Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20230301 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: AppStream (0.16.0 -> 0.16.1) Mesa (22.3.5 -> 23.0.0) Mesa-drivers (22.3.5 -> 23.0.0) apache2-mod_php8 apparmor (3.1.2 -> 3.1.3) brotli curl (7.87.0 -> 7.88.1) enchant ffmpeg-5 flatpak (1.14.2 -> 1.14.3) gd kernel-source (6.1.12 -> 6.2.0) kexec-tools libHX (4.10 -> 4.12) libapparmor (3.1.2 -> 3.1.3) libcbor (0.10.1 -> 0.10.2) libgit2 (1.5.1 -> 1.5.2) libheif (1.14.2 -> 1.15.1) liburing linux-glibc-devel (6.1 -> 6.2) make (4.4 -> 4.4.1) openblas_openmp openblas_pthreads openexr patterns-base patterns-fonts php8 pinentry pinentry-gui python-apipkg python-pexpect python-pycurl qemu radvd strace (6.1 -> 6.2) sudo (1.9.13p1 -> 1.9.13p2) vim (9.0.1307 -> 9.0.1357) vlc xorg-x11-fonts xorg-x11-fonts-converted zsh === Details === ==== AppStream ==== Version update (0.16.0 -> 0.16.1) Subpackages: libAppStreamQt2 libappstream4 - Update to version 0.16.1: Specification: * docs: Clarify the locations where catalog icons should be placed * spec: Expand documentation for <issue> elements * spec: Mention that <issues> is not part of the description * spec: Give some guidance about tone in release descriptions Bugfixes: * Fix binding helper macro to behave correctly if a function is passed directly * Override-merge icons and provided items correctly * tests: Ensure locale is C.UTF-8 in pool tests Miscellaneous: * release: Add sanity checks at beginning of each function - Add ldconfig_scriptlets for libappstream-compose ==== Mesa ==== Version update (22.3.5 -> 23.0.0) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Add patch to fix GLX with indirect rendering: * n_Revert-glx-Only-compute-client-GL-extensions-for-ind.patch - Update to version 23.0.0 * first stable release of 2023 - refreshed patches * n_drirc-disable-rgb10-for-chromium-on-amd.patch * n_stop-iris-flicker.patch * u_dep_xcb.patch * u_fix-build-on-ppc64le.patch - adjusted n_no-sse2-on-ix86-except-for-intel-drivers.patch - meson: added -Dxmlconfig=enabled to fix link errors (missing "-lexpat") ==== Mesa-drivers ==== Version update (22.3.5 -> 23.0.0) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Add patch to fix GLX with indirect rendering: * n_Revert-glx-Only-compute-client-GL-extensions-for-ind.patch - Update to version 23.0.0 * first stable release of 2023 - refreshed patches * n_drirc-disable-rgb10-for-chromium-on-amd.patch * n_stop-iris-flicker.patch * u_dep_xcb.patch * u_fix-build-on-ppc64le.patch - adjusted n_no-sse2-on-ix86-except-for-intel-drivers.patch - meson: added -Dxmlconfig=enabled to fix link errors (missing "-lexpat") ==== apache2-mod_php8 ==== - change to %bcond conditional build dependencies ==== apparmor ==== Version update (3.1.2 -> 3.1.3) Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - update to AppArmor 3.1.3 - add support for more audit.log formats in libapparmor - add abstractions/groff (boo#1065388) - various additions in abstractions and profiles - several bug fixes in parser and utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.3 for the detailed upstream changelog - drop upstreamed patches: - abstractions-openssl-1_1.diff - dnsmasq-cpu-possible.diff - nscd-systemd-userdb.diff ==== brotli ==== Subpackages: libbrotlicommon1 libbrotlidec1 libbrotlienc1 - add 32bit devel package for Wine development. ==== curl ==== Version update (7.87.0 -> 7.88.1) Subpackages: libcurl4 - Update to 7.88.1: * Bugfix release - Drop upstreamed patch: * curl-fix-uninitialized-value-in-tests.patch - Update to 7.88.0: [bsc#1207990, CVE-2023-23914] [bsc#1207991, CVE-2023-23915] [bsc#1207992, CVE-2023-23916] * Security fixes: - CVE-2023-23914: HSTS ignored