Packages changed: apache2-mod_php8 (8.2.7 -> 8.2.8) bind (9.18.16 -> 9.18.17) elfutils-debuginfod hwinfo (23.1 -> 23.2) kernel-source (6.4.3 -> 6.4.4) libshumate (1.0.4 -> 1.0.5) libva (2.18.0 -> 2.19.0) libva-gl (2.18.0 -> 2.19.0) libvirt netcontrol nghttp2 (1.54.0 -> 1.55.1) openssh (9.3p1 -> 9.3p2) openssh-askpass-gnome (9.3p1 -> 9.3p2) openssl-1_1 openssl-3 ovmf (202302 -> 202305) php8 (8.2.7 -> 8.2.8) python-rich qalculate (4.6.1 -> 4.7.0) sysuser-tools tar update-alternatives (1.21.8 -> 1.21.22) virtualbox (7.0.8 -> 7.0.10) virtualbox-kmp (7.0.8_k6.4.3_1 -> 7.0.10_k6.4.4_1) webkit2gtk3 (2.40.3 -> 2.40.4) webkit2gtk3-soup2 (2.40.3 -> 2.40.4) === Details === ==== apache2-mod_php8 ==== Version update (8.2.7 -> 8.2.8) - version update to 8.2.8 * This is a bug fix release. * https://www.php.net/ChangeLog-8.php#8.2.8 - modified patches % php-sort-filelist-phar.patch (refreshed) ==== bind ==== Version update (9.18.16 -> 9.18.17) Subpackages: bind-doc bind-utils - Update to release 9.18.17 Feature Changes: * If a response from an authoritative server has its RCODE set to FORMERR and contains an echoed EDNS COOKIE option that was present in the query, named now retries sending the query to the same server without an EDNS COOKIE option. * The relaxed QNAME minimization mode now uses NS records. This reduces the number of queries named makes when resolving, as it allows the non-existence of NS RRsets at non-referral nodes to be cached in addition to the normally cached referrals. Bug Fixes: * The ability to read HMAC-MD5 key files, which was accidentally lost in BIND 9.18.8, has been restored. * Several minor stability issues with the catalog zone implementation have been fixed. ==== elfutils-debuginfod ==== Subpackages: debuginfod-profile libdebuginfod1 - Replace libdebuginfo1 sub-package's debuginfod-profile Recommends with config(debuginfod-profile) Requires, but on the debuginfod-\ client sub-package, instead. And add binutils, bpftrace-tools, elfutils, gdb, perf, systemd-coredump, and valgrind Supplements to debuginfod-client sub-package. This should make installation of debuginfod-client more consistent, along with debuginfod-\ profile, with software/packages that have debuginfod support. ==== hwinfo ==== Version update (23.1 -> 23.2) Subpackages: libhd23 - merge gh#openSUSE/hwinfo#128 - Add support for loongarch cpu - 23.2 ==== kernel-source ==== Version update (6.4.3 -> 6.4.4) - Linux 6.4.4 (bsc#1012628). - start_kernel: Add __no_stack_protector function attribute (bsc#1012628). - USB: serial: option: add LARA-R6 01B PIDs (bsc#1012628). - usb: dwc3: gadget: Propagate core init errors to UDC during pullup (bsc#1012628). - phy: tegra: xusb: Clear the driver reference in usb-phy dev (bsc#1012628). - extcon: usbc-tusb320: Unregister typec port on driver removal (bsc#1012628). - dt-bindings: iio: ad7192: Add mandatory reference voltage source (bsc#1012628). - iio: addac: ad74413: don't set DIN_SINK for functions other than digital input (bsc#1012628). - iio: adc: ad7192: Fix null ad7192_state pointer access (bsc#1012628). - iio: adc: ad7192: Fix internal/external clock selection (bsc#1012628). - iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (bsc#1012628). - iio: accel: fxls8962af: fixup buffer scan element type (bsc#1012628). - Revert "drm/amd/display: edp do not add non-edid timings" (bsc#1012628). - fs: pipe: reveal missing function protoypes (bsc#1012628). - s390/kasan: fix insecure W+X mapping warning (bsc#1012628). - blk-mq: don't queue plugged passthrough requests into scheduler (bsc#1012628). - block: Fix the type of the second bdev_op_is_zoned_write() argument (bsc#1012628). - block/rq_qos: protect rq_qos apis with a new lock (bsc#1012628). - splice: Fix filemap_splice_read() to use the correct inode (bsc#1012628). - erofs: kill hooked chains to avoid loops on