Packages changed: GraphicsMagick (1.3.43 -> 1.3.45) Mesa Mesa-drivers apache2 (2.4.62 -> 2.4.63) apache2-manual (2.4.62 -> 2.4.63) apache2-prefork (2.4.62 -> 2.4.63) apache2-utils (2.4.62 -> 2.4.63) checkpolicy (3.8 -> 3.8.1) container-selinux (2.234.2 -> 2.235.0) libisofs (1.5.6 -> 1.5.6.pl01) libkate (0.4.1 -> 0.4.3) libmysofa (1.3.2 -> 1.3.3) libselinux (3.8 -> 3.8.1) libselinux-bindings (3.8 -> 3.8.1) libsemanage (3.8 -> 3.8.1) libsepol (3.8 -> 3.8.1) luajit netpbm (11.7.0 -> 11.9.3) openSUSE-release (20250310 -> 20250311) policycoreutils (3.8 -> 3.8.1) python-Jinja2 (3.1.5 -> 3.1.6) python-Pygments python-kiwi (10.2.12 -> 10.2.13) python-semanage (3.8 -> 3.8.1) python311 python311-core qca-qt5 (2.3.9 -> 2.3.10) qca-qt6 (2.3.9 -> 2.3.10) salt sdl12_compat selinux-policy (20250305 -> 20250307) serd (0.32.2 -> 0.32.4) sord (0.16.16 -> 0.16.18) sratom (0.6.14 -> 0.6.18) xinit (1.4.3 -> 1.4.4) zxing-cpp (2.2.1 -> 2.3.0) === Details === ==== GraphicsMagick ==== Version update (1.3.43 -> 1.3.45) Subpackages: libGraphicsMagick++-Q16-12 libGraphicsMagick-Q16-3 libGraphicsMagick3-config - version update to 1.3.45 Security Fixes: * TIFF: Fixed multiple heap and stack buffer overflows (directed by the source EXIF profile) while writing EXIF into the native TIFF IFD. * FITS: Fix problem that the FITS reader could return invalid image frames with rows or columns set to zero. Other code in the library crashes, or even asserts, if invalid image frames with rows or columns set to zero are returned. * Coverity fixes: Various fixes for Coverity issues raised after the update to version 2023.12.2. * Clang Analyzer (scan-build) fixes: Various fixes for new issues discovered by Clang Analyzer. Bug fixes: * configure.ac: Fix a shell syntax error. * GCC 14: Eliminate some new warnings which appeared while in -Wall mode. * JPEG: FormatJPEGSamplingFactors() now properly handles the number of samples for each colorspace. * JXL: Additional validations of color channel and alpha channel depth. * TGA: Fix issues discovered by Coverity. * TGA: Fix writing TGA with opacity values in palette. * TGA: Default orientation is (again) TopLeftOrientation. * TIFF: Verify that TIFFTAG_BITSPERSAMPLE is within a rational range. * TXT: Eliminate use of an uninitialized-value in GetColorTuple(). * XML: Improve detection of if the deprecated HTTP and FTP protocols are supported by libxml2. New Features: * Add support for reading the pre-rendered image from the Open Raster ("ORA") format. Actual rendering of Open Raster is not supported. * Add support for Dune HD AAI Image (aka Auburn Animation Image) image format ("AAI"). * Add support for a --version option, which produces GNU style summary version output. * Identify output now indicates if the image is opaque. * WebP: Add support for '-define webp:exact=true' to preserve exact RGB values under transparent areas while writing WebP format. Enable this automatically when lossless is enabled. If lossless is enabled, this option may be used to disable exact mode. * PerlMagick: Add AccessDefinition(), AddDefinition(), AddDefinitions(), and RemoveDefinitions() methods to supporting adding, updating, removing definitions. API Updates: * Magick++/STL.h: The deprecated std::unary_function is no longer used given C++'11 or later. Continued use of it caused too many issues due to an abundance of warnings. * Wand API PixelSetQuantumColor(): The color argument is now a const pointer. Behavior Changes: * The graphical progress indication in the X11 sub-apps 'animate' and 'display' is disabled due to discovering a tremendous performance impact while rendering text under Ubuntu 22.04 LTS. The underlying cause of the performance impact is not yet known. A text-based progress output to the program's console is available via `-monitor`. * MagickMaxFileSystemBlockSize: Place an arbitrary limit (4,194,304 bytes) on maximum filesystem block size. - modified patches % GraphicsMagick-disable-insecure-coders.patch (refreshed) ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Make