on multiple requests - CVE-2023-23915: HSTS amnesia with --parallel - CVE-2023-23916: HTTP multi-header compression denial of service * Changes: - curl.h: add CURL_HTTP_VERSION_3ONLY - share: add sharing of HSTS cache among handles - src: add --http3-only - tool_operate: share HSTS between handles - urlapi: add CURLU_PUNYCODE - writeout: add %{certs} and %{num_certs} * Bugfixes: - cf-socket: keep sockaddr local in the socket filters - cfilters:Curl_conn_get_select_socks: use the first non-connected filter - curl.h: allow up to 10M buffer size - curl.h: mark CURLSSLBACKEND_MESALINK as deprecated - curl/websockets.h: extend the websocket frame struct - curl: output warning at --verbose output for debug-enabled version - curl_free.3: fix return type of `curl_free` - curl_log: for failf/infof and debug logging implementations - dict: URL decode the entire path always - docs/DEPRECATE.md: deprecate gskit - easyoptions: fix header printing in generation script - haxproxy: send before TLS handhshake - hsts.d: explain hsts more - hsts: handle adding the same host name again - HTTP/[23]: continue upload when state.drain is set - http: decode transfer encoding first - http_aws_sigv4: remove typecasts from HMAC_SHA256 macro - http_proxy: do not assign data->req.p.http use local copy - lib: connect/h2/h3 refactor - libssh2: try sha2 algos for hostkey methods - md4: fix build with GnuTLS + OpenSSL v1 - ngtcp2: replace removed define and stop using removed function - noproxy: support for space-separated names is deprecated - nss: implement data_pending method - openldap: fix missing sasl symbols at build in specific configs - openssl: adapt to boringssl's error code type - openssl: don't ignore CA paths when using Windows CA store (redux) - openssl: don't log raw record headers - openssl: make the BIO_METHOD a local variable in the connection filter - openssl: only use CA_BLOB if verifying peer - openssl: remove attached easy handles from SSL instances - openssl: store the CA after first send (ClientHello) - setopt: use >, not >=, when checking if uarg is larger than uint-max - smb: return error on upload without size - socketpair: allow localhost MITM sniffers - strdup: name it Curl_strdup - tool_getparam: fix hiding of command line secrets - tool_operate: fix error codes on bad URL & OOM - tool_operate: repair --rate - transfer: break the read loop when RECV is cleared - typecheck: accept expressions for option/info parameters - urlapi: avoid Curl_dyn_addf() for hex outputs - urlapi: skip path checks if path is just "/" - urlapi: skip the extra dedotdot alloc if no dot in path - urldata: cease storing TLS auth type - urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP - urldata: make set.http200aliases conditional on HTTP being present - urldata: move the cookefilelist to the 'set' struct - urldata: remove unused struct fields, made more conditional - vquic: stabilization and improvements - vtls: fix hostname handling in filters - vtls: manage current easy handle in nested cfilter calls - vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used * Rebase libcurl-ocloexec.patch * Fix regression tests: f1d09231adfc695d15995b9ef2c8c6e568c28091 - runtests: fix "uninitialized value $port" - Add curl-fix-uninitialized-value-in-tests.patch ==== enchant ==== Subpackages: enchant-2-backend-hunspell enchant-data libenchant-2-2 - Use %bcond_without aspell, ref ALP push for as few mandatory dependencies as possible/ability to turn off dependencies. ==== ffmpeg-5 ==== Subpackages: libavcodec59 libavdevice59 libavfilter8 libavformat59 libavutil57 libpostproc56 libswresample4 libswscale6 - Add ``Requires: this-is-only-for-build-envs`` [boo#1208652] ==== flatpak ==== Version update (1.14.2 -> 1.14.3) Subpackages: flatpak-remote-flathub flatpak-zsh-completion libflatpak0 system-user-flatpak - Update to version 1.14.3: + When splitting an upgrade into two steps (download without installing, and then upgrade without allowing further downloads) like GNOME Software does, if an app is marked EOL and superseded by a replacement, don't remove the superseded app in the first step, which would result in the replacement incorrectly not being installed. + Fix a crash when --socket=gpg-agent is used. + Fix a crash when listing apps if one of them is broken or misconfigured. + If an app has invalid syntax in its overrides or metadata, mention the filename in the error message. + Unset $GDK_BACKEND for apps, ensuring GTK apps with - -socket=fallback-x11 can work. + Never try to export a parent of reserved directories as a - -filesystem, for example /run, which would prevent the app from starting. + Never try to export a --filesystem below /run/flatpak or /run/host, which could similarly prevent the app from starting. + The above change also fixes apps not starting if a --filesystem is a symlink to the root directory. + Show a warning when the --filesystem exists but cannot be shared with the sandbox. - Drop flatpak-fix-gpg-agent-double-free.patch: Fixed upstream. ==== gd ==== Subpackages: libgd3 - add %bcond for avif - fix dejavu fonts package name in BR ==== kernel-source ==== Version update (6.1.12 -> 6.2.0) - Update to 6.2 final - refresh configs - commit 28fe266 - Update config files. Disable CONFIG_BLK_CGROUP_IOPRIO. io.prio.class is a misdesigned mechanism that doesn't fit well with the cgroup (especially v2): - it's not properly hierarchical - cgroup-wise: parent cgroup has no contol over child cgroup - task-wise: priority impact outside of a cgroup (i.e. affects cousins competition) - it's not device dependent (device oblivious) Disable it in openSUSE Tumbleweed (and future products) so that we don't teach users to use it and force ourselves to support it. - commit 35713cd ==== kexec-tools ==== - kexec-bootloader: Add -a argument to load using kexec_load_file() when available (boo#1202820). ==== libHX ==== Version update (4.10 -> 4.12) - Update to release 4.12 * Plug a memory leak in HX_inet_listen - Update to release 4.11 * Four new socket utility functions ==== libapparmor ==== Version update (3.1.2 -> 3.1.3) - update to AppArmor 3.1.3 - add support for more audit.log formats in libapparmor - add abstractions/groff (boo#1065388) - various additions in abstractions and profiles - several bug fixes in parser and utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.3 for the detailed upstream changelog - drop upstreamed patches: - abstractions-openssl-1_1.diff - dnsmasq-cpu-possible.diff - nscd-systemd-userdb.diff ==== libcbor ==== Version update (0.10.1 -> 0.10.2) - Update to 0.10.2: * Fixed minor test bug causing failures for x86 Linux * Made tests platform-independent ==== libgit2 ==== Version update (1.5.1 -> 1.5.2) - update to 1.5.2: * Improve SSH key handling functionality: examine all keys in known_hosts files for matches, to support remote hosts with multiple key types ==== libheif ==== Version update (1.14.2 -> 1.15.1) Subpackages: gdk-pixbuf-loader-libheif libheif1 - update to 1.15.1 * fix compilation without plugins - update to 1.15.0 * codec plugin system now also works with Windows * heif_convert: manually choose which decoder should be used * support for CLLI (content light level box), MDCV (mastering display colour volume), PASP (pixel aspect) information * ICC profile support in gdk-pixbuf loader * various fixes - build with plugins enabled on Tumbleweed - remove