deduplicated compressed images (bsc#1012628). - x86/resctrl: Only show tasks' pid in current pid namespace (bsc#1012628). - fsverity: use shash API instead of ahash API (bsc#1012628). - fsverity: don't use bio_first_page_all() in fsverity_verify_bio() (bsc#1012628). - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1012628). - x86/sev: Fix calculation of end address based on number of pages (bsc#1012628). - blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats() (bsc#1012628). - virt: sevguest: Add CONFIG_CRYPTO dependency (bsc#1012628). - blk-mq: fix potential io hang by wrong 'wake_batch' (bsc#1012628). - lockd: drop inappropriate svc_get() from locked_get() (bsc#1012628). - nvme-core: fix memory leak in dhchap_secret_store (bsc#1012628). - nvme-core: fix memory leak in dhchap_ctrl_secret (bsc#1012628). - nvme-core: add missing fault-injection cleanup (bsc#1012628). - nvme-core: fix dev_pm_qos memleak (bsc#1012628). - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (bsc#1012628). - md/raid10: fix overflow of md/safe_mode_delay (bsc#1012628). - md/raid10: fix wrong setting of max_corr_read_errors (bsc#1012628). - md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (bsc#1012628). - md/raid10: fix io loss while replacement replace rdev (bsc#1012628). - md/raid1-10: factor out a helper to add bio to plug (bsc#1012628). - md/raid1-10: factor out a helper to submit normal write (bsc#1012628). - md/raid1-10: submit write io directly if bitmap is not enabled (bsc#1012628). - block: fix blktrace debugfs entries leakage (bsc#1012628). - irqchip/loongson-eiointc: Fix irq affinity setting during resume (bsc#1012628). - splice: don't call file_accessed in copy_splice_read (bsc#1012628). - irqchip/stm32-exti: Fix warning on initialized field overwritten (bsc#1012628). - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (bsc#1012628). - svcrdma: Prevent page release when nothing was received (bsc#1012628). - erofs: fix compact 4B support for 16k block size (bsc#1012628). - posix-timers: Prevent RT livelock in itimer_delete() (bsc#1012628). - tick/rcu: Fix bogus ratelimit condition (bsc#1012628). - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (bsc#1012628). - btrfs: always read the entire extent_buffer (bsc#1012628). - btrfs: don't use btrfs_bio_ctrl for extent buffer reading (bsc#1012628). - btrfs: return bool from lock_extent_buffer_for_io (bsc#1012628). - btrfs: submit a writeback bio per extent_buffer (bsc#1012628). - btrfs: fix range_end calculation in extent_write_locked_range (bsc#1012628). - btrfs: don't fail writeback when allocating the compression context fails (bsc#1012628). - btrfs: only call __extent_writepage_io from extent_write_locked_range (bsc#1012628). - btrfs: don't treat zoned writeback as being from an async ... changelog too long, skipping 1321 lines ... - commit f6ca0bc ==== libshumate ==== Version update (1.0.4 -> 1.0.5) Subpackages: libshumate-1_0-1 libshumate-lang typelib-1_0-Shumate-1_0 - Update to version 1.0.5: + Don't defer frame clock when widget is unrealized. ==== libva ==== Version update (2.18.0 -> 2.19.0) Subpackages: libva-drm2 libva-wayland2 libva-x11-2 libva2 - Update to 2.19.0: * add: Add mono_chrome to VAEncSequenceParameterBufferAV1 * add: Enable support for license acquisition of multiple protected playbacks * fix: use secure_getenv instead of getenv * trace: Improve and add VA trace log for AV1 encode * trace: Unify va log message, replace va_TracePrint with va_TraceMsg. ==== libva-gl ==== Version update (2.18.0 -> 2.19.0) - Update to 2.19.0: * add: Add mono_chrome to VAEncSequenceParameterBufferAV1 * add: Enable support for license acquisition of multiple protected playbacks * fix: use secure_getenv instead of getenv * trace: Improve and add VA trace log for AV1 encode * trace: Unify va log message, replace va_TracePrint