Packages changed: gnome-session gnome-shell-extensions libgpg-error (1.50 -> 1.51) libsolv (0.7.30 -> 0.7.31) libssh2_org (1.11.0 -> 1.11.1) libzypp (17.35.12 -> 17.35.13) openSUSE-release (20241113 -> 20241114) ovmf permissions (1699_20240522 -> 1699_20241029) plasma6-desktop plasma6-workspace qt6-tools rpm-config-SUSE (20240214 -> 20241031) webkit2gtk3 zypper (1.14.77 -> 1.14.78) === Details === ==== gnome-session ==== Subpackages: gnome-session-core gnome-session-wayland gnome-session-xsession - Move update-alternative post/postun scriptlets from the main package to the xsession sub-package (boo#1233299). - Drop gnome-session-default-session: this was there to also support the alternative fallback-session, but that one was dropped at the times of GNOME 3.8. ==== gnome-shell-extensions ==== Subpackages: gnome-shell-classic gnome-shell-extensions-common - Split out gnome-shell-classic-xsession sub-package. ==== libgpg-error ==== Version update (1.50 -> 1.51) - Update to 1.51: * Add GPGRT_PROCESS_ALLOW_SET_FG for gpgrt_process_spawn. [rEb79d4206f4] * Add new spawn function to modify the environment. [T7307] * Fix missing environ var for macOS and others. [T7169,T7307] * Fix forgotten _gpgrt_post_syscall on create pipe failure. [rEbcab96484d] * Let gpgrt_poll return an error for a closed fd. [rE4a3dc85f69] * Fix build error introduced by C-committee stupidity. [T7344] * Interface changes relative to the 1.50 release: - _gpg_w32_gettext_use_utf8 EXTN (new value 2). - gpgrt_spawn_actions_set_env_rev NEW. - GPGRT_PROCESS_ALLOW_SET_FG NEW. * Release-info: https://dev.gnupg.org/T7164 * Rebase libgpg-error-nobetasuffix.patch ==== libsolv ==== Version update (0.7.30 -> 0.7.31) Subpackages: libsolv-tools-base ruby-solv - fix replaces_installed_package using the wrong solvable id when checking the noupdate map - make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - add rpm_query_idarray query function - support rpm's "orderwithrequires" dependency - bump version to 0.7.31 ==== libssh2_org ==== Version update (1.11.0 -> 1.11.1) - Update to 1.11.1: * build: enable '-pedantic-errors' * build: add 'LIBSSH2_NO_DEPRECATED' option * build: stop requiring libssl from openssl * disable DSA by default * hostkey: do not advertise ssh-rsa when SHA1 is disabled * kex: prevent possible double free of hostkey * kex: always check for null pointers before calling _libssh2_bn_set_word * kex: fix a memory leak in key exchange * kex: always add extension indicators to kex_algorithms * md5: allow disabling old-style encrypted private keys at build-time * openssl: free allocated resources when using openssl3 * openssl: fix memory leaks in '_libssh2_ecdsa_curve_name_with_octal_new' and '_libssh2_ecdsa_verify' * openssl: fix calculating DSA public key with OpenSSL 3 * openssl: initialize BIGNUMs to NULL in 'gen_publickey_from_dsa' for OpenSSL 3 * openssl: fix cppcheck found NULL dereferences * openssl: delete internal 'read_openssh_private_key_from_memory()' * openssl: use OpenSSL 3 HMAC API, add 'no-deprecated' CI job * openssl: make a function static, add '#ifdef' comments * openssl: fix DSA code to use OpenSSL 3 API * openssl: fix 'EC_KEY' reference with OpenSSL 3 'no-deprecated' build * openssl: use non-deprecated APIs with OpenSSL 3.x * openssl: silence '-Wunused-value' warnings * openssl: add missing check for 'LIBRESSL_VERSION_NUMBER' before use * packet: properly bounds check packet_authagent_open() * pem: fix private keys encrypted with AES-GCM methods * reuse: provide SPDX identifiers * scp: fix missing cast for targets without large file support * session: support server banners up to 8192 bytes * session: add 'libssh2_session_callback_set2()' * session: handle EINTR from send/recv/poll/select to try again as the error is not fatal * sftp: increase