upstreamed patches - 2ca02a128b2f76f7f293aa86a2ce1e04a8306c65.patch - b6812284a2d70f29a5121ec3dbe652da07fdbbb7.patch ==== liburing ==== - add 0001-Do-not-always-expect-multishot-recv-to-stop-posting-.patch fixes tests with kernel 6.2 ==== linux-glibc-devel ==== Version update (6.1 -> 6.2) - Update to kernel headers 6.2 ==== make ==== Version update (4.4 -> 4.4.1) - Update to make 4.4.1 * WARNING: Backward-incompatibility! In previous releases it was not well-defined when updates to MAKEFLAGS made inside a makefile would be visible. This release ensures they are visible immediately, even when invoking $(shell ...) functions. * New feature: Parallel builds of archives Previously it was not possible to use parallel builds with archives. It is still not possible using the built-in rules, however you can now override the built-in rules with a slightly different set of rules and use parallel builds with archive creation. * Previously target-specific variables would inherit their "export" capability from parent target-specific variables even if they were marked private. Now private parent target-specific variables have no affect. - sigpipe-fatal.patch: removed ==== openblas_openmp ==== - Recreate old library scheme for existing products: It turned out the new scheme on existing systems has been causing package breakages. - Do not generate baselibs.conf for HPC builds. - Add support for gcc11 & 12. - For SLE/Leap on x86_64 and s390x do not mix compiler versions as this will make the gfortran ABI version inconsistent. Instead use the stock compiler and set the list of kernels for x86_64 cores explicitly as Cooperlake requires compiler intrinsics which are not provided by gcc 7. - Require at least 7G of disk space for building. ==== openblas_pthreads ==== - Recreate old library scheme for existing products: It turned out the new scheme on existing systems has been causing package breakages. - Do not generate baselibs.conf for HPC builds. - Add support for gcc11 & 12. - For SLE/Leap on x86_64 and s390x do not mix compiler versions as this will make the gfortran ABI version inconsistent. Instead use the stock compiler and set the list of kernels for x86_64 cores explicitly as Cooperlake requires compiler intrinsics which are not provided by gcc 7. - Require at least 7G of disk space for building. ==== openexr ==== Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30 - fltk not needed (openexr-3.1.5/ASWF/tsc-meetings/2021-01-14.md) ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - enhanced_base: + Drop systemd-sysvinit recommends: that package has been renamed to systemd-sysvcompat, but should not be needed on modern systems anymore. + Add systemd-coredump recommends: if already we see crashes, it'd be good if users can report usable bugs (boo#1208713). ==== patterns-fonts ==== Subpackages: patterns-fonts-fonts patterns-fonts-fonts_opt - Switch efont-unicode-bitmap-fonts with babelstone-han-fonts * The efonts have not been updated since 2004 * Babelstone Han fonts just got another update on Jan 1 2023 ==== php8 ==== Subpackages: php8-cli php8-ctype php8-dom php8-gd php8-gettext php8-iconv php8-mbstring php8-mysql php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - change to %bcond conditional build dependencies ==== pinentry ==== - add %bcond option to disable fltk backend ==== pinentry-gui ==== Subpackages: pinentry-gnome3 pinentry-gtk2 pinentry-qt5 - add %bcond option to disable fltk backend ==== python-apipkg ==== - Don't use fdupes -s, it hurts. ==== python-pexpect ==== - Clean up SPEC file ==== python-pycurl ==== - Disable http3 tests if it's not supported ==== qemu ==== Subpackages: qemu-arm qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-ipxe