Packages changed:
ceph (16.2.6.463+g22e7612f9ad -> 16.2.7.596+g7d574789716)
dbus-1 (1.12.22 -> 1.14.0)
dbus-1-x11 (1.12.22 -> 1.14.0)
firewalld
freerdp (2.6.0 -> 2.6.1)
gnutls
kbd
libvdpau (1.4 -> 1.5)
logrotate
lua54
mozilla-nss (3.74 -> 3.75)
nfs-utils
openssl-1_1
perl-DBD-SQLite
python-FontTools (4.28.5 -> 4.29.1)
python-xarray (0.21.1 -> 2022.3.0)
qemu
ruby3.1
rubygem-rspec-rails (5.1.0 -> 5.1.1)
rubygem-sprockets (4.0.2 -> 4.0.3)
swtpm (0.7.1 -> 0.7.2)
vsftpd
yast2 (4.4.45 -> 4.4.47)
yast2-network (4.4.43 -> 4.4.44)
=== Details ===
==== ceph ====
Version update (16.2.6.463+g22e7612f9ad -> 16.2.7.596+g7d574789716)
Subpackages: librados2 librbd1
- Update to 16.2.7-596-g7d574789716
+ Update Prometheus Container image paths (pr #459)
+ mgr/dashboard: Fix documentation URL (pr #456)
+ mgr/dashboard: Adapt downstream branded navigation page (pr #454)
- Update to 16.2.7-577-g3e3603b5dd1
+ Update prometheus-server version
- Update to 16.2.7-37-gb3be69440db:
+ (bsc#1194353) Downstream branding breaks dashboard npm build
==== dbus-1 ====
Version update (1.12.22 -> 1.14.0)
Subpackages: libdbus-1-3 libdbus-1-3-32bit
- Update to version 1.14.0:
+ Dependencies:
- dbus now requires at least a basic level of support for C99
variadic macros, as implemented in gcc >= 3, all versions of
Clang, and MSVC >= 2005. In practice this requirement has
existed since version 1.9.2, but it is now official.
- dbus now requires a C99-compatible va_copy() macro
(or a __va_copy() macro with the same behaviour), except when
building for Windows using MSVC and CMake.
- On Unix platforms, if getpwnam_r() and getgrnam_r() are
implemented, they must be POSIX-conformant. The non-POSIX
signature seen in ancient Solaris versions will no longer
work.
- GLib >= 2.38 is required if full test coverage is enabled
(reduced from 2.40 in dbus 1.12.x.)
- Building using CMake now requires CMake 3.4.
- Building documentation using CMake now requires xsltproc,
Docbook DTDs (for example docbook-xml on Debian derivatives),
and Docbook XSLT stylesheets (for example docbook-xsl on
Debian derivatives). Using KDE's meinproc4 documentation
processor is no longer supported.
+ Build-time configuration changes: Move CMake build system to
top level, matching normal practice for CMake projects
+ Deprecations:
- Third-party software should install default dbus policies for
the system bus into ${datadir}/dbus-1/system.d (this has been
supported since dbus 1.10, released in August 2015).
Installing default dbus policies in
${sysconfdir}/dbus-1/system.d is now considered to be
deprecated. Policy files in ${sysconfdir}/dbus-1/system.d
continue to be read, but this directory should only be used
by system administrators wishing to override the default
policies.
- The ${datadir} applicable to dbus is usually /usr/share and
the ${sysconfdir} is usually /etc.
- A similar pattern applies to the session bus policies in
session.d.
- The dbus-send(1) man page now documents --bus and --peer
instead of the old --address synonym for --peer, which has
been deprecated since the introduction of --bus and --peer in
1.7.6
- The dbus-daemon man page now has scarier warnings about
and non-local TCP, which are insecure and
should not be used, particularly for the standard system and
session buses.
