Packages changed: emacs ffmpeg-4 gnome-online-accounts (3.50.4 -> 3.50.5) gnome-remote-desktop (46.4 -> 46.5) gnome-shell (46.4 -> 46.5) gnome-software (46.4 -> 46.5) groff groff-full gtk4 (4.16.0 -> 4.16.1) gvfs (1.54.2 -> 1.54.3) kernel-firmware (20240912 -> 20240913) kexec-tools kwallet libadwaita (1.5.3 -> 1.5.4) libcbor librsvg (2.58.3 -> 2.58.4) mc (4.8.31 -> 4.8.32) mutter (46.4 -> 46.5) openSUSE-release (20240916 -> 20240918) ovmf pam pam-config (2.11+git.20240906 -> 2.11+git.20240911) pam-full-src polari (46.0 -> 46.0+18) poppler poppler-qt6 python-cryptography python-ldap python-numpy (2.0.0 -> 2.1.1) python311 (3.11.9 -> 3.11.10) python311-core (3.11.9 -> 3.11.10) rpm-config-SUSE shim transactional-update (4.8.1 -> 4.8.2) wayland (1.23.0 -> 1.23.1) === Details === ==== emacs ==== Subpackages: emacs-el emacs-eln emacs-info emacs-nox etags - Add patch emacs-gcc14.patch to make flymake-tests work even with gcc14 (backport from upstream master) ==== ffmpeg-4 ==== Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9 - Add ffmpeg-4-CVE-2024-7055.patch: Backporting 3faadbe2 from upstream, Use 64bit for input size check, Fixes: out of array read, Fixes: poc3. (CVE-2024-7055, bsc#1229026) ==== gnome-online-accounts ==== Version update (3.50.4 -> 3.50.5) Subpackages: libgoa-1_0-0 libgoa-backend-1_0-2 - Update to version 3.50.5: + goaimapsmtpprovider: quick fix for yahoo auto-detect + Updated translations. ==== gnome-remote-desktop ==== Version update (46.4 -> 46.5) - Update to version 46.5: + Updated translations. ==== gnome-shell ==== Version update (46.4 -> 46.5) Subpackages: gnome-extensions gnome-shell-calendar - Update to version 46.5: + Fix smartcard logins + Fix glitch when quick settings menu animation is interrupted + Fix new wifi connections for restricted users + Do not disable required animations + Fix showing pending PAM messages on login screen + Plugged leak + Misc. bug fixes and cleanups + Updated translations. - Drop gnome-shell-private-connection.patch: Should not be needed anymore after changes upstream. ==== gnome-software ==== Version update (46.4 -> 46.5) Subpackages: gnome-software-plugin-packagekit - Update to version 46.5: + Reduce power usage when the main window is closed. + Updated translations. ==== groff ==== - Add groff-restore-hyphen-minus.patch (bsc#1226153) ==== groff-full ==== Subpackages: gxditview - Add groff-restore-hyphen-minus.patch (bsc#1226153) ==== gtk4 ==== Version update (4.16.0 -> 4.16.1) Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.16.1: + GtkFileChooser: Plug a memory leak + GtkCalendar: Avoid ending up with invalid dates + Printing: Fix initial printer selection in the print dialog + Gsk: - Fix shadows for opaque textures - Fix a crash in a corner case + Css: Make relative paths work again in theme files + Accessibility: Fix detection of the Flatpak portal + Updated translations. ==== gvfs ==== Version update (1.54.2 -> 1.54.3) Subpackages: gvfs-backend-afc gvfs-backend-goa gvfs-backend-samba gvfs-backends gvfs-fuse - Update to version 1.54.3: + onedrive: - Set name of drive root - Handle multiple drives with same IDs - Guess mime type locally if not set by the server + Updated translations. ==== kernel-firmware ==== Version update (20240912 -> 20240913) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20240913 (git commit bcbdd1670bc3): * amdgpu: update DMCUB to v0.0.233.0 DCN351 * copy-firmware: Handle links to uncompressed files * WHENCE: Fix battmgr.jsn entry type - Drop obsoleted workaround patch: copy-firmware-fix-symlink-without-compress.patch - Temporary revert for ath12k firmware (bsc#1230596) ==== kexec-tools ==== - To create rckexec-reload, the service binary is required at build time. This binary is provided by aaa_base. Make sure this package is available during build. ==== kwallet ==== - Use the %lang_package macro for kwallet-tools-lang (boo#1230570) ==== libadwaita ==== Version update (1.5.3 -> 1.5.4) Subpackages: libadwaita-1-0 typelib-1_0-Adw-1 - Update to version 1.5.4: + AdwAboutDialog/Window: Support non-deprecated GPL-2/3.0-only SPDX IDs + AdwHeaderBar: Fix back button menu picking