build recipe POSIX sh compatible ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva libxatracker2 - Make build recipe POSIX sh compatible ==== apache2 ==== Version update (2.4.62 -> 2.4.63) - Update to 2.4.63: * mod_dav: Update redirect-carefully example BrowserMatch config to match more recent client versions. * mod_cache_socache: Fix possible crash on error path. * mod_ssl: Fail cleanly at startup if OpenSSL initialization fails. * mod_md: update to version 2.4.31 - Improved error reporting when waiting for ACME server to verify domains or finalizing the order fails, e.g. times out. - Increasing the timeouts to wait for ACME server to verify domain names and issue the certificate from 30 seconds to 5 minutes. - Change a log level from error to debug when Stapling is enabled but a certificate carries no OCSP responder URL. * mod_proxy_balancer: Fix the handling of the stickysession configuration parameter by the balancer manager. * Add the ldap-search option to mod_authnz_ldap, allowing authorization to be based on arbitrary expressions that do not include the username. Make sure that when ldap searches are too long, we explicitly log the error. * mod_proxy: Honor parameters of ProxyPassMatch workers with substitution in the host name or port. * mod_log_config: Fix merging for the "LogFormat" directive. * mod_lua: Make r.ap_auth_type writable. * mod_md: update to version 2.4.29 - Fixed HTTP-01 challenges to not carry a final newline, as some ACME server fail to ignore it. - Fixed missing label+newline in server-status plain text output when MDStapling is enabled. * mod_ssl: Restore support for loading PKCS#11 keys via ENGINE without "SSLCryptoDevice" configured. * mod_authnz_ldap: Fix possible memory corruption if the AuthLDAPSubGroupAttribute directive is configured. * mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME when set via SetHandler. * mod_rewrite, mod_proxy: mod_proxy to canonicalize rewritten URLs, including "unix:" ones. * mod_rewrite: Error out in case a RewriteRule in directory context uses the proxy, but mod_proxy is not loaded. * http: Remove support for Request-Range header sent by Navigator 2-3 and MSIE 3. * mod_rewrite: Don't require flag to preserve a leading // added by applying the perdir prefix to the substitution. * Windows: Restore the ability to "Include" configuration files on UNC paths. * mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs in Location (incomplete fix in 2.4.62). * mod_md: update to version 2.4.28 - When the server starts, it looks for new, staged certificates to activate. If the staged set of files in 'md/staging/' is messed up, this could prevent further renewals to happen. Now, when the staging set is present, but could not be activated due to an error, purge the whole directory. - Fix certificate retrieval on ACME renewal to not require a 'Location:' header returned by the ACME CA. This was the way it was done in ACME before it became an IETF standard. Let's Encrypt still supports this, but other CAs do not. - Restore compatibility with OpenSSL < 1.1. * mod_tls: removed the experimental module. It now is availble standalone from https://github.com/icing/mod_tls. The rustls provided API is not stable and does not align with the httpd release cycle. * mod_rewrite: Better question mark tracking to avoid UnsafeAllow3F. * mod_http2: Return connection monitoring to the event MPM when blocking on client updates. ==== apache2-manual ==== Version update (2.4.62 -> 2.4.63) - Update to 2.4.63: * mod_dav: Update redirect-carefully example BrowserMatch config to match more recent client versions. * mod_cache_socache: Fix possible crash on error path. * mod_ssl: Fail cleanly at startup if OpenSSL initialization fails. * mod_md: update to version 2.4.31 - Improved error reporting when waiting for ACME server to verify domains or finalizing the order fails, e.g. times out. - Increasing the timeouts to wait for ACME server to verify domain names and issue the certificate from 30 seconds to 5 