- DBusServer (and hence the dbus-daemon) no longer accepts
usernames (login names) for the recommended EXTERNAL
authentication mechanism, only numeric user IDs or the empty
string. See 1.13.0 release notes for full details.
+ New features:
- On Linux 4.13 or later when built against a suitable glibc
version, GetConnectionCredentials() now includes
UnixGroupIDs, the effective group IDs of the initiator of the
connection, taken from SO_PEERGROUPS.
- On Linux 4.13 or later, now uses the
SO_PEERGROUPS credentials-passing socket option to get the
effective group IDs of the initiator of the connection. See
1.13.4 release notes for details.
- Add a --sender option to dbus-send, which requests a name and
holds it until the signal has been sent
- dbus-daemon and rules can now specify a
send_destination_prefix attribute, which is like a
combination of send_destination and the arg0namespace keyword
in match rules. See 1.13.12 release notes for more details.
- The dbus-daemon now filters the messages that it relays,
removing header fields that it does not understand. Clients
must not rely on this behaviour unless they have confirmed
that they are connected to a suitable message bus
implementation, for example by querying its Features
property.
- The dbus-daemon now emits a signal,
ActivatableServicesChanged, when the list of activatable
services may have changed. Support for this signal can be
discovered by querying the Features property.
- It is now possible to disable traditional (non-systemd)
service activation at build-time (Autotools:
- -disable-traditional-activation, CMake:
- DENABLE_TRADITIONAL_ACTIVATION=OFF). See 1.13.10 release
notes for details.
- The API reference manual can be built as a Qt compiled help
file if qhelpgenerator(-qt5) is available. See 1.13.16
release notes for details.
+ Miscellaneous behaviour changes:
- When using the "user bus" (--enable-user-session), put the
dbus-daemon in the session slice
- Several environment variables set by systemd are no longer
passed on to activated services
- If the dbus-daemon is compiled for Linux with systemd
support, it now informs systemd that it is ready for use via
the sd_notify() mechanism.
- Tarball releases no longer contain pre-2007 changelogs and
are now compressed with xz, making them around 35% smaller.
- Drop conditionals for old obsolete versions of openSUSE.
- Rebase patches with quilt.
- Use https for source and sig URL.
==== dbus-1-x11 ====
Version update (1.12.22 -> 1.14.0)
- Update to version 1.14.0:
+ Dependencies:
- dbus now requires at least a basic level of support for C99
variadic macros, as implemented in gcc >= 3, all versions of
Clang, and MSVC >= 2005. In practice this requirement has
existed since version 1.9.2, but it is now official.
- dbus now requires a C99-compatible va_copy() macro
(or a __va_copy() macro with the same behaviour), except when
building for Windows using MSVC and CMake.
- On Unix platforms, if getpwnam_r() and getgrnam_r() are
implemented, they must be POSIX-conformant. The non-POSIX
signature seen in ancient Solaris versions will no longer
work.
- GLib >= 2.38 is required if full test coverage is enabled
(reduced from 2.40 in dbus 1.12.x.)
- Building using CMake now requires CMake 3.4.
- Building documentation using CMake now requires xsltproc,
Docbook DTDs (for example docbook-xml on Debian derivatives),
and Docbook XSLT stylesheets (for example docbook-xsl on
Debian derivatives). Using KDE's meinproc4 documentation
processor is no longer supported.
+ Build-time configuration changes: Move CMake build system to
top level, matching normal practice for CMake projects
+ Deprecations:
- Third-party software should install default dbus policies for
the system bus into ${datadir}/dbus-1/system.d (this has been
supported since dbus 1.10, released in August 2015).
Installing default dbus policies in
${sysconfdir}/dbus-1/system.d is now considered to be
deprecated. Policy files in ${sysconfdir}/dbus-1/system.d
continue to be read, but this directory should only be used
by system administrators wishing to override the default
policies.
- The ${datadir} applicable to dbus is usually /usr/share and
the ${sysconfdir} is usually /etc.
