Packages changed: ceph (16.2.6.463+g22e7612f9ad -> 16.2.7.596+g7d574789716) dbus-1 (1.12.22 -> 1.14.0) dbus-1-x11 (1.12.22 -> 1.14.0) firewalld freerdp (2.6.0 -> 2.6.1) gnutls kbd libvdpau (1.4 -> 1.5) logrotate lua54 mozilla-nss (3.74 -> 3.75) nfs-utils openssl-1_1 perl-DBD-SQLite python-FontTools (4.28.5 -> 4.29.1) python-xarray (0.21.1 -> 2022.3.0) qemu ruby3.1 rubygem-rspec-rails (5.1.0 -> 5.1.1) rubygem-sprockets (4.0.2 -> 4.0.3) swtpm (0.7.1 -> 0.7.2) vsftpd yast2 (4.4.45 -> 4.4.47) yast2-network (4.4.43 -> 4.4.44) === Details === ==== ceph ==== Version update (16.2.6.463+g22e7612f9ad -> 16.2.7.596+g7d574789716) Subpackages: librados2 librbd1 - Update to 16.2.7-596-g7d574789716 + Update Prometheus Container image paths (pr #459) + mgr/dashboard: Fix documentation URL (pr #456) + mgr/dashboard: Adapt downstream branded navigation page (pr #454) - Update to 16.2.7-577-g3e3603b5dd1 + Update prometheus-server version - Update to 16.2.7-37-gb3be69440db: + (bsc#1194353) Downstream branding breaks dashboard npm build ==== dbus-1 ==== Version update (1.12.22 -> 1.14.0) Subpackages: libdbus-1-3 libdbus-1-3-32bit - Update to version 1.14.0: + Dependencies: - dbus now requires at least a basic level of support for C99 variadic macros, as implemented in gcc >= 3, all versions of Clang, and MSVC >= 2005. In practice this requirement has existed since version 1.9.2, but it is now official. - dbus now requires a C99-compatible va_copy() macro (or a __va_copy() macro with the same behaviour), except when building for Windows using MSVC and CMake. - On Unix platforms, if getpwnam_r() and getgrnam_r() are implemented, they must be POSIX-conformant. The non-POSIX signature seen in ancient Solaris versions will no longer work. - GLib >= 2.38 is required if full test coverage is enabled (reduced from 2.40 in dbus 1.12.x.) - Building using CMake now requires CMake 3.4. - Building documentation using CMake now requires xsltproc, Docbook DTDs (for example docbook-xml on Debian derivatives), and Docbook XSLT stylesheets (for example docbook-xsl on Debian derivatives). Using KDE's meinproc4 documentation processor is no longer supported. + Build-time configuration changes: Move CMake build system to top level, matching normal practice for CMake projects + Deprecations: - Third-party software should install default dbus policies for the system bus into ${datadir}/dbus-1/system.d (this has been supported since dbus 1.10, released in August 2015). Installing default dbus policies in ${sysconfdir}/dbus-1/system.d is now considered to be deprecated. Policy files in ${sysconfdir}/dbus-1/system.d continue to be read, but this directory should only be used by system administrators wishing to override the default policies. - The ${datadir} applicable to dbus is usually /usr/share and the ${sysconfdir} is usually /etc. - A similar pattern applies to the session bus policies in session.d. - The dbus-send(1) man page now documents --bus and --peer instead of the old --address synonym for --peer, which has been deprecated since the introduction of --bus and --peer in 1.7.6 - The dbus-daemon man page now has scarier warnings about and non-local TCP, which are insecure and should not be used, particularly for the standard system and session buses. - DBusServer (and hence the dbus-daemon) no longer accepts usernames (login names) for the recommended EXTERNAL authentication mechanism, only numeric user IDs or the empty string. See 1.13.0 release notes for full details. + New features: - On Linux 4.13 or later when built against a suitable glibc version, GetConnectionCredentials() now includes UnixGroupIDs, the effective group IDs of the initiator of the connection, taken from SO_PEERGROUPS. - On Linux 4.13 or later, now uses the SO_PEERGROUPS credentials-passing socket option to get the effective group IDs of the initiator of the connection. See 1.13.4 release notes for details. - Add a --sender option to dbus-send, which requests a name and holds it until the signal has been sent - dbus-daemon and rules can now specify a send_destination_prefix attribute, which is like a combination of send_destination and the arg0namespace keyword in match rules. See 1.13.12 release notes for more details. - The dbus-daemon now filters the messages that it relays, removing header fields that it does not understand. Clients must not rely