Packages changed: ell (0.59 -> 0.60) fwupd (1.9.8 -> 1.9.9) git (2.42.1 -> 2.43.0) grub2 libblockdev libheif (1.17.3 -> 1.17.5) mariadb-connector-c (3.3.5 -> 3.3.7) nghttp2 nvidia-open-driver-G06-signed p11-kit (0.25.2 -> 0.25.3) python-numpy (1.25.2 -> 1.26.2) python-pip (23.2.1 -> 23.3.1) readline sssd transactional-update (4.4.0 -> 4.5.0) xen (4.18.0_02 -> 4.18.0_04) xkeyboard-config === Details === ==== ell ==== Version update (0.59 -> 0.60) - update to 0.60: * Fix issue with missing NETLINK_EXT_ACK definition. * Fix issue with incorrect derivation of ECC compressed points. * Add support for ECC usage from SPAKE2+ key exchange protocol. ==== fwupd ==== Version update (1.9.8 -> 1.9.9) Subpackages: fwupd-bash-completion fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.9.9 (boo#1217295): + This release adds the following features: - Add a new generic request for the device power cable. + This release adds support for the following hardware: - Lenovo X1 Yoga Gen7 530E. - Advantech BMC devices. ==== git ==== Version update (2.42.1 -> 2.43.0) Subpackages: git-core git-email git-web perl-Git - update to 2.43.0: * The "--rfc" option of "git format-patch" used to be a valid way to override an earlier "--subject-prefix=<something>" on the command line and replace it with "[RFC PATCH]", but from this release, it merely prefixes the string "RFC " in front of the given subject prefix. If you are negatively affected by this change, please use "--subject-prefix=PATCH --rfc" as a replacement. * In Git 2.42, "git rev-list --stdin" learned to take non-revisions (like "--not") from the standard input, but the way such a "--not" was handled was quite confusing, which has been rethought. The updated rule is that "--not" given from the command line only affects revs given from the command line that comes but not revs read from the standard input, and "--not" read from the standard input affects revs given from the standard input and not revs given from the command line. * A message written in olden time prevented a branch from getting checked out, saying it is already checked out elsewhere. But these days, we treat a branch that is being bisected or rebased just like a branch that is checked out and protect it from getting modified with the same codepath. The message has been rephrased to say that the branch is "in use" to avoid confusion. * Hourly and other schedules of "git maintenance" jobs are randomly distributed now. * "git cmd -h" learned to signal which options can be negated by listing such options like "--[no-]opt". * The way authentication related data other than passwords (e.g., oauth token and password expiration data) are stored in libsecret keyrings has been rethought. * Update the libsecret and wincred credential helpers to correctly match which credential to erase; they erased the wrong entry in some cases. * Git GUI updates. * "git format-patch" learned a new "--description-file" option that lets cover letter description to be fed; this can be used on detached HEAD where there is no branch description available, and also can override the branch description if there is one. * Use of the "--max-pack-size" option to allow multiple packfiles to be created is now supported even when we are sending unreachable objects to cruft packs. * "git format-patch --rfc --subject-prefix=<foo>" used to ignore the "--subject-prefix" option and used "[RFC PATCH]"; now we will add "RFC" prefix to whatever subject prefix is specified. * "git log --format" has been taught the %(decorate) placeholder for further customization over what the "--decorate" option offers. * The default log message created by "git revert", when reverting a commit that records a revert, has been tweaked, to encourage people to describe complex "revert of revert of revert" situations better in their own words. * The command-line completion support (in contrib/) learned to complete "git commit --trailer=" for possible trailer keys. * "git update-index" learned the "--show-index-version" option to inspect the index format version used by the on-disk index file. * "git diff" learned the "diff.statNameWidth" configuration variable, to give the default width for the name part in the "--stat" output. * "git range-diff --notes=foo" compared "log --notes=foo --notes" of the two ranges, instead of using just the specified notes tree, which has been corrected to use only the specified notes tree. * The command line completion script (in contrib/) can be told to complete aliases by including ": git <cmd> ;" in the alias to tell it that the alias should be completed in a similar way to how "git <cmd>" is completed. The parsing code for the alias has been loosened to allow ';' without an extra space before it. * "git for-each-ref" and friends learned to apply mailmap to authorname and other fields in a more flexible way than using separate placeholder letters like %a[eElL] every time we want to come up with small variants. * "git repack" machinery learned to pay attention to the "--filter=" option. * "git repack" learned the "--max-cruft-size" option to prevent cruft packs from growing without bounds. * "git merge-tree" learned to take strategy backend specific options via the "-X" option, like "git merge" does. * "git log" and friends learned the "--dd" option that is a short-hand for "--diff-merges=first-parent -p". * The attribute subsystem learned to honor the "attr.tree" configuration variable that specifies which tree to read the .gitattributes files from. * "git merge-file" learns a mode to read three variants of the contents to be merged from blob objects. * see https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.0.txt ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Update the TPM2 patches to skip the persistent SRK handle if not specified and improve the error messages + 0003-protectors-Add-TPM2-Key-Protector.patch + 0005-util-grub-protect-Add-new-tool.patch + 0004-tpm2-Support-authorized-policy.patch ==== libblockdev ==== Subpackages: libbd_btrfs3 libbd_crypto3 libbd_fs3 libbd_loop3 libbd_lvm3 libbd_mdraid3 libbd_nvme3 libbd_part3 libbd_swap3 libbd_utils3 libblockdev3 - Add %{_libdir}/libbd_s390.so for s390x because missing file identitied ==== libheif ==== Version update (1.17.3 -> 1.17.5) Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openjpeg libheif-rav1e libheif-svtenc libheif1 - update to 1.17.5: * Fixes installation of the Gnome "heif.thumbnailer" config file. - update to 1.17.4: * ispe boxes in AVIF images with clap boxes were written with the wrong size (would only happen with svt-av1 encoder), always output MIAF brand for AVIF images * fix kvazaar encoding with odd image sizes and encodings with non-4:2:0 chroma ==== mariadb-connector-c ==== Version update (3.3.5 -> 3.3.7) - update to 3.3.7: * https://mariadb.com/kb/en/mariadb-connector-c-3-3-7-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3-3-6-release-notes/ ==== nghttp2 ==== - fix unversioned provides to be in sync with nghttp3 ==== nvidia-open-driver-G06-signed ==== - no longer try to overwrite NVreg_OpenRMEnableSupporteGpus driver option setting; apparently it's ignored by the driver (boo#1215981, comment#26) - use different modprobe.d config file to resolve conflict with older driver package (boo#1217370); overwrite NVreg_OpenRMEnableSupporteGpus driver option setting (disable it), since letting it enabled is supposed to break booting (boo#1215981, comment#23) ==== p11-kit ==== Version update (0.25.2 -> 0.25.3) Subpackages: libp11-kit0 libp11-kit0-32bit p11-kit-tools - Update to 0.25.3: * rpc: fix serialization of NULL mechanism pointer [#601] * fix meson build failure in macOS (appleframeworks not found) [#603] ==== python-numpy ==== Version update (1.25.2 -> 1.26.2) - Update to 1.26.2: * TYP: Trim down the ``_NestedSequence.__getitem__`` signature * BUG: fix choose refcount leak * TST: fix running the test suite in builds without BLAS/LAPACK * BUG: random: Fix generation of nan by dirichlet. * TST: fix distutils tests for deprecations in recent setuptools... * MAINT: Remove versioneer * MAINT: Pin upper version of sphinx. * ENH: Add prefix to _ALIGN Macro * BUG: cleanup warnings [skip azp][skip circle][skip travis][skip... * BUG: ``asv dev`` has been removed, use ``asv run``. * BUG: Fix meson build failure due to unchanged inplace auto-generated... * BUG: fix issue with git-version script, needs a shebang to run * BUG: Use a default assignment for git_hash [skip ci] * BUG: fix NPY_cast_info error handling in choose * BUG: Fix common block handling in f2py * BUG: Fix assumed