func:`urllib.parse.urlunparse` and
:func:`urllib.parse.urlunsplit` for URIs with path starting
with multiple slashes and no authority. Based on patch by
Ashwin Ramaswami.
- Core and Builtins
- gh-112275: A deadlock involving ``pystate.c``'s
``HEAD_LOCK`` in ``posixmodule.c`` at fork is now
fixed. Patch by ChuBoning based on previous Python 3.12 fix
by Victor Stinner.
- gh-109120: Added handle of incorrect star expressions, e.g
``f(3, *)``. Patch by Grigoryev Semyon
- Removed upstreamed patches:
- CVE-2023-27043-email-parsing-errors.patch
- CVE-2024-4032-private-IP-addrs.patch
- CVE-2024-6923-email-hdr-inject.patch
- CVE-2024-8088-inf-loop-zipfile_Path.patch
- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid
failing test_sendfile_close_peer_in_the_middle_of_receiving
tests on Linux >= 6.10 (GH-120227).
==== python311-core ====
Version update (3.11.9 -> 3.11.10)
Subpackages: libpython3_11-1_0 python311-base
- Update to 3.11.10:
- Security
- gh-123678: Upgrade libexpat to 2.6.3
- gh-121957: Fixed missing audit events around interactive
use of Python, now also properly firing for ``python -i``,
as well as for ``python -m asyncio``. The event in question
is ``cpython.run_stdin``.
- gh-122133: Authenticate the socket connection for the
``socket.socketpair()`` fallback on platforms where
``AF_UNIX`` is not available like Windows. Patch by
Gregory P. Smith <greg@krypto.org> and Seth Larson
<seth@python.org>. Reported by Ellie <el@horse64.org>
- gh-121285: Remove backtracking from tarfile header parsing
for ``hdrcharset``, PAX, and GNU sparse headers
(bsc#1230227, CVE-2024-6232).
- gh-118486: :func:`os.mkdir` on Windows now accepts
* mode* of ``0o700`` to restrict the new directory to
the current user. This fixes CVE-2024-4030 affecting
:func:`tempfile.mkdtemp` in scenarios where the base
temporary directory is more permissive than the default.
- gh-116741: Update bundled libexpat to 2.6.2
- Library
- gh-123270: Applied a more surgical fix for malformed
payloads in :class:`zipfile.Path` causing infinite loops
(gh-122905) without breaking contents using legitimate
characters (bsc#1229704, CVE-2024-8088).
- gh-123067: Fix quadratic complexity in parsing ``"``-quoted
cookie values with backslashes by :mod:`http.cookies`
(bsc#1229596, CVE-2024-7592).
- gh-122905: :class:`zipfile.Path` objects now sanitize names
from the zipfile.
- gh-121650: :mod:`email` headers with embedded newlines are
now quoted on output. The :mod:`~email.generator` will now
refuse to serialize (write) headers that are unsafely folded
or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`.
(Contributed by Bas Bloemsaat and Petr Viktorin in
:gh:`121650`; CVE-2024-6923, bsc#1228780).
- gh-119506: Fix :meth:`!io.TextIOWrapper.write` method
breaks internal buffer when the method is called again
during flushing internal buffer.
- gh-118643: Fix an AttributeError in the :mod:`email` module
when re-fold a long address list. Also fix more cases of
incorrect encoding of the address separator in the address
list.
- gh-113171: Fixed various false positives and false
negatives in * :attr:`ipaddress.IPv4Address.is_private`
(see these docs for details) *
:attr:`ipaddress.IPv4Address.is_global` *
:attr:`ipaddress.IPv6Address.is_private` *
:attr:`ipaddress.IPv6Address.is_global` Also in the
corresponding :class:`ipaddress.IPv4Network` and
:class:`ipaddress.IPv6Network` attributes.
Fixes bsc#1226448 (CVE-2024-4032).
- gh-102988: :func:`email.utils.getaddresses` and
:func:`email.utils.parseaddr` now return ``('', '')``
2-tuples in more situations where invalid email addresses
are encountered instead of potentially inaccurate
values. Add optional *strict* parameter to these two
functions: use ``strict=False`` to get the old behavior,
accept malformed inputs. ``getattr(email.utils,
'supports_strict_parsing', False)`` can be use to check if
the *strict* paramater is available. Patch by Thomas Dwyer
and Victor Stinner to improve the CVE-2023-27043 fix
(bsc#1210638).
- gh-67693: Fix :func:`urllib.parse.urlunparse` and
:func:`urllib.parse.urlunsplit` for URIs with path starting
with multiple slashes and no authority. Based on patch by
Ashwin Ramaswami.
- Core and Builtins
- gh-112275: A deadlock involving ``pystate.c``'s
``HEAD_LOCK`` in ``posixmodule.c`` at fork is now
fixed. Patch by ChuBoning based on previous Python 3.12 fix
by Victor Stinner.
- gh-109120: Added handle of incorrect star expressions, e.g
``f(3, *)``. Patch by Grigoryev Semyon
- Removed upstreamed patches:
- CVE-2023-27043-email-parsing-errors.patch
- CVE-2024-4032-private-IP-addrs.patch
- CVE-2024-6923-email-hdr-inject.patch
- CVE-2024-8088-inf-loop-zipfile_Path.patch
- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid
failing test_sendfile_close_peer_in_the_middle_of_receiving
tests on Linux >= 6.10 (GH-120227).
==== rpm-config-SUSE ====
- Use a deterministic binarychangelogtrim
based on build times of BuildRequires (boo#1047218)
==== shim ====
- Update shim-install to apply the missing fix for openSUSE Leap
(bsc#1210382)
* 86b73d1 Fix that bootx64.efi is not updated on Leap
- Update shim-install to use the 'removable' way for SL-Micro
(bsc#1230316)
* 433cc4e Always use the removable way for SL-Micro
==== transactional-update ====
Version update (4.8.1 -> 4.8.2)
Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit
- Version 4.8.2
- Allow specifying only low value with setup-kdump [bsc#1230537]
==== wayland ====
Version update (1.23.0 -> 1.23.1)
Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0
- Update to release 1.23.1:
* meson: Fix use of install_data() without specifying install_dir
* Put WL_DEPRECATED in front of the function declarations
* client: Handle proxies with no queue
* scanner: extract validator function emission to helper function
* scanner: fix validator for bitfields
* tests: add enum bitfield test