with va_TraceMsg. ==== libvirt ==== Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-proxy libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - CVE-2023-3750: storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' bsc#1213447 ==== netcontrol ==== - Fix EOF handling in xml-reader to avoid `virsh iface-*` commands hang on aarch64 (bsc#1213349) [+ 0001-xml-reader-fix-xml_getc-and-xml_ungetc.patch, + 0002-xml-reader-allow-uppercase-for-lt-gt-and-amp-expansi.patch] ==== nghttp2 ==== Version update (1.54.0 -> 1.55.1) - update to 1.55.1: * Fix memory leak This commit fixes memory leak that happens when PUSH_PROMISE or HEADERS frame cannot be sent, and nghttp2_on_stream_close_callback fails with a fatal error. For example, if GOAWAY frame has been received, a HEADERS frame that opens new stream cannot be sent. This issue has already been made public via CVE-2023-35945 by envoyproxy/envoy project. During embargo period, the patch to fix this bug was accidentally submitted to nghttp2/nghttp2 repository [2]. And they decided to disclose CVE early. I was notified just 1.5 hours before disclosure. I had no time to respond. PoC described in [1] is quite simple, but I think it is not enough to trigger this bug. While it is true that receiving GOAWAY prevents a client from opening new stream, and nghttp2 enters error handling branch, in order to cause the memory leak, nghttp2_session_close_stream function must return a fatal error. NGHTTP2_ERR_NOMEM, as its name suggests, indicates out of memory. It is unlikely that a process gets short of memory with this simple PoC scenario unless application does something memory heavy processing. * NGHTTP2_ERR_CALLBACK_FAILURE is returned from application defined callback function (nghttp2_on_stream_close_callback, in this case), which indicates something fatal happened inside a callback, and a connection must be closed immediately without any further action. As nghttp2_on_stream_close_error_callback documentation says, any error code other than 0 or NGHTTP2_ERR_CALLBACK_FAILURE is treated as fatal error code. More specifically, it is treated as if NGHTTP2_ERR_CALLBACK_FAILURE is returned. I guess that envoy returns NGHTTP2_ERR_CALLBACK_FAILURE or other error code which is translated into NGHTTP2_ERR_CALLBACK_FAILURE. https://github.com/envoyproxy/envoy/security/advisories/GHSA- jfxv-29pc-x22r ==== openssh ==== Version update (9.3p1 -> 9.3p2) Subpackages: openssh-clients openssh-common openssh-server - Update to openssh 9.3p2 (bsc#1213504, CVE-2023-38408): Security ======== Fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: * Exploitation requires the presence of specific libraries on the victim system. * Remote exploitation requires that the agent was forwarded to an attacker-controlled system. Exploitation can also be prevented by starting ssh-agent(1) with an empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that contains only specific provider libraries. This vulnerability was discovered and demonstrated to be exploitable by the Qualys Security Advisory team. In addition to removing the main precondition for exploitation, this release removes the ability for remote ssh-agent(1) clients to load PKCS#11 modules by default (see below). Potentially-incompatible changes - ------------------------------- * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules issued by remote clients by default. A flag has been added to restore the previous behaviour "-Oallow-remote-pkcs11". Note that ssh-agent(8) depends on the SSH client to identify requests that are remote. The OpenSSH >=8.9 ssh(1) client does this, but forwarding access to an agent socket using other tools may circumvent this restriction. ==== openssh-askpass-gnome ==== Version update (9.3p1 -> 9.3p2) - Update to openssh 9.3p2 * No changes for askpass, see main package