minutes. - Change a log level from error to debug when Stapling is enabled but a certificate carries no OCSP responder URL. * mod_proxy_balancer: Fix the handling of the stickysession configuration parameter by the balancer manager. * Add the ldap-search option to mod_authnz_ldap, allowing authorization to be based on arbitrary expressions that do not include the username. Make sure that when ldap searches are too long, we explicitly log the error. * mod_proxy: Honor parameters of ProxyPassMatch workers with substitution in the host name or port. * mod_log_config: Fix merging for the "LogFormat" directive. * mod_lua: Make r.ap_auth_type writable. * mod_md: update to version 2.4.29 - Fixed HTTP-01 challenges to not carry a final newline, as some ACME server fail to ignore it. - Fixed missing label+newline in server-status plain text output when MDStapling is enabled. * mod_ssl: Restore support for loading PKCS#11 keys via ENGINE without "SSLCryptoDevice" configured. * mod_authnz_ldap: Fix possible memory corruption if the AuthLDAPSubGroupAttribute directive is configured. * mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME when set via SetHandler. * mod_rewrite, mod_proxy: mod_proxy to canonicalize rewritten URLs, including "unix:" ones. * mod_rewrite: Error out in case a RewriteRule in directory context uses the proxy, but mod_proxy is not loaded. * http: Remove support for Request-Range header sent by Navigator 2-3 and MSIE 3. * mod_rewrite: Don't require flag to preserve a leading // added by applying the perdir prefix to the substitution. * Windows: Restore the ability to "Include" configuration files on UNC paths. * mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs in Location (incomplete fix in 2.4.62). * mod_md: update to version 2.4.28 - When the server starts, it looks for new, staged certificates to activate. If the staged set of files in 'md/staging/' is messed up, this could prevent further renewals to happen. Now, when the staging set is present, but could not be activated due to an error, purge the whole directory. - Fix certificate retrieval on ACME renewal to not require a 'Location:' header returned by the ACME CA. This was the way it was done in ACME before it became an IETF standard. Let's Encrypt still supports this, but other CAs do not. - Restore compatibility with OpenSSL < 1.1. * mod_tls: removed the experimental module. It now is availble standalone from https://github.com/icing/mod_tls. The rustls provided API is not stable and does not align with the httpd release cycle. * mod_rewrite: Better question mark tracking to avoid UnsafeAllow3F. * mod_http2: Return connection monitoring to the event MPM when blocking on client updates. ==== apache2-prefork ==== Version update (2.4.62 -> 2.4.63) - Update to 2.4.63: * mod_dav: Update redirect-carefully example BrowserMatch config to match more recent client versions. * mod_cache_socache: Fix possible crash on error path. * mod_ssl: Fail cleanly at startup if OpenSSL initialization fails. * mod_md: update to version 2.4.31 - Improved error reporting when waiting for ACME server to verify domains or finalizing the order fails, e.g. times out. - Increasing the timeouts to wait for ACME server to verify domain names and issue the certificate from 30 seconds to 5 minutes. - Change a log level from error to debug when Stapling is enabled but a certificate carries no OCSP responder URL. * mod_proxy_balancer: Fix the handling of the stickysession configuration parameter by the balancer manager. * Add the ldap-search option to mod_authnz_ldap, allowing authorization to be based on arbitrary expressions that do not include the username. Make sure that when ldap searches are too long, we explicitly log the error. * mod_proxy: Honor parameters of ProxyPassMatch workers with substitution in the host name or port. * mod_log_config: Fix merging for the "LogFormat" directive. * mod_lua: Make r.ap_auth_type writable. * mod_md: update to version 2.4.29 - Fixed HTTP-01 challenges to not carry a final