SFTP_HANDLE_MAXLEN back to 4092 * sftp: implement posix-rename@openssh.com * src: implement chacha20-poly1305@openssh.com * src: check the return value from '_libssh2_bn_*()' functions * src: support RSA-SHA2 cert-based authentication (rsa-sha2-512_cert and rsa-sha2-256_cert) * src: check hash update/final success * src: check hash init success * src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" * transport: fix unstable connections over non-blocking sockets * transport: check ETM on remote end when receiving * transport: fix incorrect byte offset in debug message * userauth: avoid oob with huge interactive kbd response * userauth: add a new structure to separate memory read and file read * userauth: check whether '*key_method' is a NULL pointer instead of 'key_method' * Rebase libssh2-ocloexec.patch * Remove patches fixed upstream: - libssh2_org-CVE-2023-48795.patch - libssh2_org-CVE-2023-48795-ext.patch - libssh2_org-ETM-remote.patch ==== libzypp ==== Version update (17.35.12 -> 17.35.13) - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) - version 17.35.13 (35) ==== openSUSE-release ==== Version update (20241113 -> 20241114) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== ovmf ==== Subpackages: qemu-uefi-aarch64 - Add ovmf-x86_64-sev-code.bin and ovmf-x86_64-sev-vars.bin back because -code/-vars mode still be used in some cases. (bsc#1232762) - Add 60-ovmf-x86_64-sev.json to descriptors.tar.xz for -code/-vars mode against SEV: - Removed features tag: "acpi-s4", "acpi-s3", "requires-smm", "secure-boot", "enrolled-keys" - Add features tag: "amd-sev", "amd-sev-es", "amd-sev-snp" - The 50-ovmf-x86_64-sev.json is for ovmf-x86_64-sev.bin unified image which is stateless mode. - The 60-ovmf-x86_64-sev.json is for ovmf-x86_64-sev-code/vars.bin. Please note that the -vars storage is non-secure because SEV does NOT support SMM (requires-smm). ==== permissions ==== Version update (1699_20240522 -> 1699_20241029) Subpackages: permctl permissions-config - Update to version 1699_20241029: * Add RPM macros; moved from rpm-config-SUSE * package RPM macros together with permctl, to avoid having to setup an extra sub-package. ==== plasma6-desktop ==== Subpackages: plasma6-desktop-emojier - Replace plasma6-framework-components 'Requires' with libplasma6-components ==== plasma6-workspace ==== Subpackages: plasma6-session plasma6-session-x11 plasma6-workspace-libs sddm-qt6-branding-openSUSE - Replace '%requires_ge plasma6-desktop' with 'Requires: plasma6-desktop' ==== qt6-tools ==== Subpackages: libQt6Designer6 libQt6Help6 libQt6UiTools6 qt6-tools-qdbus - Reintroduce proper %requires_eq on libclang, it's needed to ensure that qdoc pulls in a libclang suitable for the used libclang-cpp. ==== rpm-config-SUSE ==== Version update (20240214 -> 20241031) - Update to version 20241031: * Merge in changes that already happened in the package - Update to version 20241031: * Drop {set,verify}_permissions macros * Strip the explicit /bin/bash dependency for ksym macros * locale.prov: handle glibc-locale-base (boo#1221250) * lang_package: Add 'basename' option * %requires_eq|ge(): Report error if package version cannot be determined ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Add 9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch: Fix aspect ratio in videos with gststreamer-1.24.9. ==== zypper ==== Version update (1.14.77 -> 1.14.78) Subpackages: zypper-log zypper-needs-restarting - Don't try to download missing raw metadata if cache is not writable (bsc#1225451) - man: Update 'search' command description. Hint to "se -v" showing the matches within the packages metadata. Explain that search strings starting with a "/" will implicitly look into the filelist as well. Otherfise an explicit "-f" is needed. - version 1.14.78