changelog for details ==== openssl-1_1 ==== Subpackages: libopenssl1_1 - Security fix: [bsc#1213487, CVE-2023-3446] * Fix DH_check() excessive time with over sized modulus. * The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ("p" parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. A new limit has been added to DH_check of 32,768 bits. Supplying a key/parameters with a modulus over this size will simply cause DH_check() to fail. * Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch ==== openssl-3 ==== Subpackages: libopenssl3 libopenssl3-32bit - Security fix: [bsc#1213487, CVE-2023-3446] * Fix DH_check() excessive time with over sized modulus. * The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ("p" parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. A new limit has been added to DH_check of 32,768 bits. Supplying a key/parameters with a modulus over this size will simply cause DH_check() to fail. * Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch - Security fix: [bsc#1213383, CVE-2023-2975] * AES-SIV implementation ignores empty associated data entries * Add openssl-CVE-2023-2975.patch ==== ovmf ==== Version update (202302 -> 202305) Subpackages: qemu-ovmf-x86_64 - Removed the following patches because they are not necessary and they blocked for submit to openSUSE:Factory. (bsc#1205978) ovmf-Revert-OvmfPkg-PlatformInitLib-Add-PlatformAddHobCB.patch ovmf-Revert-OvmfPkg-PlatformInitLib-Add-PlatformGetLowMem.patch ovmf-Revert-OvmfPkg-PlatformInitLib-Add-PlatformReservati.patch ovmf-Revert-OvmfPkg-PlatformInitLib-Add-PlatformScanE820-.patch ovmf-Revert-OvmfPkg-PlatformInitLib-reorder-PlatformQemuU.patch - Add openssl.keyring.README to shim.spec as Source113 to avoid erroe when submit to openSUSE:Factory - Enable support for riscv64 - Update to edk2-stable202305 (bsc#1205588) - Features (https://github.com/tianocore/edk2/releases): Expose IBT/BTI compatible runtime DXE drivers via memory attributes table Update toolchain support MdePkg: Support FDT library Add google mocks support to UnitTestFrameworkPkg GoogleTestLib Platform Redfish Host Interface library for USBNIC [OpenSSL] Update OpenSSL version to version 1.1.1t to include CVE fix Replace pre-standard FUNCTION with C99 func throughout edk2 Implement EFI memory attributes protocol for ARM platforms Add TraceHubLib Support - Patches (git log --oneline --date-order edk2-stable202302..edk2-stable202305): ba91d0292e MdeModulePkg/Core/Pei: set AprioriCount=0 before walking through next FV 5ce29ae84d ArmPkg/ArmMmuLib AARCH64: Add missing ISB after page table update c5cf7f69c9 pip-requirements.txt: Update edk2 pip modules 0abfb0be6c OvmfPkg: RiscVVirt: Add missing SerialPortInitialize to Sec 45da4e3135 MdePkg: add SBI-based SerialPortLib for RISC-V 2900e75511 MdePkg: BaseRiscVSbiLib: make more useful to consumers cafb4f3f36 UefiPayloadPkg: Fix boot shell issue for universal UEFI payload 80bc13db83 Maintainers.txt: Update reviewers and maintainers for FdtLib. d322557712 BaseTools/tools_def: Disable overzealous unused variable warning on Clang e2607d3a78 BaseTools/tools_def: Drop ref to undefined CLANGDWARF_ARM_PREFIX 0b37723186 ShellPkg/UefiShellDebug1CommandsLib: Replace hardcoded SMBIOS strings. 2d4c76f783 MdePkg/IndustryStandard: Add SMBIOS anchor string & length defines. c08a3a96fd MdePkg/IndustryStandard: Add IPMI Interface Capabilities definitions 083b029538 MdePkg: Add new PCDs for IPMI SSIF dea6c7dc2a MdePkg/IndustryStandard: Add definitions for IPMI SSIF 0a0e60caf2 Maintainers.txt: Update reviewers and maintainers for TraceHubDebugLib. 