up phantom pages in some situations + AdwTabBar/Overview: Fix 2 crashes with drag-n-drop + Stylesheet: Fix scroll undershoot in dropdowns and emoji picker + Updated translations. ==== libcbor ==== - The doc fails to build with an assert in sphinx in 15sp6 also. ==== librsvg ==== Version update (2.58.3 -> 2.58.4) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Update to version 2.58.4: + Fix regression when using an SVG inside a feImage element. ==== mc ==== Version update (4.8.31 -> 4.8.32) Subpackages: mc-lang - Update to 4.8.32: - Core - Tell the current directory to the terminal using OSC 7 sequence (so it can open new tabs there) (#3088) - Preserve ext2fs attributes on copy/move operations (#4532) - Change name of temporary directory: make it unique for each run (#4535) - Hide password in file operation progress dialog (#4541) - Support reget in file move operation (#4563) - Implement nanosecond precision timestamps on non-Linux (macOS, BSD, AIX, Solaris) (#4563) - Remove remaining mmap code to simplify maintenance (#3960) - VFS - extfs: support unrar-7 (#4518) - Editor - Improve syntax highlighting: - C and C++ (MidnightCommander?/mc#195, #4556) - Viewer - Diff viewer - Add man page mcdiff.1 (#4224) - Misc - Code cleanup (#4524) - New skins - xoria256-thin, xoria256root-thin (#4530) - modarcon16-defbg-thin, modarcon16-thin, modarcon16root-defbg-thin, modarcon16root-thin (#4530) - modarin256-defbg-thin, modarin256-thin, modarin256root-defbg-thin, modarin256root-thin (#4530) - julia256root (#4536) - mc.ext.ini: clarify escaping of spaces and parenthesis (#4502) - Fixes - External editor does not work with arguments in $EDITOR (#4533) - fish shell: strings " cd (printf '%b' ... " in history (#4521) - Redundant back slashes for autocomplete (#4292) - subshell: call execl with argv[0] that is not an actual path to Bash (#4549) - mcedit: php.syntax: comment highlight from start of light only (#4519) - mcedit: wrong replacement using regular expressions with begin or end of line (#4525, #4526) - mcedit: losing column position when navigating up/down (MidnightCommander?/mc#194) - mcedit: macro deletes text (#4540) - mcedit: macros are applied to the pasted text (#4562) - extfs: iso9660: xorriso is slow to open an ISO image (#3570, #4567) - extfs: u7z: wrong add of nested directories to archive (#4559) - extfs: segfault on enter to deleted archive (#4560) - tar: segfault on copy files from archive (#4561) - man: typo (#4550) - Remove mc-extfs-iso9660-xorriso.patch patch which doesn't apply anymore. - Other patches reapplied. ==== mutter ==== Version update (46.4 -> 46.5) - Update to version 45.5: + Fix drag and drop between X11 and wayland clients + Fix drag and drop from grabbing popups + Fix EGLDevice support + Fix frozen cursor on some hybrid machines + Fix touch window dragging with pointer lock enabled + Fix propagating tablet device removals to clients + Fix tablet input in maximized windows + Reduce damage on window movement + Fix frozen cursor after suspend + Fix using modifiers on multi-GPU setups + Fixed crashes + Misc. bug fixes and cleanups + Updated translations. ==== openSUSE-release ==== Version update (20240916 -> 20240918) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== ovmf ==== Subpackages: qemu-uefi-aarch64 - Add ovmf-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in (bsc#1230587) ==== pam ==== - baselibs.conf: add pam-userdb - pam_limits-systemd.patch: update to final PR - Add systemd-logind support to pam_limits (pam_limits-systemd.patch) - Remove /usr/etc/pam.d, everything should be migrated - Remove pam_limits from default common-sessions* files. pam_limits is now part of pam-extra and not in our default generated config. - pam_issue-systemd.patch: only count class user sessions ==== pam-config ==== Version update (2.11+git.20240906 -> 2.11+git.20240911) - Add PreRequires for pam-extra, several other packages depend on that pam_limits is installed and enabled by default - Update to version 2.11+git.20240911: * Only add pam_limits if available ==== pam-full-src ==== - baselibs.conf: add pam-userdb - pam_limits-systemd.patch: update to final PR - Add systemd-logind support to pam_limits (pam_limits-systemd.patch) - Remove /usr/etc/pam.d, everything should be migrated - Remove pam_limits from default common-sessions* files. pam_limits is now part of pam-extra and not in our default generated config. - pam_issue-systemd.patch: only count class user sessions ==== polari ==== Version update (46.0 -> 46.0+18) - Update to version 46.0+18: + joinDialog: Fix closing the dialog. + Updated translations. ==== poppler ==== Subpackages: libpoppler-cpp1 libpoppler-glib8 libpoppler139 poppler-tools - Poppler can load ghostscript fonts (n022003l.pfb and the like) so the package now recommends the ghostscript-fonts-std package (boo#1230636). ==== poppler-qt6 ==== - Poppler can load ghostscript fonts (n022003l.pfb and the like) so the package now recommends the ghostscript-fonts-std package (boo#1230636). ==== python-cryptography ==== - Fix building on SLE based distributions ==== python-ldap ==== - Enable sle15_python_module_pythons (boo#1229549) ==== python-numpy ==== Version update (2.0.0 -> 2.1.1) - Update to 2.1.1 * #27259: BUG: revert unintended change in the return value of set_printoptions * #27266: BUG: fix reference counting bug in __array_interface__ implementation... * #27267: TST: Add regression test for missing descr in array-interface * #27276: BUG: Fix #27256 and #27257 * #27278: BUG: Fix array_equal for numeric and non-numeric scalar types * #27304: BUG: f2py: better handle filtering of public/private subroutines - Update to 2.1.0 * Support for Python 3.13. * Preliminary support for free threaded Python 3.13. * Support for the array-api 2023.12 standard. [#]# New functions * A new function np.unstack(array, axis=...) was added, which splits an array into a tuple of arrays along an axis. It serves as the inverse of numpy.stack. (gh-26579) [#]# Deprecations * The fix_imports keyword argument in numpy.save is deprecated. Since NumPy 1.17, numpy.save uses a pickle protocol that no longer supports Python 2, and ignored fix_imports keyword. This keyword is kept only for backward compatibility. It is now deprecated. (gh-26452) * Passing non-integer inputs as the first argument of bincount is now deprecated, because such inputs are silently cast to integers with no warning about loss of precision. (gh-27076) [#]# Expired deprecations * Scalars and 0D arrays are disallowed for numpy.nonzero and numpy.ndarray.nonzero. (gh-26268) * set_string_function internal function was removed and PyArray_SetStringFunction was stubbed out. (gh-26611) [#]# C API changes * API symbols now hidden but customizable * Many shims removed from npy_3kcompat.h * New PyUFuncObject field process_core_dims_func [#]# New Features * Preliminary Support for Free-Threaded CPython 3.13 * f2py can generate freethreading-compatible C extensions [#]# Improvements * histogram auto-binning now returns bin sizes >=1 for integer input data * ndarray shape-type parameter is now covariant and bound to tuple[int, ...] * np.quantile with method closest_observation chooses nearest even order statistic * lapack_lite is now thread safe * The numpy.printoptions context manager is now thread and async-safe * Type hinting numpy.polynomial * Improved numpy.dtypes type hints [#]# Performance improvements and changes * ma.cov and ma.corrcoef are now significantly faster [#]# Changes * ma.corrcoef may return a slightly different result * Cast-safety fixes in copyto and full - Release 2.0.1 [#]# Improvements * np.quantile with method closest_observation chooses nearest even order statistic ==== python311 ==== Version update (3.11.9 -> 3.11.10) Subpackages: python311-curses python311-dbm - Update to 3.11.10: - Security - gh-123678: Upgrade libexpat to 2.6.3 - gh-121957: Fixed missing audit events around interactive use of Python, now also properly firing for ``python -i``, as well as for ``python -m asyncio``. The event in question is ``cpython.run_stdin``. - gh-122133: Authenticate the socket connection for the ``socket.socketpair()`` fallback on platforms where ``AF_UNIX`` is not available like Windows. Patch by Gregory P. Smith and Seth Larson . Reported