on this behaviour unless they have confirmed that they are connected to a suitable message bus implementation, for example by querying its Features property. - The dbus-daemon now emits a signal, ActivatableServicesChanged, when the list of activatable services may have changed. Support for this signal can be discovered by querying the Features property. - It is now possible to disable traditional (non-systemd) service activation at build-time (Autotools: - -disable-traditional-activation, CMake: - DENABLE_TRADITIONAL_ACTIVATION=OFF). See 1.13.10 release notes for details. - The API reference manual can be built as a Qt compiled help file if qhelpgenerator(-qt5) is available. See 1.13.16 release notes for details. + Miscellaneous behaviour changes: - When using the "user bus" (--enable-user-session), put the dbus-daemon in the session slice - Several environment variables set by systemd are no longer passed on to activated services - If the dbus-daemon is compiled for Linux with systemd support, it now informs systemd that it is ready for use via the sd_notify() mechanism. - Tarball releases no longer contain pre-2007 changelogs and are now compressed with xz, making them around 35% smaller. - Drop conditionals for old obsolete versions of openSUSE. - Rebase patches with quilt. - Use https for source and sig URL. ==== dbus-1-x11 ==== Version update (1.12.22 -> 1.14.0) - Update to version 1.14.0: + Dependencies: - dbus now requires at least a basic level of support for C99 variadic macros, as implemented in gcc >= 3, all versions of Clang, and MSVC >= 2005. In practice this requirement has existed since version 1.9.2, but it is now official. - dbus now requires a C99-compatible va_copy() macro (or a __va_copy() macro with the same behaviour), except when building for Windows using MSVC and CMake. - On Unix platforms, if getpwnam_r() and getgrnam_r() are implemented, they must be POSIX-conformant. The non-POSIX signature seen in ancient Solaris versions will no longer work. - GLib >= 2.38 is required if full test coverage is enabled (reduced from 2.40 in dbus 1.12.x.) - Building using CMake now requires CMake 3.4. - Building documentation using CMake now requires xsltproc, Docbook DTDs (for example docbook-xml on Debian derivatives), and Docbook XSLT stylesheets (for example docbook-xsl on Debian derivatives). Using KDE's meinproc4 documentation processor is no longer supported. + Build-time configuration changes: Move CMake build system to top level, matching normal practice for CMake projects + Deprecations: - Third-party software should install default dbus policies for the system bus into ${datadir}/dbus-1/system.d (this has been supported since dbus 1.10, released in August 2015). Installing default dbus policies in ${sysconfdir}/dbus-1/system.d is now considered to be deprecated. Policy files in ${sysconfdir}/dbus-1/system.d continue to be read, but this directory should only be used by system administrators wishing to override the default policies. - The ${datadir} applicable to dbus is usually /usr/share and the ${sysconfdir} is usually /etc. - A similar pattern applies to the session bus policies in session.d. - The dbus-send(1) man page now documents --bus and --peer instead of the old --address synonym for --peer, which has been deprecated since the introduction of --bus and --peer in 1.7.6 - The dbus-daemon man page now has scarier warnings about and non-local TCP, which are insecure and should not be used, particularly for the standard system and session buses. - DBusServer (and hence the dbus-daemon) no longer accepts usernames (login names) for the recommended EXTERNAL authentication mechanism, only numeric user IDs or the empty string. See 1.13.0 release notes for full details. + New features: - On Linux 4.13 or later when built against a suitable glibc version, GetConnectionCredentials() now includes UnixGroupIDs, the effective group IDs of the initiator of the connection, taken from SO_PEERGROUPS. - On Linux 4.13 or later, now uses the SO_PEERGROUPS credentials-passing socket option to get the effective group IDs of the initiator of the connection. See 1.13.4 release notes for details. - Add a --sender option to dbus-send, which requests a name and holds it until the signal has been sent - dbus-daemon and rules can now specify a send_destination_prefix attribute, which