0f0422cedc MdeModulePkg: Add TraceHubDebugSysTLib library 3d50fdc5c6 MdePkg: Add NULL library of TraceHubDebugSysTLib c6bb7d54be MdePkg: Add MipiSysTLib library 782948c1a7 MdePkg: Add mipisyst submodule 6dd64168ed BaseTools/Plugin: Too many execute files cause "cmd too long" failure c6382ba0f2 SecurityPkg: Add missing break in Tpm2TestParms 77f75c7fb8 BaseTools: Update Tests/TestTools.py to allow it to work on Windows b9bbb4ae93 BaseTools: only print the environment once in toolsetup.bat dd246227d6 BaseTools: Update toolsetup.bat to not use BASETOOLS_PYTHON_SOURCE f47415e031 BaseTools: Revert Set the CLANGDWARF OBJCOPY path in tools_def.template 6fb2760dc8 OvmfPkg: drop PlatformBootManagerLibGrub 81dc0d8b4c OvmfPkg/AmdSev: stop using PlatformBootManagerLibGrub 63887e272d OvmfPkg/NvVarsFileLib: disable in case PcdBootRestrictToFirmware is set 41d7832db0 OvmfPkg/PlatformBootManagerLib: add PcdBootRestrictToFirmware e6447d2a08 Remove bashisms from edksetup.sh and BaseTools/BuildEnv 373a95532a BaseTools: Remove the CLANGCC build rule for Hii-Binary-Package.UEFI_HII ecbc394365 BaseTools: Set CLANGDWARF RC path to llvm-objcopy in tools_def.template 11f62f4cc0 BaseTools: Set the CLANGDWARF OBJCOPY path in tools_def.template c6f47e678f BaseTools: Remove BUILDRULEFAMILY from CLANGDWARF in tools_def.template 9165a7e95e CryptoPkg: Delete CLANG35 and CLANG38 build flags; add CLANGDWARF flags e97b9b4e5a MdePkg: Add more HobLib/PeiServicesLib gmock support 25c9d44315 MdeModulePkg: Add more PciHostBridgeLib gmock support bee67e0c14 OvmfPkg: Relax assertion that interrupts do not occur at TPL_HIGH_LEVEL ae0be176a8 OvmfPkg: Clarify invariants for NestedInterruptTplLib 5215cd5baf BaseTools: Update toolsetup.bat and Tests/PythonTest.py to check ver e6de6052a0 edksetup.bat: if toolsetup.bat fails, just exit 11ec5161fa BaseTools: use threading.current_thread in NmakeSubdirs.py db7e6291c0 BaseTools: Remove Python2/Python3 detection from toolset.bat 6eeb58ece3 RedfishPkg: Fix compile issue on Linux 665fca9ee7 RedfishPkg: Add missing newline character a1f6485a9b RedfishPkg: Create RestEx child on selected interface 05762bd2e0 RedfishPkg: Fix condition checking of error status c580e27efc RedfishPkg: Correct variable type to prevent memory corruption d89492456f Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy 8dbf868e02 Add volatile keyword to NvmExpressPei's Passthru CQ 293b97d0c4 Add the volatile keyword to NvmExpressDxe's Passthru CQ 4dea9e4a0e BaseTools/Conf: Add quotes to ADDDEBUGFLAG in tools_def.txt 8e985ac3fd BaseTools/Conf: Align CLANGDWARF and CLANGPDB warning overrides 66494e5324 MdeModulePkg/CapsuleApp: Add EFIAPI to CompareFileNameInAlphabet() eabaeb0613 OvmfPkg: move OvmfTpmDxe.fdf.inc to Include/Fdf 8bca1bb977 OvmfPkg: move OvmfTpmPei.fdf.inc to Include/Fdf b65c0eed6b BaseSynchronizationLib: Fix LoongArch64 synchronization functions 757f502a3b BaseTools/Conf/tools_def.template: Bump VERSION to 3.00 050d6e9434 BaseTools: Delete CLANG38 from tools_def.template 128547b081 BaseTools: Remove CLANG35 toolchain from tools_def.template 4ef4b81c9b BaseTools: As with CLANGDWARF IA32 and X64, use lld for ARM and AARCH64 98edce75fa BaseTools: Add ARM and AARCH64 CLANGDWARF support in tools_def.template 0fc07b1c6a BaseTools/Conf/tools_def.template: Add section for deprecated toolchains 01225075db Add GCC and GCCNOLTO toolchains to tools_def.txt and update packages 66803cafcf BaseTools: Update VS toolchain descriptions in tools_def.txt.template d7c6030a47 BaseTools: Remove EBC (EFI Byte Code) compiler definitions 8b441847e3 BaseTools: Remove unused IPHONE_TOOLS and SOURCERY_CYGWIN_TOOLS defs ba634ce82b edksetup.bat: Remove VS2008-VS2013 remnants c844d86bee MdePkg: Remove VS2008-VS2013 remnants c3ac3301e9 BaseTools: Remove VS2008-VS2013 remnants 0363584ac9 BaseTools: Remove VS2008, 2010, 2012 and 2013 toolchain definitions 94c802e108 MdePkg/BasePeCoffLib: Deal with broken debug directories ff7cb2d7c9 .pytool: Support FDT library. 5d586606c7 MdePkg: Support FDT library. 