qemu-ksm qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios - Fix build issue with Linux 6.2's headers (bsc#1208657) by dropping linux-user-add-more-compat-ioctl-definit.patch and adding Revert-linux-user-fix-compat-with-glibc-.patch - Patches meson-enforce-a-minimum-Linux-kernel-hea.patch and linux-user-drop-conditionals-for-obsolet.patch were added as downstream patches as they were part of a series, but they never made it upstream, so we don't want them here either * Patches dropped: linux-user-add-more-compat-ioctl-definit.patch linux-user-drop-conditionals-for-obsolet.patch meson-enforce-a-minimum-Linux-kernel-hea.patch * Patches added: Revert-linux-user-fix-compat-with-glibc-.patch - Fixes bsc#1197653, CVE-2022-1050 * Patches added: block-Handle-curl-7.55.0-7.85.0-version-.patch hw-pvrdma-Protect-against-buggy-or-malic.patch ==== radvd ==== - /run/radvd/ is owned by the radvd group, not daemon - Drop redundant directory creation in %post ==== strace ==== Version update (6.1 -> 6.2) - Update to strace 6.2 * Implemented collision resolution for overlapping ioctl commands from tty and snd subsystems. * Implemented decoding of IFLA_BRPORT_MAB and IFLA_DEVLINK_PORT netlink attributes. * Updated lists of ALG_*, BPF_*, IFLA_*, KEY_*, KVM_*, LANDLOCK_*, MEMBARRIER_*, NFT_*, NTF_*, and V4L2_* constants. * Updated lists of ioctl commands from Linux 6.2. ==== sudo ==== Version update (1.9.13p1 -> 1.9.13p2) Subpackages: sudo-plugin-python - Update to 1.9.13p2: Fixed the --enable-static-sudoers option, broken in sudo 1.9.13. GitHub issue #245. Fixed a potential double-free bug when matching a sudoers rule that contains a per-command chroot directive (CHROOT=dir). This bug was introduced in sudo 1.9.8. [bsc#1208595] ==== vim ==== Version update (9.0.1307 -> 9.0.1357) Subpackages: vim-data vim-data-common - Updated to version 9.0.1357, fixes the following problems * Setting 'formatoptions' with :let doesn't check for errors. * The code for setting options is too complicated. * Scrolling two lines with even line count and 'scrolloff' set. * 'splitkeep' test has failures. * Coverity warns for using a NULL pointer. * Cursor position wrong when splitting window in insert mode. * Some settings use the current codepage instead of 'encoding'. * :messages behavior depends on 'fileformat' of current buffer. * Escaping for completion of map command not properly tested. * Crash when using an unset object variable. * Code style test fails. * PRQL files are not recognized. * Checking the type of a null object causes a crash. * vimscript test fails where using {expr} syntax. * Crash when indexing "any" which is an object. * Build failure with +eval feature. * "gj" and "gk" do not move correctly over a closed fold. * 'colorcolumn' highlight wrong with virtual text above. * Relative line number not updated with virtual text above. * Cursor in wrong position below line with virtual text below ending in multi-byte character. * Error when using "none" for GUI color is confusing. * Completion of map includes simplified ones. * Handling new value of an option has a long "else if" chain. * Illegal memory access when using :ball in Visual mode. * Crash when using buffer-local user command in cmdline window. (Karl Yngve Lervåg) * When redo'ing twice <ScriptCmd> may not get the script ID. * Using tt_member for the class leads to mistakes. * No test for bad use of spaces in help files. * Functions without arguments are not always declared properly. * Yuck files are not recognized. * :defcompile and :disassemble can't find class method. (Ernie Rael) * No test for :disassemble with class function. * Coverity warns for using NULL