newline, as some ACME server fail to ignore it. - Fixed missing label+newline in server-status plain text output when MDStapling is enabled. * mod_ssl: Restore support for loading PKCS#11 keys via ENGINE without "SSLCryptoDevice" configured. * mod_authnz_ldap: Fix possible memory corruption if the AuthLDAPSubGroupAttribute directive is configured. * mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME when set via SetHandler. * mod_rewrite, mod_proxy: mod_proxy to canonicalize rewritten URLs, including "unix:" ones. * mod_rewrite: Error out in case a RewriteRule in directory context uses the proxy, but mod_proxy is not loaded. * http: Remove support for Request-Range header sent by Navigator 2-3 and MSIE 3. * mod_rewrite: Don't require flag to preserve a leading // added by applying the perdir prefix to the substitution. * Windows: Restore the ability to "Include" configuration files on UNC paths. * mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs in Location (incomplete fix in 2.4.62). * mod_md: update to version 2.4.28 - When the server starts, it looks for new, staged certificates to activate. If the staged set of files in 'md/staging/' is messed up, this could prevent further renewals to happen. Now, when the staging set is present, but could not be activated due to an error, purge the whole directory. - Fix certificate retrieval on ACME renewal to not require a 'Location:' header returned by the ACME CA. This was the way it was done in ACME before it became an IETF standard. Let's Encrypt still supports this, but other CAs do not. - Restore compatibility with OpenSSL < 1.1. * mod_tls: removed the experimental module. It now is availble standalone from https://github.com/icing/mod_tls. The rustls provided API is not stable and does not align with the httpd release cycle. * mod_rewrite: Better question mark tracking to avoid UnsafeAllow3F. * mod_http2: Return connection monitoring to the event MPM when blocking on client updates. ==== apache2-utils ==== Version update (2.4.62 -> 2.4.63) - Update to 2.4.63: * mod_dav: Update redirect-carefully example BrowserMatch config to match more recent client versions. * mod_cache_socache: Fix possible crash on error path. * mod_ssl: Fail cleanly at startup if OpenSSL initialization fails. * mod_md: update to version 2.4.31 - Improved error reporting when waiting for ACME server to verify domains or finalizing the order fails, e.g. times out. - Increasing the timeouts to wait for ACME server to verify domain names and issue the certificate from 30 seconds to 5 minutes. - Change a log level from error to debug when Stapling is enabled but a certificate carries no OCSP responder URL. * mod_proxy_balancer: Fix the handling of the stickysession configuration parameter by the balancer manager. * Add the ldap-search option to mod_authnz_ldap, allowing authorization to be based on arbitrary expressions that do not include the username. Make sure that when ldap searches are too long, we explicitly log the error. * mod_proxy: Honor parameters of ProxyPassMatch workers with substitution in the host name or port. * mod_log_config: Fix merging for the "LogFormat" directive. * mod_lua: Make r.ap_auth_type writable. * mod_md: update to version 2.4.29 - Fixed HTTP-01 challenges to not carry a final newline, as some ACME server fail to ignore it. - Fixed missing label+newline in server-status plain text output when MDStapling is enabled. * mod_ssl: Restore support for loading PKCS#11 keys via ENGINE without "SSLCryptoDevice" configured. * mod_authnz_ldap: Fix possible memory corruption if the AuthLDAPSubGroupAttribute directive is configured. * mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME when set via SetHandler. * mod_rewrite, mod_proxy: mod_proxy to canonicalize rewritten URLs, including "unix:" ones. * mod_rewrite: Error out in case a RewriteRule in directory context uses the proxy, but mod_proxy is not loaded. * http: Remove support for Request-Range header sent by Navigator 2-3 and MSIE 3. * mod_rewrite: Don't