length f2py regression * MAINT: Harmonize fortranobject * TYP: add kind argument to numpy.isin type specification * BUG: fix comparisons between masked and unmasked structured arrays * ENH: Adopt new macOS Accelerate BLAS/LAPACK Interfaces, including... * TYP: Add the missing ``casting`` keyword to ``np.clip`` * TST: convert cython test from setup.py to meson * MAINT: Fixup ``fromnumeric.pyi`` * BUG, ENH: Fix ``iso_c_binding`` type maps * TYP: Allow ``binary_repr`` to accept any object * TYP: Explicitly declare ``dtype`` and ``generic`` hashable * ENH: Refactor the typing "reveal" tests using `typing.assert_type` * ENH: ``meson`` backend for ``f2py`` * MAINT: Refactor partial load Workaround for Clang * BUG: Fix data stmt handling for complex values in f2py * TYP: Add annotations for the py3.12 buffer protocol * DOC: Updated the f2py docs to remove a note on -fimplicit-none * BUG: Fix SIMD f32 trunc test on s390x when baseline is none * BUG: Fix DATA statements for f2py * API: Add ``NumpyUnpickler`` for backporting * MAINT: Xfail test failing on PyPy. * ENH: meson: implement BLAS/LAPACK auto-detection * DOC: add a 1.26.1 release notes section for BLAS/LAPACK build * MAINT: Backport ``numpy._core`` stubs. Remove ``NumpyUnpickler`` * BUG: loongarch doesn't use REAL(10) * MAINT: align test_dispatcher s390x targets with _umath_tests_mtargets * ENH: Add Cython enumeration for NPY_FR_GENERIC * MAINT: Remove unhelpful error replacements from ``import_array()`` * BUG: Avoid intp conversion regression in Cython 3 * MAINT: Add missing ``noexcept`` to shuffle helpers * DOC: Fix license identifier for OpenBLAS * BLD: improve detection of Netlib libblas/libcblas/liblapack * MAINT: Make bitfield integers unsigned * BUG: Make n a long int for np.random.multinomial * BUG: ensure passing ``np.dtype`` to itself doesn't crash - Update BuildRequires as appropiate, build system changed from setuptools to meson. - Drop patch ignore-pkg_resources-deprecation.patch, no longer required - f2py3 no longer shipped ==== python-pip ==== Version update (23.2.1 -> 23.3.1) - Update to 23.3.1: - Bug Fixes - Handle a timezone indicator of Z when parsing dates in the self check. (#12338) - Fix bug where installing the same package at the same time with multiple pip processes could fail. (#12361) - Update to 23.3: - Process - Added reference to vulnerability reporting guidelines to pip's security policy. - Features - Improve extras resolution for multiple constraints on same base package. (#11924) - Improve use of datastructures to make candidate selection 1.6x faster. (#12204) - Allow pip install --dry-run to use platform and ABI overriding options. (#12215) - Add is_yanked boolean entry to the installation report (--report) to indicate whether the requirement was yanked from the index, but was still selected by pip conform to PEP 592. (#12224) - Bug Fixes - Ignore errors in temporary directory cleanup (show a warning instead). (#11394) - Normalize extras according to PEP 685 from package metadata in the resolver for comparison. This ensures extras are correctly compared and merged as long as the package providing the extra(s) is built with values normalized according to the standard. Note, however, that this does not solve cases where the package itself contains unnormalized extra values in the metadata. (#11649) - Prevent downloading sdists twice when PEP 658 metadata is present. (#11847) - Include all requested extras in the install report (--report). (#11924) - Removed uses of datetime.datetime.utcnow from non-vendored code. (#12005) - Consistently report whether a dependency comes from an extra. (#12095) - Fix completion script for zsh (#12166) - Fix improper handling of the new onexc argument of shutil.rmtree() in Python 3.12. (#12187) - Filter out yanked links from the available versions error message: "(from versions: 1.0, 2.0, 3.0)" will not contain yanked versions conform PEP 592. The yanked versions (if any) will be mentioned in a separate error message. (#12225) - Fix crash when the git version number contains something else than digits and dots. (#12280) - Use -r=... instead of -r ... to specify references with Mercurial. (#12306, CVE-2023-5752, bsc#1217353) - Redact password from URLs in some additional places. (#12350) - pip uses