pointer. * Build error with mzscheme but without GUI. * Check for OSC escape sequence doesn't work. * Too many "else if" statements for handling options. * Starlark files are not recognized. * "gr CTRL-O" stays in Insert mode. (Pierre Ganty) * Un-grammar files are not recognized. * "gr" with a count fails. * CPON files are not recognized. * Dhall files are not recognized. * "ignore" files are outdated. * Too many "else if" statements to handle option values. * "gr CTRL-G" stays in virtual replace mode. (Pierre Ganty) * No error when declaring a class twice. (Ernie Rael) * Cannot cancel "gr" with Esc. * Using null_object results in an internal error. (Ernie Rael) ==== vlc ==== Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau - xosd plugin was removed in 5adefde - Add 104-playback-bar.patch: Backport fix for the playback bar (commit 60771fe7) ==== xorg-x11-fonts ==== Subpackages: xorg-x11-fonts-core xorg-x11-fonts-legacy - encodings-1.0.7 font-adobe-75dpi-1.0.4 font-adobe-utopia-100dpi-1.0.5 font-adobe-utopia-75dpi-1.0.5 font-adobe-utopia-type1-1.0.5 font-alias-1.0.5 font-arabic-misc-1.0.4 font-bh-100dpi-1.0.4 font-bh-75dpi-1.0.4 font-bh-lucidatypewriter-100dpi-1.0.4 font-bh-lucidatypewriter-75dpi-1.0.4 font-bh-ttf-1.0.4 font-bh-type1-1.0.4 font-bitstream-100dpi-1.0.4 font-bitstream-75dpi-1.0.4 font-bitstream-type1-1.0.4 font-cronyx-cyrillic-1.0.4 font-cursor-misc-1.0.4 font-daewoo-misc-1.0.4 font-dec-misc-1.0.4 font-ibm-type1-1.0.4 font-isas-misc-1.0.4 font-jis-misc-1.0.4 font-micro-misc-1.0.4 font-misc-cyrillic-1.0.4 font-misc-ethiopic-1.0.5 font-misc-meltho-1.0.4 font-misc-misc-1.1.3 font-mutt-misc-1.0.4 font-schumacher-misc-1.1.3 font-screen-cyrillic-1.0.5 font-sony-misc-1.0.4 font-sun-misc-1.0.4 font-winitzki-cyrillic-1.0.4 font-xfree86-type1-1.0.5 * These releases bundle up the last twelve years worth of build system improvements, including making the configure script more efficient and using the -n flag to gzip to improve build reproducibility. - font-adobe-100dpi 1.0.4 * This release bundles up the last twelve years worth of build system improvements, including making the configure script more efficient and using the -n flag to gzip to improve build reproducibility. ==== xorg-x11-fonts-converted ==== - encodings-1.0.7 font-adobe-75dpi-1.0.4 font-adobe-utopia-100dpi-1.0.5 font-adobe-utopia-75dpi-1.0.5 font-adobe-utopia-type1-1.0.5 font-alias-1.0.5 font-arabic-misc-1.0.4 font-bh-100dpi-1.0.4 font-bh-75dpi-1.0.4 font-bh-lucidatypewriter-100dpi-1.0.4 font-bh-lucidatypewriter-75dpi-1.0.4 font-bh-ttf-1.0.4 font-bh-type1-1.0.4 font-bitstream-100dpi-1.0.4 font-bitstream-75dpi-1.0.4 font-bitstream-type1-1.0.4 font-cronyx-cyrillic-1.0.4 font-cursor-misc-1.0.4 font-daewoo-misc-1.0.4 font-dec-misc-1.0.4 font-ibm-type1-1.0.4 font-isas-misc-1.0.4 font-jis-misc-1.0.4 font-micro-misc-1.0.4 font-misc-cyrillic-1.0.4 font-misc-ethiopic-1.0.5 font-misc-meltho-1.0.4 font-misc-misc-1.1.3 font-mutt-misc-1.0.4 font-schumacher-misc-1.1.3 font-screen-cyrillic-1.0.5 font-sony-misc-1.0.4 font-sun-misc-1.0.4 font-winitzki-cyrillic-1.0.4 font-xfree86-type1-1.0.5 * These releases bundle up the last twelve years worth of build system improvements, including making the configure script more efficient and using the -n flag to gzip to improve build reproducibility. - font-adobe-100dpi 1.0.4 * This release bundles up the last twelve years worth of build system improvements, including making the configure script more efficient and using the -n flag to gzip to improve build reproducibility. ==== zsh ==== - Disabled zsh-sh subpackage generation for Leap 15.4 to prevent an error when building the package. - don't require yodl for build, doc is not regenerated anyway