require flag to preserve a leading // added by applying the perdir prefix to the substitution. * Windows: Restore the ability to "Include" configuration files on UNC paths. * mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs in Location (incomplete fix in 2.4.62). * mod_md: update to version 2.4.28 - When the server starts, it looks for new, staged certificates to activate. If the staged set of files in 'md/staging/' is messed up, this could prevent further renewals to happen. Now, when the staging set is present, but could not be activated due to an error, purge the whole directory. - Fix certificate retrieval on ACME renewal to not require a 'Location:' header returned by the ACME CA. This was the way it was done in ACME before it became an IETF standard. Let's Encrypt still supports this, but other CAs do not. - Restore compatibility with OpenSSL < 1.1. * mod_tls: removed the experimental module. It now is availble standalone from https://github.com/icing/mod_tls. The rustls provided API is not stable and does not align with the httpd release cycle. * mod_rewrite: Better question mark tracking to avoid UnsafeAllow3F. * mod_http2: Return connection monitoring to the event MPM when blocking on client updates. ==== checkpolicy ==== Version update (3.8 -> 3.8.1) - Update to version 3.8.1 https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 * no source change ==== container-selinux ==== Version update (2.234.2 -> 2.235.0) - Update to version 2.235.0: * Bump to v2.235.0 * OWNERS: add wrabcak and zpytela * OWNERS: initial commit * container_log{reader,writer}_t: allow watch file * RPM: Update gating config * Enable aarch64 testing * TMT: simplify podman tests * feat: support /var/lib/crio - OBS service file: use the tagged commit for archive versioning and don't just archive the latest changes from the main branch using the latest tag ==== libisofs ==== Version update (1.5.6 -> 1.5.6.pl01) - update to 1.5.6.pl01: * Bug fix: iso_write_opts_set_part_like_isohybrid() did not cause a MBR partition table if the partitions are data files in the ISO rather than appended * Bug fix: The lseek methods of IsoFileSource for local filesystem and loaded ISO returned libisofs error codes as positive off_t numbers * Bug fix: Freshly cloned data files from imported image were not marked as imported. * Bug fix: Size of further CE area was calculated wrong if its CE entry ended exactly at a block boundary * New iso_write_opts_set_system_area() option bits 16: GPT "Legacy BIOS bootable" and 17: GPT writable * New API calls iso_assess_written_features(), iso_read_image_feature_named(), iso_read_image_features_text() * Allowed lseekable device files with iso_tree_add_new_cut_out_node(). * New API call iso_write_opts_set_max_ce_entries() ==== libkate ==== Version update (0.4.1 -> 0.4.3) Subpackages: libkate1 liboggkate1 - update to 0.4.3: * full Python 3 compatibility - includes changes from 0.4.2: * Adjust decoder to allow zero sized metadata content * Adjust text parsing to better recognize invalid UNICODE * Eliminate timing precision issues in writing to kate format, and ensure seconds are written with a leading 0 if less than 10 * Fixes to build systems, compiler warnings * Correct option handling in KateDJ. * Adust kate_high_decode_init() to avoid use after free - drop disable-namespace-test.patch ==== libmysofa ==== Version update (1.3.2 -> 1.3.3) - update to 1.3.3: * Remove file size limit * add an -o output option * developer visible fixes and portability fixes - drop Install-header-when-only-building-shared-lib.patch, included ==== libselinux ==== Version update (3.8 -> 3.8.1) Subpackages: libselinux1 libselinux1-32bit selinux-tools - Update to version 3.8.1 https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 * no source change ==== libselinux-bindings ==== Version update (3.8 -> 3.8.1) - Update to version 3.8.1 https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 * no source change ==== libsemanage ==== Version update (3.8 -> 3.8.1) Subpackages: libsemanage-conf libsemanage2 - Update to version 3.8.1 https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 * libsemanage: improved performance of semanage store rebuild ==== libsepol ==== Version update (3.8 -> 3.8.1) - Update to version 3.8.1 https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 * no source change ==== luajit ==== - Enable lua 5.2 compatibility (Needed for build aegisubs) ==== netpbm ==== Version update (11.7.0 -> 11.9.3) Subpackages: libnetpbm11 - version update to 11.9.3 * Release 11.09.03 + giftopnm: Fix wild pointer reference with -verbose and invalid extension type. Broken in Netpbm 10.59 (December 2012). pdbimgtopam, pamtopdbimg: Fix crash when out of memory. Always broken (programs were new in Netpbm 10.52 (September 2010)). + pamrestack: fix failure when height too large for computations. Broken in Netpbm 10.99 (June 2022). * Release 11.09.02 + pammixmulti: Fix crash similar to that fixed in 11.09.01. Introduced in Netpbm 11.09.00 (December 2024). * Release 11.09.01 + pammixmulti: Fix crash from uninitialized memory. Introduced in Netpbm 11.09.00 (December 2024). * Release 11.09.00 + pammixmulti: Add -blend=alpha-weighted. Thanks Scott Pakin. + ppmhist: Don't accept -nomap and -map together, or -colorname with -map. (Before, -nomap and -colorname were ignored with - map). + libnetpbm: Fix crash in ppm_colorDict_destroy; affects all programs that use color names. Introduced in Netpbm 11.07 (June 2024). + pcxtoppm: Fix wildly incorrect output for all multiplane images. Broken in Netpbm 11.04 (September 2023). + pbmtoascii: Fix bug: allows both -1x2 and -2x4. Always present (pbmtoascii existed in primordial Netpbm). + build: fix type mismatch warning linking ppmtompeg. Always broken (ppmtompeg was new to Netpbm in April 2004). + build: Make it work with -std=gnu23, which is the default in recent GCC. To wit, remove local declaration of "bool". + makeman: fix for HTML lists that have blank lines between items. * Release 11.08.00 + libnetpbm color name parsing: Fix handling of rgb: color names with more than 4 hex digits per plane, so it throws an error instead of generating an invalid or wrong color. Broken in primordial Netpbm. + libnetpbm color name parsing: Fix error message for invalid rgb- color name. + build: fix typo in check of DARWIN_C_SOURCE so strdup, etc. are properly defined on OS X. - modified patches % netpbm-security-code.patch (refreshed) - deleted patches - netpbm-gcc15.patch (upstreamed) ==== openSUSE-release ==== Version update (20250310 -> 20250311) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== policycoreutils ==== Version update (3.8 -> 3.8.1) Subpackages: policycoreutils-lang policycoreutils-python-utils python313-policycoreutils - Update to version 3.8.1 https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 * no source change ==== python-Jinja2 ==== Version update (3.1.5 -> 3.1.6) - Update to 3.1.6 * The ``|attr`` filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. ==== python-Pygments ==== Subpackages: python311-Pygments python313-Pygments - Remove files from testsamples that licensedigger flagged as high risks. Also created an issue upstream for potential licensing issues. See https://github.com/pygments/pygments/issues/2872 - Disable tests which depended on those files ==== python-kiwi ==== Version update (10.2.12 -> 10.2.13) - Bump version: 10.2.12 → 10.2.13 - Lookup CHRP loader instead of using a static name On ppc the CHRP loader name can vary between distributions. This commit adds a search method to lookup different ELF loader names. In addition an integration test image for Fedora was added. This Fixes #2741 ==== python-semanage ==== Version update (3.8 -> 3.8.1) - Update to version 3.8.1 https://github.com/SELinuxProject/selinux/releases/tag/3.8.1 * libsemanage: improved performance of semanage store rebuild ==== python311 ==== Subpackages: python311-curses python311-dbm python311-x86-64-v3 - Skip PGO with %want_reproducible_builds (bsc#1239210) ==== python311-core ==== Subpackages: libpython3_11-1_0 libpython3_11-1_0-x86-64-v3 python311-base python311-base-x86-64-v3 - Skip PGO with %want_reproducible_builds (bsc#1239210) ==== qca-qt5 ==== Version update (2.3.9 -> 2.3.10) Subpackages: libqca-qt5-2 qca-qt5-plugins - Update to version 2.3.10: * Increase version number * Avoid some clang-format incompatibility issues * Port away from CMP0042 * CI: Remove build_clazy_clang_tidy build * CI: Use clang-format 19 * CI: Fix FreeBSD build * Retire KF5 Android CI * Avoid using QtTest module include which slows down compilation - Switch _service to use mode="manual" ==== qca-qt6 ==== Version update (2.3.9 -> 2.3.10) Subpackages: libqca-qt6-2 qca-qt6-plugins - Update to version 2.3.10: * Increase version number * Avoid some clang-format incompatibility issues * Port away from CMP0042 * CI: Remove build_clazy_clang_tidy build * CI: Use clang-format 19 * CI: Fix FreeBSD build * Retire KF5 Android CI * Avoid using QtTest module include which slows down compilation - Switch _service to use mode="manual" ==== salt ==== Subpackages: python311-salt salt-master salt-minion - Detect openEuler as RedHat family OS - Ensure the correct crypt module is loaded - Implement multiple inventory for ansible.targets - Make x509 module compatible with M2Crypto 0.44.0 - Remove deprecated code from x509.certificate_managed test mode - Move logrotate config to /usr/etc/logrotate.d where possible - Added: * detect-openeuler-as-redhat-family-os.patch * ensure-the-correct-crypt-module-is-loaded.patch * implement-multiple-inventory-for-ansible.targets.patch * make-x509-module-compatible-with-m2crypto-0.44.0.patch * remove-deprecated-code-from-x509.certificate_managed.patch - Add DEB822 apt repository format support - Make Salt-SSH work with all SSH passwords (bsc#1215484) - Added: * add-deb822-apt-source-format-support-692.patch * remove-password-from-shell-after-functional-text-mat.patch ==== sdl12_compat ==== - Delete self-conflicts ==== selinux-policy ==== Version update (20250305 -> 20250307) Subpackages: selinux-policy-targeted - Update to version 20250307: * allow systemd_pcrlock_t to manage dos directories (bsc#1233358) * Allow snapper to manage dos files and dontaudit execmem (bsc#1233358) * enabled filed name transitions for systemd_pcrlock (bsc#1233358) * Update kmscon policy module to kmscon version 9 (bsc#1238137) * Revert "Allow systemd-networkd to rw memfd objects in tmpfs (bsc#1237515)" * Remove duplicate dev_rw_dma_dev(xdm_t) * Allow thumbnailer read and write the dma device * Allow named_filetrans_domain filetrans raid/mdadm named content * Allow afterburn to mount and read config drives * Allow mptcpd the net_admin capability * Allow systemd-networkd the sys_admin capability * Update systemd-networkd policy in systemd v257 * Separate insights-core from insights-client * Removed unused insights_client interfaces calls from other modules * Update policy for insights_client wrt new rules for insights_core_t * Add policy for insights-core * Allow systemd-networkd use its private tmpfs files * Allow boothd connect to systemd-machined over a unix socket * Update init_explicit_domain() interface * Allow tlp to read/write nmi_watchdog state information * Allow power-profiles-daemon the bpf capability * Allow svirt_t to connect to nbdkit over a unix stream socket * Update ktlshd policy to read /proc/keys and domain keyrings * Allow virt_domain read hardware state information unconditionally * Allow init mounton crypto sysctl files * Rename winbind_rpcd_* types to samba_dcerpcd_* * Support peer-to-peer migration of vms using ssh * Allow virtqemud use hostdev usb devices conditionally * Allow virtqemud map svirt_image_t plain files * Allow virtqemud work with nvdimm devices * Support saving and restoring a VM to/from a block device * Allow virtnwfilterd dbus chat with firewalld - Update embedded container-selinux version to commit: * c9b3eca0e1a878a1fe79408cb6c2e89b38b10829 ==== serd ==== Version update (0.32.2 -> 0.32.4) - update to 0.32.4: * Fix overly