- A similar pattern applies to the session bus policies in
session.d.
- The dbus-send(1) man page now documents --bus and --peer
instead of the old --address synonym for --peer, which has
been deprecated since the introduction of --bus and --peer in
1.7.6
- The dbus-daemon man page now has scarier warnings about
and non-local TCP, which are insecure and
should not be used, particularly for the standard system and
session buses.
- DBusServer (and hence the dbus-daemon) no longer accepts
usernames (login names) for the recommended EXTERNAL
authentication mechanism, only numeric user IDs or the empty
string. See 1.13.0 release notes for full details.
+ New features:
- On Linux 4.13 or later when built against a suitable glibc
version, GetConnectionCredentials() now includes
UnixGroupIDs, the effective group IDs of the initiator of the
connection, taken from SO_PEERGROUPS.
- On Linux 4.13 or later, now uses the
SO_PEERGROUPS credentials-passing socket option to get the
effective group IDs of the initiator of the connection. See
1.13.4 release notes for details.
- Add a --sender option to dbus-send, which requests a name and
holds it until the signal has been sent
- dbus-daemon and rules can now specify a
send_destination_prefix attribute, which is like a
combination of send_destination and the arg0namespace keyword
in match rules. See 1.13.12 release notes for more details.
- The dbus-daemon now filters the messages that it relays,
removing header fields that it does not understand. Clients
must not rely on this behaviour unless they have confirmed
that they are connected to a suitable message bus
implementation, for example by querying its Features
property.
- The dbus-daemon now emits a signal,
ActivatableServicesChanged, when the list of activatable
services may have changed. Support for this signal can be
discovered by querying the Features property.
- It is now possible to disable traditional (non-systemd)
service activation at build-time (Autotools:
- -disable-traditional-activation, CMake:
- DENABLE_TRADITIONAL_ACTIVATION=OFF). See 1.13.10 release
notes for details.
- The API reference manual can be built as a Qt compiled help
file if qhelpgenerator(-qt5) is available. See 1.13.16
release notes for details.
+ Miscellaneous behaviour changes:
- When using the "user bus" (--enable-user-session), put the
dbus-daemon in the session slice
- Several environment variables set by systemd are no longer
passed on to activated services
- If the dbus-daemon is compiled for Linux with systemd
support, it now informs systemd that it is ready for use via
the sd_notify() mechanism.
- Tarball releases no longer contain pre-2007 changelogs and
are now compressed with xz, making them around 35% smaller.
- Drop conditionals for old obsolete versions of openSUSE.
- Rebase patches with quilt.
- Use https for source and sig URL.
==== firewalld ====
Subpackages: firewalld-bash-completion firewalld-lang firewalld-zsh-completion python3-firewall
- Add code for safe modprobe.d migration
(https://en.opensuse.org/openSUSE:Packaging_UsrEtc)
- Always own %_modprobedir (bsc#1196275, jsc#SLE-20639)
==== freerdp ====
Version update (2.6.0 -> 2.6.1)
Subpackages: libfreerdp2-2 libwinpr2-2
- Upgraded to freerdp 2.6.1
* Decreased logging verbosity, now freerdp is much less verbose by default
* Backported freerdp_abort_connect during freerdp_connect fix (#gh:FreeRDP/FreeRDP#7700)
* Backported improved version dection see docs/version_detection.md for details
* Backported various rdpsnd fixes (#gh:FreeRDP/FreeRDP#7695)
==== gnutls ====
Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit libgnutls30-hmac
- build with lto
- build with -Wl,-z,now -Wl,-z,relro
- build without -fanalyzer, which cuts build time in ~ half
==== kbd ====
Subpackages: kbd-legacy
- Refresh kbdsettings-nox86.patch to fix build on non-x86*
architectures
==== libvdpau ====
Version update (1.4 -> 1.5)
- Add U_Support-AV1.patch: Add support for AV1 in vdpauinfo.