less memory when caching large packages. As a result, there is a new on-disk cache format stored in a new directory ($PIP_CACHE_DIR/http-v2). (#2984) - Vendored Libraries - Upgrade certifi to 2023.7.22 - Add truststore 0.8.0 - Upgrade urllib3 to 1.26.17 - Improved Documentation - Document that pip search support has been removed from PyPI (#12059) - Clarify --prefer-binary in CLI and docs (#12122) - Document that using OS-provided Python can cause pip's test suite to report false failures. (#12334) - Adjust pip-shipped-requests-cabundle.patch. ==== readline ==== Subpackages: libreadline8 readline-doc - Add upstream patch readline82-002 * It's possible for readline to try to zero out a line that's not null- terminated, leading to a memory fault. - Add upstream patch readline82-003 - Add upstream patch readline82-004 - Add upstream patch readline82-005 * If an application is using readline in callback mode, and a signal arrives after readline checks for it in rl_callback_read_char() but before it restores the application's signal handlers, it won't get processed until the next time the application calls rl_callback_read_char(). Readline needs to check for and resend any pending signals after restoring the application's signal handlers. - Add upstream patch readline82-006 * This is a variant of the same issue as the one fixed by patch 5. In this case, the signal arrives and is pending before readline calls rl_getc(). When this happens, the pending signal will be handled by the loop, but may alter or destroy some state that the callback uses. Readline needs to treat this case the same way it would if a signal interrupts pselect/select, so compound operations like searches and reading numeric arguments get cleaned up properly. - Add upstream patch readline82-007 * If readline is called with no prompt, it should display a newline if return is typed on an empty line. It should still suppress the final newline if return is typed on the last (empty) line of a multi-line command. ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Adapt spec file for SLE 15 SP6/Leap 15.6; (jsc#PED-6714); * Remove package sssd-common, merged into sssd * Continue building deprecated files provider and infopipe responder * Disable selinux and semanage * Provide rcsssd shortcut ==== transactional-update ==== Version update (4.4.0 -> 4.5.0) Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit tukitd - Version 4.5.0 - libtukit: Use permissions of real /etc when creating overlay [bsc#1215878] - libtukit, tukit: Support "rollback" via library now - tukitd: Implement Snapshot delete and rollback methods - tukit: Check for missing arguments with "close" and "abort" commands - t-u: Warn user when using "kdump" if it isn't configured to avoid confusion with "setup-kdump" [boo#1215725] - t-u: Abort if mkdumprd run is not successful - t-u: Use defaut from config file if t-u is called without arguments [gh#openSUSE/transactional-update#101] - Improved README.md [gh#openSUSE/transactional-update#59] and API docs - Code cleanup ==== xen ==== Version update (4.18.0_02 -> 4.18.0_04) Subpackages: xen-libs xen-tools xen-tools-domU - Enable the Kconfig options REQUIRE_NX and DIT_DEFAULT to provide better hypervisor security xen.spec - Upstream bug fixes (bsc#1027519) 654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch 65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch 655b2ba9-fix-sched_move_domain.patch ==== xkeyboard-config ==== Subpackages: xkeyboard-config-lang - the current source supersedes old sle15-sp5 patches (see changelog below) * U_Map-evdev-keycodes-KEY_RFKILL-and-KEY_WWAN-to-XF86RF.patch * U_Updating-Old-Hungarian.patch * U_Fix-media-keys-lag-on-ABNT2-keyboard.patch * U_Add-the-new-AZERTY-layout-norm-NF-Z71-300.patch - includes fixes for * missing mappings for evdev keys KEY_RFKILL and KEY_WWAN (boo#1123784) * capslock in Old Hungarian layout (boo#1153774) * wrong keyboard mapping causing input delays with ABNT2 keyboards (bsc#1191242) - includes backport of French standardized AZERTY layout (AFNOR: NF Z71-300) (bsc#1188867) - supersedes a patch called 'U_fixed-keycode-comment.patch' from sle15-sp5, which wasn't applied there any longer either. <I247> = 247; // #define KEY_UWB 239 is defined in keycodes/evdev since a long time ...