10416bf46e Tianocore: Support FDT library. d992a05ade Maintainers.txt: Update for IntelFsp2Pkg and IntelFsp2WrapperPkg. ... changelog too long, skipping 312 lines ... issue be fixed. ==== php8 ==== Version update (8.2.7 -> 8.2.8) Subpackages: php8-cli php8-ctype php8-dom php8-gd php8-gettext php8-iconv php8-mbstring php8-mysql php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - version update to 8.2.8 * This is a bug fix release. * https://www.php.net/ChangeLog-8.php#8.2.8 - modified patches % php-sort-filelist-phar.patch (refreshed) ==== python-rich ==== - %{?sle15_python_module_pythons} mut be at beginning to work. ==== qalculate ==== Version update (4.6.1 -> 4.7.0) Subpackages: libqalculate22 qalculate-data - version update to 4.7.0 * Support for custom default angle unit, e.g. turn, arcsec, arcmin * Append default angle unit (instead of always radians) when converting value without unit to angle unit * More consistent addition and removal of angle unit from function arguments * Always interpret ./, .*, and .^ as entrywise operators if user intention is unclear * Change order of operations to place entrywise and ordinary operators on the same precedence level * Add function, kron(), for Kronecker product, and constants for Pauli matrices * Add radius to planets dataset and update other properties * Support replacement of unknown variables within variable values * Fix besselj(0, 0) * Fix incomplete calculation in tan() with try exact approximation * Fix 0/0=0 equality (do not return true) and output of 2/0 (and similar) * Fixes and improvements for newtonsolve() and secantsolve() * Fix segfault when MathStructure is deleted after Calculator, and in destructor of calculated DynamicVariable (called from Calculator destructor) * Do not save mode on exit if "-defaults" command line switch where used (CLI) * Allow multiple actions for keyboard shortcuts (GTK, Qt) * Add toggle precision, and min, max, or min and max decimals to available shortcut and button actions (GTK, Qt) * Add option to exclude units for unformatted ASCII copy (GTK, Qt) * Add optional value to copy result action, allowing expression copy and formatting selection (GTK, Qt) * Fix copy unformatted ASCII when local digit group separator is same as selected decimal separator (GTK, Qt) * Add option to automatically copy result (Qt) * Always set (primary) selection clipboard contents when whole expression is selected or selection is cleared, e.g. after calculation (Qt) * Improve support dark mode and high contrast modes, and change default style to Fusion, on Windows (Qt) * Minor bug fixes and feature enhancements ==== sysuser-tools ==== - Add "quilt setup" friendly hint to %sysusers_requires usage It is not required to have sysuser-tools installed when working with a pkg source which uses sysuser-tools at build time. ==== tar ==== Subpackages: tar-lang tar-rmt - Update tests-skip-time01-on-32bit-time_t.patch to not run test on armv6 either ==== update-alternatives ==== Version update (1.21.8 -> 1.21.22) - openssl.patch: use openssl library for MD5 calculation instead of relying on libmd. libmd is not in Ring0 - require Perl 5.28.1 or later ==== virtualbox ==== Version update (7.0.8 -> 7.0.10) - VirtualBox 7.0.10 (released July 18 2023) This is a maintenance release. The following items were fixed and/or added: OCI: Introduced general improvements VMM: Fixed a bug while walking page tables while executing nested VMs causing flooding of the release log as a consequence (Intel hosts only, bug #21551) GUI: Added general improvements TPM: Fixed a crash when a VM has a TPM version 1.2 configured (bug #21622) 3D: Initial support for OpenGL 4.1 3D: Fixed various graphics issues with Windows 11 guests (bugs #21136, #21515) Guest Control/VBoxManage: Fixed parameter "--ignore-orphaned-processes" Guest Control/VBoxManage: Fixed behavior of how handling argument 0 for a started guest process works: One can now