- Minor tweaks to spec.
- Update to version 1.5:
* Add AV1 decode support in VDPAU API
* Addition of comma and removing the extra braces
* Add tracing for HEVCRangeExt picture info
* Add tracing for VP9 picture info
- Also update vdpauinfo to version 1.4
- Drop patches fixed upstream:
* c5a8e7c6c8b4b36a0e4c9a4369404519262a3256.patch
* e82dc4bdbb0db3ffa8c78275902738eb63aa5ca8.patch
==== logrotate ====
- Added own logrotate.service file in order to define a new order
of parsed config files:
/usr/etc/logrotate.conf Default configuration file defined by
the vendor.
/usr/etc/logrotate.d/* Directory for additional configuration
files defined by the vendor.
/etc/logrotate.conf Default configuration file defined by
the administrator. (optional)
/etc/logrotate.d/* Directory for additional configuration
files defined by the administrator.
(optional)
- drop logrotate-3.19.0-systemd_add_home_env.patch:
- included in new logrotate.service
- Adapted man page: logrotate-3.19.0-man_logrotate.patch
==== lua54 ====
- Added patches from upstream:
* luabugs1.patch
* luabugs2.patch
- Adjust buildsystem so that it matches upstream git (testes??)
- Drop the lua_docdir define, package docs in the standard
location. Instead just silently drop packaging the README with
the path that does not makes sense for a rpm package, but for a
source tarball install. Simpler solution to boo#1186233.
==== mozilla-nss ====
Version update (3.74 -> 3.75)
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools
- update to NSS 3.75
* bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI.
* bmo#1749794 - Make DottedOIDToCode.py compatible with python3.
* bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
* bmo#1748386 - Remove redundant key type check.
* bmo#1749869 - Update ABI expectations to match ECH changes.
* bmo#1748386 - Enable CKM_CHACHA20.
* bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
* bmo#1747310 - real move assignment operator.
* bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
* bmo#1743302 - Add ECDSA test vectors to the bltest command line tool.
* bmo#1747772 - Allow to build using clang's integrated assembler.
* bmo#1321398 - Allow to override python for the build.
* bmo#1747317 - test HKDF output rather than input.
* bmo#1747316 - Use ASSERT macros to end failed tests early.
* bmo#1747310 - move assignment operator for DataBuffer.
* bmo#1712879 - Add test cases for ECH compression and unexpected
extensions in SH.
* bmo#1725938 - Update tests for ECH-13.
* bmo#1725938 - Tidy up error handling.
* bmo#1728281 - Add tests for ECH HRR Changes.
* bmo#1728281 - Server only sends GREASE HRR extension if enabled
by preference.
* bmo#1725938 - Update generation of the Associated Data for ECH-13.
* bmo#1712879 - When ECH is accepted, reject extensions which were
only advertised in the Outer Client Hello.
* bmo#1712879 - Allow for compressed, non-contiguous, extensions.
* bmo#1712879 - Scramble the PSK extension in CHOuter.
* bmo#1712647 - Split custom extension handling for ECH.
* bmo#1728281 - Add ECH-13 HRR Handling.
* bmo#1677181 - Client side ECH padding.
* bmo#1725938 - Stricter ClientHelloInner Decompression.
* bmo#1725938 - Remove ECH_inner extension, use new enum format.
* bmo#1725938 - Update the version number for ECH-13 and adjust
the ECHConfig size.
==== nfs-utils ====
Subpackages: libnfsidmap1 nfs-client nfs-kernel-server
- add reenable-nfsv2.patch for reverting nfsv2 deprecation until
test coverage is fixed (poo#106679)
- Add gcc12-fix.patch upstream fix for GCC 12 compiler.