by Ellie - gh-121285: Remove backtracking from tarfile header parsing for ``hdrcharset``, PAX, and GNU sparse headers (bsc#1230227, CVE-2024-6232). - gh-118486: :func:`os.mkdir` on Windows now accepts * mode* of ``0o700`` to restrict the new directory to the current user. This fixes CVE-2024-4030 affecting :func:`tempfile.mkdtemp` in scenarios where the base temporary directory is more permissive than the default. - gh-116741: Update bundled libexpat to 2.6.2 - Library - gh-123270: Applied a more surgical fix for malformed payloads in :class:`zipfile.Path` causing infinite loops (gh-122905) without breaking contents using legitimate characters (bsc#1229704, CVE-2024-8088). - gh-123067: Fix quadratic complexity in parsing ``"``-quoted cookie values with backslashes by :mod:`http.cookies` (bsc#1229596, CVE-2024-7592). - gh-122905: :class:`zipfile.Path` objects now sanitize names from the zipfile. - gh-121650: :mod:`email` headers with embedded newlines are now quoted on output. The :mod:`~email.generator` will now refuse to serialize (write) headers that are unsafely folded or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas Bloemsaat and Petr Viktorin in :gh:`121650`; CVE-2024-6923, bsc#1228780). - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method breaks internal buffer when the method is called again during flushing internal buffer. - gh-118643: Fix an AttributeError in the :mod:`email` module when re-fold a long address list. Also fix more cases of incorrect encoding of the address separator in the address list. - gh-113171: Fixed various false positives and false negatives in * :attr:`ipaddress.IPv4Address.is_private` (see these docs for details) * :attr:`ipaddress.IPv4Address.is_global` * :attr:`ipaddress.IPv6Address.is_private` * :attr:`ipaddress.IPv6Address.is_global` Also in the corresponding :class:`ipaddress.IPv4Network` and :class:`ipaddress.IPv6Network` attributes. Fixes bsc#1226448 (CVE-2024-4032). - gh-102988: :func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now return ``('', '')`` 2-tuples in more situations where invalid email addresses are encountered instead of potentially inaccurate values. Add optional *strict* parameter to these two functions: use ``strict=False`` to get the old behavior, accept malformed inputs. ``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check if the *strict* paramater is available. Patch by Thomas Dwyer and Victor Stinner to improve the CVE-2023-27043 fix (bsc#1210638). - gh-67693: Fix :func:`urllib.parse.urlunparse` and :func:`urllib.parse.urlunsplit` for URIs with path starting with multiple slashes and no authority. Based on patch by Ashwin Ramaswami. - Core and Builtins - gh-112275: A deadlock involving ``pystate.c``'s ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now fixed. Patch by ChuBoning based on previous Python 3.12 fix by Victor Stinner. - gh-109120: Added handle of incorrect star expressions, e.g ``f(3, *)``. Patch by Grigoryev Semyon - Removed upstreamed patches: - CVE-2023-27043-email-parsing-errors.patch - CVE-2024-4032-private-IP-addrs.patch - CVE-2024-6923-email-hdr-inject.patch - CVE-2024-8088-inf-loop-zipfile_Path.patch - Add gh120226-fix-sendfile-test-kernel-610.patch to avoid failing test_sendfile_close_peer_in_the_middle_of_receiving tests on Linux >= 6.10 (GH-120227). ==== python311-core ==== Version update (3.11.9 -> 3.11.10) Subpackages: libpython3_11-1_0 python311-base - Update to 3.11.10: - Security - gh-123678: Upgrade libexpat to 2.6.3 - gh-121957: Fixed missing audit events around interactive use of Python, now also properly firing for ``python -i``, as well as for ``python -m asyncio``. The event in question is ``cpython.run_stdin``. - gh-122133: Authenticate the socket connection for the ``socket.socketpair()`` fallback on platforms where ``AF_UNIX`` is not available like Windows. Patch by Gregory P. Smith and Seth Larson . Reported by Ellie - gh-121285: Remove backtracking from tarfile header parsing for ``hdrcharset``, PAX, and GNU sparse headers (bsc#1230227, CVE-2024-6232). - gh-118486: :func:`os.mkdir` on Windows now accepts * mode* of ``0o700`` to