is like a combination of send_destination and the arg0namespace keyword in match rules. See 1.13.12 release notes for more details. - The dbus-daemon now filters the messages that it relays, removing header fields that it does not understand. Clients must not rely on this behaviour unless they have confirmed that they are connected to a suitable message bus implementation, for example by querying its Features property. - The dbus-daemon now emits a signal, ActivatableServicesChanged, when the list of activatable services may have changed. Support for this signal can be discovered by querying the Features property. - It is now possible to disable traditional (non-systemd) service activation at build-time (Autotools: - -disable-traditional-activation, CMake: - DENABLE_TRADITIONAL_ACTIVATION=OFF). See 1.13.10 release notes for details. - The API reference manual can be built as a Qt compiled help file if qhelpgenerator(-qt5) is available. See 1.13.16 release notes for details. + Miscellaneous behaviour changes: - When using the "user bus" (--enable-user-session), put the dbus-daemon in the session slice - Several environment variables set by systemd are no longer passed on to activated services - If the dbus-daemon is compiled for Linux with systemd support, it now informs systemd that it is ready for use via the sd_notify() mechanism. - Tarball releases no longer contain pre-2007 changelogs and are now compressed with xz, making them around 35% smaller. - Drop conditionals for old obsolete versions of openSUSE. - Rebase patches with quilt. - Use https for source and sig URL. ==== firewalld ==== Subpackages: firewalld-bash-completion firewalld-lang firewalld-zsh-completion python3-firewall - Add code for safe modprobe.d migration (https://en.opensuse.org/openSUSE:Packaging_UsrEtc) - Always own %_modprobedir (bsc#1196275, jsc#SLE-20639) ==== freerdp ==== Version update (2.6.0 -> 2.6.1) Subpackages: libfreerdp2-2 libwinpr2-2 - Upgraded to freerdp 2.6.1 * Decreased logging verbosity, now freerdp is much less verbose by default * Backported freerdp_abort_connect during freerdp_connect fix (#gh:FreeRDP/FreeRDP#7700) * Backported improved version dection see docs/version_detection.md for details * Backported various rdpsnd fixes (#gh:FreeRDP/FreeRDP#7695) ==== gnutls ==== Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit libgnutls30-hmac - build with lto - build with -Wl,-z,now -Wl,-z,relro - build without -fanalyzer, which cuts build time in ~ half ==== kbd ==== Subpackages: kbd-legacy - Refresh kbdsettings-nox86.patch to fix build on non-x86* architectures ==== libvdpau ==== Version update (1.4 -> 1.5) - Add U_Support-AV1.patch: Add support for AV1 in vdpauinfo. - Minor tweaks to spec. - Update to version 1.5: * Add AV1 decode support in VDPAU API * Addition of comma and removing the extra braces * Add tracing for HEVCRangeExt picture info * Add tracing for VP9 picture info - Also update vdpauinfo to version 1.4 - Drop patches fixed upstream: * c5a8e7c6c8b4b36a0e4c9a4369404519262a3256.patch * e82dc4bdbb0db3ffa8c78275902738eb63aa5ca8.patch ==== logrotate ==== - Added own logrotate.service file in order to define a new order of parsed config files: /usr/etc/logrotate.conf Default configuration file defined by the vendor. /usr/etc/logrotate.d/* Directory for additional configuration files defined by the vendor. /etc/logrotate.conf Default configuration file defined by the administrator. (optional) /etc/logrotate.d/* Directory for additional configuration files defined by the administrator. (optional) - drop logrotate-3.19.0-systemd_add_home_env.patch: - included in new logrotate.service - Adapted man page: logrotate-3.19.0-man_logrotate.patch ==== lua54 ==== - Added patches from upstream: * luabugs1.patch * luabugs2.patch - Adjust buildsystem so that it matches upstream git (testes??) - Drop the lua_docdir define, package docs in the standard location. Instead just silently drop packaging the README with the path that does not makes sense for a rpm package, but for a source tarball install. Simpler solution to boo#1186233. ==== mozilla-nss ==== Version update (3.74 -> 3.75) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools - update to NSS 3.75 * bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI. * bmo#1749794 - Make DottedOIDToCode.py compatible with