- Update to version 2.6.1
- https://kernel.org/pub/linux/utils/nfs-utils/2.6.1/2.6.1-Changelog
- remove patches from this release:
- 0001-gssd-fix-crash-in-debug-message.patch,
- Add-disable-sbin-override-for-when-sbin-is-a-symlink.patch
==== openssl-1_1 ====
Subpackages: libopenssl1_1 libopenssl1_1-32bit libopenssl1_1-hmac
- Security fix: [bsc#1192820, CVE-2002-20001]
* Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows
remote attackers (from the client side) to send arbitrary
numbers that are actually not public keys, and trigger
expensive server-side DHE calculation.
* Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST
* Rebase openssl-DEFAULT_SUSE_cipher.patch
- Fix the engines section in /etc/ssl/openssl.cnf [bsc#1194187]
* In an INI-type file, the sections begin with a [section_name]
and they run until the next section begins.
* Rebase openssl-1_1-use-include-directive.patch
==== perl-DBD-SQLite ====
- Use the system sqlite rather than the built-in one.
[bsc#1195771, perl-DBD-SQLite-use-external-sqlite3.patch]
==== python-FontTools ====
Version update (4.28.5 -> 4.29.1)
- Update to 4.29.1
* [colorLib] Fixed rounding issue with radial gradient's start/end
circles inside one another (#2521).
* [freetypePen] Handle rotate/skew transform when auto-computing
width/height of the buffer; raise PenError wen missing moveTo
(#2517)
- Release 4.29.0
* [ufoLib] Fixed illegal characters and expanded reserved
filenames (#2506).
* [COLRv1] Don't emit useless PaintColrLayers of lenght=1 in
LayerListBuilder (#2513).
* [ttx] Removed legacy waitForKeyPress method on Windows (#2509).
* [pens] Added FreeTypePen that uses freetype-py and the pen
protocol for rasterizating outline paths (#2494).
* [unicodedata] Updated the script direction list to Unicode 14.0
(#2484).
* Bumped unicodedata2 dependency to 14.0 (#2499).
* [psLib] Fixed type of fontName in suckfont (#2496).
==== python-xarray ====
Version update (0.21.1 -> 2022.3.0)
- - update to version 2022.03.0:
- This release brings a number of small improvements, as well as a move to `calendar versioning `_ (:issue:`6176`).:
- Many thanks to the 16 contributors to the v2022.02.0 release!:
- Aaron Spring, Alan D. Snow, Anderson Banihirwe, crusaderky, Illviljan, Joe Hamman, Jonas Gliß,:
- Lukas Pilz, Martin Bergemann, Mathias Hauser, Maximilian Roos, Romain Caneill, Stan West, Stijn Van Hoey,:
- Tobias Kölling, and Tom Nicholas.:
- New Features:
- Enabled multiplying tick offsets by floats. Allows ``float`` ``n`` in
:py:meth:`CFTimeIndex.shift` if ``shift_freq`` is between ``Day``
and ``Microsecond``. (:issue:`6134`, :pull:`6135`).
By `Aaron Spring `_.
- Enbable to provide more keyword arguments to `pydap` backend when reading
OpenDAP datasets (:issue:`6274`).
By `Jonas Gliß `.
- Allow :py:meth:`DataArray.drop_duplicates` to drop duplicates along multiple dimensions at once,
and add :py:meth:`Dataset.drop_duplicates`. (:pull:`6307`)
By `Tom Nicholas `_.
- Breaking changes:
- Renamed the ``interpolation`` keyword of all ``quantile`` methods (e.g. :py:meth:`DataArray.quantile`)
to ``method`` for consistency with numpy v1.22.0 (:pull:`6108`).
By `Mathias Hauser `_.
- Deprecations:
- Bug fixes:
- Variables which are chunked using dask in larger (but aligned) chunks than the target zarr chunk size
can now be stored using `to_zarr()` (:pull:`6258`) By `Tobias Kölling `_.
- Multi-file datasets containing encoded :py:class:`cftime.datetime` objects can be read in parallel again (:issue:`6226`, :pull:`6249`, :pull:`6305`). By `Martin Bergemann `_ and `Stan West `_.