permissive parsing of syntax names on the command line * Fix parsing NQuads lines with no space before the final dot * Fix reading chunks from files without trailing newlines * Fix rewriting special literals when datatype URIs are prefixed names * Gracefully handle errors while writing the end of anonymous nodes * Support reading lone lists in lax mode * Treat out of range unicode characters as errors * Write blank lines between graphs and statements in TriG * developer visible fixes ==== sord ==== Version update (0.16.16 -> 0.16.18) - update to 0.16.18: * Replace more platform-specific code with use of zix ==== sratom ==== Version update (0.6.14 -> 0.6.18) - update to 0.6.18: * Avoid snprintf when writing MIDI events * developer visible code fixes - includes changes from 0.6.16: * Constrain relative URI references to the base URI * maintenance and clean-up of build system ==== xinit ==== Version update (1.4.3 -> 1.4.4) - Update to version 1.4.4 This release fixes regresssions introduced by the shell script modernization in the 1.4.3 release, primarily seen on systems without the "mcookie" helper program to make xauth cookies, and thus using openssl or /dev/urandom to make cookies instead. Thanks to Peter Tribble of the Tribblix illumos distro for reporting the issue and testing the fixes. - adjusted xinit-suse.patch, xinit-tolerant-hostname-changes.patch ==== zxing-cpp ==== Version update (2.2.1 -> 2.3.0) - Update to 2.3.0 New features: * Add support for DX Film Edge read * Add support for detecting and reading Aztec Runes * Add reader support for DataBarLimited symbols * Add C-API in official build (EDIT: unfortunately the default is still off, to enable do cmake -DZXING_C_API=ON) * Add Kotlin/Native Wrapper * Add Rust wrapper based on C-API * Add .NET wrapper based on C-API * Introduce new name Barcode for Result which will be removed in 3.0 * LocalAverage binarizer: re-implement with symmetric threshold interpolation for improved detection of inverted symbols * cmake: replace BUILD_... prefix of cmake options with ZXING_... * cmake: switch to c++-20 by default for the core library * ImageView: introduce bounds checks in constructor * ImageView: Add ImageFormat::LumX for 2-byte grey + alpha input * ImageFormat: replace 'X' with 'A', e.g. RGBX -> RGBA * ZXingReader: add -binarizer command line option * ZXingReader: add -single option to setMaxNumberOfSymbols(1) * ZXingReader: parse -formats (including 's') command line argument * ZXingReader: support reading image file from stdin by passing '-' * android: switch 'namespace' from zxingcpp to zxingcpp.lib to fix issue with maven central publication * Python: add support to write bytes as binary data * ZXing::Version() function to query the library version at runtime (useful when dynamically linked) Minor changes and bug fixes: * Complete ZXIReaderOptions in iOS Wrapper * ios: remove initWithFormats initializer * cmake: Make build reproducible across different build directories * Release color space after use in iOS wrapper * cmake: allow overriding python install directories * Refine MultiFormatReader results filtering and apply C++20 erase_if * HRI: update AIs to latest gs1-syntax-dictionary.txt * android: add linker flag to support flexible page sizes in Android 15 * Deprecate validateITFCheckSum, validateCode39CheckSum, returnCodabarStartEnd * BitHacks: fix random QRCode content on pre-Haswell Windows machines * DataMatrix: improve detection of near 45° rotated symbols * cmake: add /utf-8 to MSVC compile flags * Barcode: tune operator==() to not split up overly tall linear symbols * Several ITFReader improvements * QRDecoder: return some content even in the presence of a checksum error * DataBar: improve detection rate by incorporating edge-2-edge pattern * PDF417: prevent wrong position info with right side collapsing to (0,0) * Python: make sure macOS and 64bit Linux packes on pypi.org support multi-symbol DataMatrix detection (c++20 support) - Drop obsolete version checks - Drop cmake.patch, no longer needed