explicitly specify it with the newly added option "--arg0". This will effectively restore the behavior of former VirtualBox versions Audio: Also use the PulseAudio backend when pipewire-pulse is running instead of falling back to ALSA (bug #21575) NAT: Adjusted UDP proxy timeout from 18-21 to 21-24 range to respect intended 20 second timeout (bug #21560) Linux Host: Added initial support for Indirect Branch Tracking (bug #21435) Linux Host: Added initial support for kernel 6.5 (NOTE: Guest Additions do not support kernel 6.5 yet) Linux Host and Guest: Improved condition check when kernel modules need to be signed Linux Host and Guest: Added initial support for RHEL 8.8 (bug #21692), 8.9 (bug #21690) and 9.3 (bugs #21598 and #21671) kernels Linux Guest Additions: Fixed issue when kernel modules were rebuilt on each boot when guest system has no X11 installed Linux Guest Additions: Added initial support for kernel 6.4 Linux Guest Additions: Fixed issue when vboxvideo module reloading caused kernel panic in some guests (bug #21740) Linux Guest Additions: Introduced general improvements in the installer area Windows Guest Additions: Introduced general improvements in graphics drivers area removed "fixes_for_kernel_6.4.patch" as this is fixed upstream Fix issue with kernel on newer CPU (boo#1212209) ==== virtualbox-kmp ==== Version update (7.0.8_k6.4.3_1 -> 7.0.10_k6.4.4_1) - VirtualBox 7.0.10 (released July 18 2023) This is a maintenance release. The following items were fixed and/or added: OCI: Introduced general improvements VMM: Fixed a bug while walking page tables while executing nested VMs causing flooding of the release log as a consequence (Intel hosts only, bug #21551) GUI: Added general improvements TPM: Fixed a crash when a VM has a TPM version 1.2 configured (bug #21622) 3D: Initial support for OpenGL 4.1 3D: Fixed various graphics issues with Windows 11 guests (bugs #21136, #21515) Guest Control/VBoxManage: Fixed parameter "--ignore-orphaned-processes" Guest Control/VBoxManage: Fixed behavior of how handling argument 0 for a started guest process works: One can now explicitly specify it with the newly added option "--arg0". This will effectively restore the behavior of former VirtualBox versions Audio: Also use the PulseAudio backend when pipewire-pulse is running instead of falling back to ALSA (bug #21575) NAT: Adjusted UDP proxy timeout from 18-21 to 21-24 range to respect intended 20 second timeout (bug #21560) Linux Host: Added initial support for Indirect Branch Tracking (bug #21435) Linux Host: Added initial support for kernel 6.5 (NOTE: Guest Additions do not support kernel 6.5 yet) Linux Host and Guest: Improved condition check when kernel modules need to be signed Linux Host and Guest: Added initial support for RHEL 8.8 (bug #21692), 8.9 (bug #21690) and 9.3 (bugs #21598 and #21671) kernels Linux Guest Additions: Fixed issue when kernel modules were rebuilt on each boot when guest system has no X11 installed Linux Guest Additions: Added initial support for kernel 6.4 Linux Guest Additions: Fixed issue when vboxvideo module reloading caused kernel panic in some guests (bug #21740) Linux Guest Additions: Introduced general improvements in the installer area Windows Guest Additions: Introduced general improvements in graphics drivers area removed "fixes_for_kernel_6.4.patch" as this is fixed upstream Fix issue with kernel on newer CPU (boo#1212209) ==== webkit2gtk3 ==== Version update (2.40.3 -> 2.40.4) Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.40.4: + Fix a bug in JavaScript reading variable arguments in a call. ==== webkit2gtk3-soup2 ==== Version update (2.40.3 -> 2.40.4) Subpackages: WebKitGTK-4.0-lang libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update to version 2.40.4: + Fix a bug in JavaScript reading variable arguments in a call.