- Documentation:
- Delete files of datasets saved to disk while building the documentation and enable
building on Windows via `sphinx-build` (:pull:`6237`).
By `Stan West `_.
- Internal Changes:
- update to version 0.21.1:
- This is a bugfix release to resolve (:issue:`6216`, :pull:`6207`).:
- Bug fixes:
- Add `packaging` as a dependency to Xarray (:issue:`6216`, :pull:`6207`).
By `Sebastian Weigand `_ and `Joe Hamman `_.
==== qemu ====
Subpackages: qemu-accel-tcg-x86 qemu-audio-spice qemu-block-curl qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-microvm qemu-seabios qemu-sgabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-x86
- Build PPC firmwares from sources on non-PPC builds as well
(bsc#1193545)
- Build RiscV firmwares on non-RiscV builds as well
- While there, refactor (and simplify!) the firmware building
logic and code
* Patches added:
Makefile-define-endianess-for-cross-buil.patch
Makefile-fix-build-with-binutils-2.38.patch
- qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host
bus adapter (bsc#1180432, CVE-2020-35503)
* Patches added:
hw-scsi-megasas-check-for-NULL-frame-in-.patch
==== ruby3.1 ====
Subpackages: libruby3_1-3_1
- use valgrind for more supported platforms
- run tests in parallel for better build times
- set PATH for test to just built ruby interpreter
- skip network tests, they hang on timeouts, slowing down the build
- remove exceptions for armv7 testing, these are all fixed
==== rubygem-rspec-rails ====
Version update (5.1.0 -> 5.1.1)
- updated to version 5.1.1
Enhancements:
* Make the API request scaffold template more consistent and compatible with
Rails 6.1. (Naoto Hamada, #2484)
* Change the scaffold `rails_helper.rb` template to use `require_relative`.
(Jon Dufresne, #2528)
==== rubygem-sprockets ====
Version update (4.0.2 -> 4.0.3)
- updated to version 4.0.3
* Fix `Manifest#find` yielding from a Promise causing issue on Ruby 3.1.0-dev. [#720](https://github.com/rails/sprockets/pull/720)
* Better detect the ERB version to avoid deprecation warnings. [#719](https://github.com/rails/sprockets/pull/719)
* Allow assets already fingerprinted to be served through `Sprockets::Server`
* Do not fingerprint files that already contain a valid digest in their name
* Remove remaining support for Ruby < 2.4.[#672](https://github.com/rails/sprockets/pull/672)
==== swtpm ====
Version update (0.7.1 -> 0.7.2)
Subpackages: swtpm-selinux
- Update to version 0.7.2:
- swtpm:
- Do not chdir(/) when using --daemon
- swtpm-localca:
- Re-implement variable resolution for swtpm-localca.conf
- tests:
- Use ${WORKDIR} in config files to test env. var replacement
- man pages:
- Add missing .config directory to path description when using ${HOME}
- build-sys:
- Add probing for -fstack-protector
==== vsftpd ====
- Use rpm conditional to build against the proper OpenSSL version
on all distributions. [jsc#PM-3322]
==== yast2 ====
Version update (4.4.45 -> 4.4.47)
Subpackages: yast2-logs
- Extend the Package module to force using PackageSystem or
PackageAI without having the mode into account.
- AutoYaST: properly detect whether firewalld, bind and
yast2-dns-server packages are installed when cloning a system
(bsc#1196963).
- 4.4.47
- Reverted LD_PRELOAD change (GitHub PR#1236) (bsc#1196326)
- 4.4.46
- New doc: Invoking External Commands in YaST (in doc/)
==== yast2-network ====
Version update (4.4.43 -> 4.4.44)
- Write NetworkManager s390 options to the ethernet section instead
of the connection one (bsc#1196582)
- 4.4.44