restrict the new directory to the current user. This fixes CVE-2024-4030 affecting :func:`tempfile.mkdtemp` in scenarios where the base temporary directory is more permissive than the default. - gh-116741: Update bundled libexpat to 2.6.2 - Library - gh-123270: Applied a more surgical fix for malformed payloads in :class:`zipfile.Path` causing infinite loops (gh-122905) without breaking contents using legitimate characters (bsc#1229704, CVE-2024-8088). - gh-123067: Fix quadratic complexity in parsing ``"``-quoted cookie values with backslashes by :mod:`http.cookies` (bsc#1229596, CVE-2024-7592). - gh-122905: :class:`zipfile.Path` objects now sanitize names from the zipfile. - gh-121650: :mod:`email` headers with embedded newlines are now quoted on output. The :mod:`~email.generator` will now refuse to serialize (write) headers that are unsafely folded or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas Bloemsaat and Petr Viktorin in :gh:`121650`; CVE-2024-6923, bsc#1228780). - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method breaks internal buffer when the method is called again during flushing internal buffer. - gh-118643: Fix an AttributeError in the :mod:`email` module when re-fold a long address list. Also fix more cases of incorrect encoding of the address separator in the address list. - gh-113171: Fixed various false positives and false negatives in * :attr:`ipaddress.IPv4Address.is_private` (see these docs for details) * :attr:`ipaddress.IPv4Address.is_global` * :attr:`ipaddress.IPv6Address.is_private` * :attr:`ipaddress.IPv6Address.is_global` Also in the corresponding :class:`ipaddress.IPv4Network` and :class:`ipaddress.IPv6Network` attributes. Fixes bsc#1226448 (CVE-2024-4032). - gh-102988: :func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now return ``('', '')`` 2-tuples in more situations where invalid email addresses are encountered instead of potentially inaccurate values. Add optional *strict* parameter to these two functions: use ``strict=False`` to get the old behavior, accept malformed inputs. ``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check if the *strict* paramater is available. Patch by Thomas Dwyer and Victor Stinner to improve the CVE-2023-27043 fix (bsc#1210638). - gh-67693: Fix :func:`urllib.parse.urlunparse` and :func:`urllib.parse.urlunsplit` for URIs with path starting with multiple slashes and no authority. Based on patch by Ashwin Ramaswami. - Core and Builtins - gh-112275: A deadlock involving ``pystate.c``'s ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now fixed. Patch by ChuBoning based on previous Python 3.12 fix by Victor Stinner. - gh-109120: Added handle of incorrect star expressions, e.g ``f(3, *)``. Patch by Grigoryev Semyon - Removed upstreamed patches: - CVE-2023-27043-email-parsing-errors.patch - CVE-2024-4032-private-IP-addrs.patch - CVE-2024-6923-email-hdr-inject.patch - CVE-2024-8088-inf-loop-zipfile_Path.patch - Add gh120226-fix-sendfile-test-kernel-610.patch to avoid failing test_sendfile_close_peer_in_the_middle_of_receiving tests on Linux >= 6.10 (GH-120227). ==== rpm-config-SUSE ==== - Use a deterministic binarychangelogtrim based on build times of BuildRequires (boo#1047218) ==== shim ==== - Update shim-install to apply the missing fix for openSUSE Leap (bsc#1210382) * 86b73d1 Fix that bootx64.efi is not updated on Leap - Update shim-install to use the 'removable' way for SL-Micro (bsc#1230316) * 433cc4e Always use the removable way for SL-Micro ==== transactional-update ==== Version update (4.8.1 -> 4.8.2) Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit - Version 4.8.2 - Allow specifying only low value with setup-kdump [bsc#1230537] ==== wayland ==== Version update (1.23.0 -> 1.23.1) Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0 - Update to release 1.23.1: * meson: Fix use of install_data() without specifying install_dir * Put WL_DEPRECATED in front of the function declarations * client: Handle proxies with no queue * scanner: extract validator function emission to helper function * scanner: fix validator for bitfields * tests: add enum bitfield test