Packages changed: dracut (059+suse.511.g0bdb16ac -> 059+suse.522.g0fc72191) drbd gnutls (3.8.1 -> 3.8.2) hplip inkscape (1.3 -> 1.3.1) libksba (1.6.4 -> 1.6.5) libreoffice (7.6.2.1 -> 7.6.3.1) libsolv (0.7.25 -> 0.7.26) libxml2 (2.11.5 -> 2.11.6) libxml2-python (2.11.5 -> 2.11.6) rubygem-google-protobuf (3.23.1 -> 3.25.1) rubygem-rgl (0.5.10 -> 0.6.6) rubygem-webrick (1.7.0 -> 1.8.1) sssd texlive virglrenderer === Details === ==== dracut ==== Version update (059+suse.511.g0bdb16ac -> 059+suse.522.g0fc72191) - Update to version 059+suse.522.g0fc72191: * fix(install.d): do not create rescue entry when working with UKIs * fix(install.d): skip if $KERNEL_INSTALL_INITRD_GENERATOR is set otherwise * feat(resume): do not attempt to install systemd-hibernate-resume@.service * feat(install.d): add sort-key field to rescue BLS entries * fix(install.d): do not generate a new initrd if any INITRD_FILE is provided * fix(install.d): do not create initramfs if the supplied image is UKI * feat(install.d): allow using dracut in combination with ukify * fix(resume): add new systemd-hibernate-resume.service * feat(systemd): install systemd-executor ==== drbd ==== - drbd: fix build error against kernel v6.6.1 (boo#1217078) * add upstream patches + 0021-compat-sock-Remove-sendpage-in-favour-of-sendmsg-MSG.patch + 0022-compat-block-replace-fmode_t-with-a-block-specific-t.patch + 0023-compat-genetlink-remove-userhdr-from-struct-genl_inf.patch * remove patch which are already included in upstream patches: - bsc-1215699_fix-build-error-against-kernel-v6.5.4.patch ==== gnutls ==== Version update (3.8.1 -> 3.8.2) Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit - Update to 3.8.2: [bsc#1217277, CVE-2023-5981] * libgnutls: Fix timing side-channel inside RSA-PSK key exchange. [GNUTLS-SA-2023-10-23, CVSS: medium] [CVE-2023-5981] * libgnutls: Add API functions to perform ECDH and DH key agreement The functionality has been there for a long time though they were not available as part of the public API. This enables applications to implement custom protocols leveraging non-interactive key agreement with ECDH and DH. * libgnutls: Added support for AES-GCM-SIV ciphers (RFC 8452) The new algorithms GNUTLS_CIPHER_AES_128_SIV_GCM and GNUTLS_CIPHER_AES_256_SIV_GCM have been added to be used through the AEAD interface. Note that, unlike GNUTLS_CIPHER_AES_{128,256}_SIV_GCM, the authentication tag is appended to the ciphertext, not prepended. * libgnutls: transparent KTLS support is extended to FreeBSD kernel The kernel TLS feature can now be enabled on FreeBSD as well as Linux when compiled with the --enable-ktls configure option. * gnutls-cli: New option --starttls-name Depending on deployment, application protocols such as XMPP may require a different origin address than the external address to be presented prior to STARTTLS negotiation. The --starttls-name can be used to specify specify the addresses separately. * API and ABI modifications: - gnutls_pubkey_import_dh_raw: New function - gnutls_privkey_import_dh_raw: New function - gnutls_pubkey_export_dh_raw: New function - gnutls_privkey_export_dh_raw: New function - gnutls_x509_privkey_import_dh_raw: New function - gnutls_privkey_derive_secret: New function - GNUTLS_KEYGEN_DH: New enum member of gnutls_keygen_types_t - GNUTLS_CIPHER_AES_128_SIV_GCM: Added - GNUTLS_CIPHER_AES_256_SIV_GCM: Added * Rebase gnutls-FIPS-140-3-references.patch * Remove upstream: gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch ==== hplip ==== Subpackages: hplip-hpijs hplip-sane hplip-udev-rules - hppsfilter: booklet printing: change insecure fixed /tmp file paths (bsc#1214399) * add hppsfilter-booklet-printing-change-insecure-fixed-tm.patch ==== inkscape ==== Version update (1.3 -> 1.3.1) Subpackages: inkscape-extensions-extra inkscape-extensions-fig inkscape-extensions-gimp inkscape-lang - Update to version 1.3.1: + more than 30 crash/freeze fixes + a new feature to disable snapping to grid lines + a new feature to split text into its letters + the Shape Builder tool now creates an appropriate number of nodes + PDF files that could not be opened with Inkscape 1.3 can now be opened / imported again + See the full release notes https://inkscape.org/doc/release_notes/1.3.1/Inkscape_1.3.1.html ==== libksba ==== Version update (1.6.4 -> 1.6.5) - Update to 1.6.5: * Add Brainpool curve detection using parameters with compressed base point. [rKeb23f853f178] * New configure option --with-libtool-modification. [T6619] * Release-info: https://dev.gnupg.org/T6822 ==== libreoffice ==== Version update (7.6.2.1 -> 7.6.3.1) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Update to 7.6.3.1: https://wiki.documentfoundation.org/Releases/7.6.3/RC1 https://wiki.documentfoundation.org/Releases/7.6.2/RC2 - Update bundled dependencies: libcmis-0.5.2.tar.xz -> libcmis-0.6.0.tar.xz poppler-23.06.0.tar.xz -> poppler-23.09.0.tar.xz - Add bundled() markers ==== libsolv ==== Version update (0.7.25 -> 0.7.26) Subpackages: libsolv-tools python3-solv ruby-solv - fix evr roundtrip in testcases - do not use deprecated headerUnload with newer rpm versions - bump version to 0.7.26 ==== libxml2 ==== Version update (2.11.5 -> 2.11.6) Subpackages: libxml2-2 libxml2-tools - Update to version 2.11.6: * Regressions: - threads: Fix --with-thread-alloc - xinclude: Fix ‘last’ pointer in xmlXIncludeCopyNode * Bug fixes: parser: Fix potential use-after-free in xmlParseCharDataInternal ==== libxml2-python ==== Version update (2.11.5 -> 2.11.6) - Update to version 2.11.6: * Regressions: - threads: Fix --with-thread-alloc - xinclude: Fix ‘last’ pointer in xmlXIncludeCopyNode * Bug fixes: parser: Fix potential use-after-free in xmlParseCharDataInternal ==== rubygem-google-protobuf ==== Version update (3.23.1 -> 3.25.1) - New upstream release 3.25.1 - Add 0001-ruby-return-0-from-shared_convert.c-shared_message.c.patch to fix build failures with -Werror=return-type - Fix spurious +x permissions in the sources ==== rubygem-rgl ==== Version update (0.5.10 -> 0.6.6) - New upstream release 0.6.6, see bundled CHANGELOG.md ==== rubygem-webrick ==== Version update (1.7.0 -> 1.8.1) - New upstream release 1.8.1, no changelog found ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Fix spec file for Leap - /usr/etc migration, restore /etc/sssd/sssd.conf.rpmsave after update (bsc#1216865) - Do not install the KRB5 IDP plugin, it is useless without the OIDC child - Drop no longer valid --without-secrets configure switch ==== texlive ==== Subpackages: libkpathsea6 libsynctex2 - Silent some rpmlint errors - Catch all lua based binaries for boo#1216650 - texlive-latex-bin-bin: Ensure the same version of libz1 is installed in system as against what texlive was compiled (boo#1216650). ==== virglrenderer ==== - Add pkgconfig(libva) BuildRequires: Enable support for hardware video acceleration - Add pkgconfig(vulkan) BuildRequires: Enable support for venus on Tumbleweed (build failed on leap)