python3. * bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing. * bmo#1748386 - Remove redundant key type check. * bmo#1749869 - Update ABI expectations to match ECH changes. * bmo#1748386 - Enable CKM_CHACHA20. * bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown. * bmo#1747310 - real move assignment operator. * bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests. * bmo#1743302 - Add ECDSA test vectors to the bltest command line tool. * bmo#1747772 - Allow to build using clang's integrated assembler. * bmo#1321398 - Allow to override python for the build. * bmo#1747317 - test HKDF output rather than input. * bmo#1747316 - Use ASSERT macros to end failed tests early. * bmo#1747310 - move assignment operator for DataBuffer. * bmo#1712879 - Add test cases for ECH compression and unexpected extensions in SH. * bmo#1725938 - Update tests for ECH-13. * bmo#1725938 - Tidy up error handling. * bmo#1728281 - Add tests for ECH HRR Changes. * bmo#1728281 - Server only sends GREASE HRR extension if enabled by preference. * bmo#1725938 - Update generation of the Associated Data for ECH-13. * bmo#1712879 - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. * bmo#1712879 - Allow for compressed, non-contiguous, extensions. * bmo#1712879 - Scramble the PSK extension in CHOuter. * bmo#1712647 - Split custom extension handling for ECH. * bmo#1728281 - Add ECH-13 HRR Handling. * bmo#1677181 - Client side ECH padding. * bmo#1725938 - Stricter ClientHelloInner Decompression. * bmo#1725938 - Remove ECH_inner extension, use new enum format. * bmo#1725938 - Update the version number for ECH-13 and adjust the ECHConfig size. ==== nfs-utils ==== Subpackages: libnfsidmap1 nfs-client nfs-kernel-server - add reenable-nfsv2.patch for reverting nfsv2 deprecation until test coverage is fixed (poo#106679) - Add gcc12-fix.patch upstream fix for GCC 12 compiler. - Update to version 2.6.1 - https://kernel.org/pub/linux/utils/nfs-utils/2.6.1/2.6.1-Changelog - remove patches from this release: - 0001-gssd-fix-crash-in-debug-message.patch, - Add-disable-sbin-override-for-when-sbin-is-a-symlink.patch ==== openssl-1_1 ==== Subpackages: libopenssl1_1 libopenssl1_1-32bit libopenssl1_1-hmac - Security fix: [bsc#1192820, CVE-2002-20001] * Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE calculation. * Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST * Rebase openssl-DEFAULT_SUSE_cipher.patch - Fix the engines section in /etc/ssl/openssl.cnf [bsc#1194187] * In an INI-type file, the sections begin with a [section_name] and they run until the next section begins. * Rebase openssl-1_1-use-include-directive.patch ==== perl-DBD-SQLite ==== - Use the system sqlite rather than the built-in one. [bsc#1195771, perl-DBD-SQLite-use-external-sqlite3.patch] ==== python-FontTools ==== Version update (4.28.5 -> 4.29.1) - Update to 4.29.1 * [colorLib] Fixed rounding issue with radial gradient's start/end circles inside one another (#2521). * [freetypePen] Handle rotate/skew transform when auto-computing width/height of the buffer; raise PenError wen missing moveTo (#2517) - Release 4.29.0 * [ufoLib] Fixed illegal characters and expanded reserved filenames (#2506). * [COLRv1] Don't emit useless PaintColrLayers of lenght=1 in LayerListBuilder (#2513). * [ttx] Removed legacy waitForKeyPress method on Windows (#2509). * [pens] Added FreeTypePen that uses freetype-py and the pen protocol for rasterizating outline paths (#2494). * [unicodedata] Updated the script direction list to Unicode 14.0 (#2484). * Bumped unicodedata2 dependency to 14.0 (#2499). * [psLib] Fixed type of fontName in suckfont (#2496). ==== python-xarray ==== Version update (0.21.1 -> 2022.3.0) - - update to version 2022.03.0: - This release brings a number of small improvements, as well as a move to `calendar versioning `_ (:issue:`6176`).: - Many thanks to the 16 contributors to the v2022.02.0 release!: - Aaron Spring, Alan D. Snow, Anderson Banihirwe, crusaderky, Illviljan, Joe Hamman, Jonas Gliß,: - Lukas Pilz, Martin Bergemann, Mathias Hauser, Maximilian Roos, Romain Caneill, Stan West, Stijn Van Hoey,: - Tobias Kölling, and Tom Nicholas.: - New Features: - Enabled multiplying tick offsets by floats. Allows ``float`` ``n`` in :py:meth:`CFTimeIndex.shift` if ``shift_freq`` is between ``Day`` and ``Microsecond``. (:issue:`6134`, :pull:`6135`). By `Aaron Spring `_. - Enbable to provide more keyword arguments to `pydap` backend when reading OpenDAP datasets (:issue:`6274`). By `Jonas Gliß `. - Allow :py:meth:`DataArray.drop_duplicates` to drop duplicates along multiple dimensions at once, and add :py:meth:`Dataset.drop_duplicates`. (:pull:`6307`) By `Tom Nicholas `_. - Breaking changes: - Renamed the ``interpolation`` keyword of all ``quantile`` methods (e.g. :py:meth:`DataArray.quantile`) to ``method`` for consistency with numpy v1.22.0 (:pull:`6108`). By `Mathias Hauser `_. - Deprecations: - Bug fixes: - Variables which are chunked using dask in larger (but aligned) chunks than the target zarr chunk size can now be stored using `to_zarr()` (:pull:`6258`) By `Tobias Kölling `_. - Multi-file datasets containing encoded :py:class:`cftime.datetime` objects can be read in parallel again (:issue:`6226`, :pull:`6249`, :pull:`6305`). By `Martin Bergemann `_ and `Stan West `_. - Documentation: - Delete files of datasets saved to disk while building the documentation and enable building on Windows via `sphinx-build` (:pull:`6237`). By `Stan West `_. - Internal Changes: - update to version 0.21.1: - This is a bugfix release to resolve (:issue:`6216`, :pull:`6207`).: - Bug fixes: - Add `packaging` as a dependency to Xarray (:issue:`6216`, :pull:`6207`). By `Sebastian Weigand `_ and `Joe Hamman `_. ==== qemu ==== Subpackages: qemu-accel-tcg-x86 qemu-audio-spice qemu-block-curl qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-microvm qemu-seabios qemu-sgabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-x86 - Build PPC firmwares from sources on non-PPC builds as well (bsc#1193545) - Build RiscV firmwares on non-RiscV builds as well - While there, refactor (and simplify!) the firmware building logic and code * Patches added: Makefile-define-endianess-for-cross-buil.patch Makefile-fix-build-with-binutils-2.38.patch - qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) * Patches added: hw-scsi-megasas-check-for-NULL-frame-in-.patch ==== ruby3.1 ==== Subpackages: libruby3_1-3_1 - use valgrind for more supported platforms - run tests in parallel for better build times - set PATH for test to just built ruby interpreter - skip network tests, they hang on timeouts, slowing down the build - remove exceptions for armv7 testing, these are all fixed ==== rubygem-rspec-rails ==== Version update (5.1.0 -> 5.1.1) - updated to version 5.1.1 Enhancements: * Make the API request scaffold template more consistent and compatible with Rails 6.1. (Naoto Hamada, #2484) * Change the scaffold `rails_helper.rb` template to use `require_relative`. (Jon Dufresne, #2528) ==== rubygem-sprockets ==== Version update (4.0.2 -> 4.0.3) - updated to version 4.0.3 * Fix `Manifest#find` yielding from a Promise causing issue on Ruby 3.1.0-dev. [#720](https://github.com/rails/sprockets/pull/720) * Better detect the ERB version to avoid deprecation warnings. [#719](https://github.com/rails/sprockets/pull/719) * Allow assets already fingerprinted to be served through `Sprockets::Server` * Do not fingerprint files that already contain a valid digest in their name * Remove remaining support for Ruby < 2.4.[#672](https://github.com/rails/sprockets/pull/672) ==== swtpm ==== Version update (0.7.1 -> 0.7.2) Subpackages: swtpm-selinux - Update to version 0.7.2: - swtpm: - Do not chdir(/) when using --daemon - swtpm-localca: - Re-implement variable resolution for swtpm-localca.conf - tests: - Use ${WORKDIR} in config files to test env. var replacement - man pages: - Add missing .config directory to path description when using ${HOME} - build-sys: - Add probing for -fstack-protector ==== vsftpd ==== - Use rpm conditional to build against the proper OpenSSL version on all distributions. [jsc#PM-3322] ==== yast2 ==== Version update (4.4.45 -> 4.4.47) Subpackages: yast2-logs - Extend the Package module to force using PackageSystem or PackageAI without having the mode into account. - AutoYaST: properly detect whether firewalld, bind and yast2-dns-server packages are installed when cloning a system (bsc#1196963). - 4.4.47 - Reverted LD_PRELOAD change (GitHub PR#1236) (bsc#1196326) - 4.4.46 - New doc: Invoking External Commands in YaST (in doc/) ==== yast2-network ==== Version update (4.4.43 -> 4.4.44) - Write NetworkManager s390 options to the ethernet section instead of the connection one (bsc#1196582) - 4.4.44