Packages changed:
GraphicsMagick (1.3.43 -> 1.3.45)
Mesa
Mesa-drivers
apache2 (2.4.62 -> 2.4.63)
apache2-manual (2.4.62 -> 2.4.63)
apache2-prefork (2.4.62 -> 2.4.63)
apache2-utils (2.4.62 -> 2.4.63)
checkpolicy (3.8 -> 3.8.1)
container-selinux (2.234.2 -> 2.235.0)
libisofs (1.5.6 -> 1.5.6.pl01)
libkate (0.4.1 -> 0.4.3)
libmysofa (1.3.2 -> 1.3.3)
libselinux (3.8 -> 3.8.1)
libselinux-bindings (3.8 -> 3.8.1)
libsemanage (3.8 -> 3.8.1)
libsepol (3.8 -> 3.8.1)
luajit
netpbm (11.7.0 -> 11.9.3)
openSUSE-release (20250310 -> 20250311)
policycoreutils (3.8 -> 3.8.1)
python-Jinja2 (3.1.5 -> 3.1.6)
python-Pygments
python-kiwi (10.2.12 -> 10.2.13)
python-semanage (3.8 -> 3.8.1)
python311
python311-core
qca-qt5 (2.3.9 -> 2.3.10)
qca-qt6 (2.3.9 -> 2.3.10)
salt
sdl12_compat
selinux-policy (20250305 -> 20250307)
serd (0.32.2 -> 0.32.4)
sord (0.16.16 -> 0.16.18)
sratom (0.6.14 -> 0.6.18)
xinit (1.4.3 -> 1.4.4)
zxing-cpp (2.2.1 -> 2.3.0)
=== Details ===
==== GraphicsMagick ====
Version update (1.3.43 -> 1.3.45)
Subpackages: libGraphicsMagick++-Q16-12 libGraphicsMagick-Q16-3 libGraphicsMagick3-config
- version update to 1.3.45
Security Fixes:
* TIFF: Fixed multiple heap and stack buffer overflows (directed by
the source EXIF profile) while writing EXIF into the native TIFF
IFD.
* FITS: Fix problem that the FITS reader could return invalid image
frames with rows or columns set to zero. Other code in the library
crashes, or even asserts, if invalid image frames with rows or
columns set to zero are returned.
* Coverity fixes: Various fixes for Coverity issues raised after the
update to version 2023.12.2.
* Clang Analyzer (scan-build) fixes: Various fixes for new issues
discovered by Clang Analyzer.
Bug fixes:
* configure.ac: Fix a shell syntax error.
* GCC 14: Eliminate some new warnings which appeared while in -Wall
mode.
* JPEG: FormatJPEGSamplingFactors() now properly handles the number of
samples for each colorspace.
* JXL: Additional validations of color channel and alpha channel
depth.
* TGA: Fix issues discovered by Coverity.
* TGA: Fix writing TGA with opacity values in palette.
* TGA: Default orientation is (again) TopLeftOrientation.
* TIFF: Verify that TIFFTAG_BITSPERSAMPLE is within a rational range.
* TXT: Eliminate use of an uninitialized-value in GetColorTuple().
* XML: Improve detection of if the deprecated HTTP and FTP protocols
are supported by libxml2.
New Features:
* Add support for reading the pre-rendered image from the Open Raster
("ORA") format. Actual rendering of Open Raster is not supported.
* Add support for Dune HD AAI Image (aka Auburn Animation Image) image
format ("AAI").
* Add support for a --version option, which produces GNU style summary
version output.
* Identify output now indicates if the image is opaque.
* WebP: Add support for '-define webp:exact=true' to preserve exact
RGB values under transparent areas while writing WebP format.
Enable this automatically when lossless is enabled. If lossless is
enabled, this option may be used to disable exact mode.
* PerlMagick: Add AccessDefinition(), AddDefinition(),
AddDefinitions(), and RemoveDefinitions() methods to supporting
adding, updating, removing definitions.
API Updates:
* Magick++/STL.h: The deprecated std::unary_function is no longer used
given C++'11 or later. Continued use of it caused too many issues
due to an abundance of warnings.
* Wand API PixelSetQuantumColor(): The color argument is now a const
pointer.
Behavior Changes:
* The graphical progress indication in the X11 sub-apps 'animate' and
'display' is disabled due to discovering a tremendous performance
impact while rendering text under Ubuntu 22.04 LTS. The underlying
cause of the performance impact is not yet known. A text-based
progress output to the program's console is available via
`-monitor`.
* MagickMaxFileSystemBlockSize: Place an arbitrary limit (4,194,304
bytes) on maximum filesystem block size.
- modified patches
% GraphicsMagick-disable-insecure-coders.patch (refreshed)
==== Mesa ====
Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1
- Make build recipe POSIX sh compatible
==== Mesa-drivers ====
Subpackages: Mesa-dri Mesa-gallium Mesa-libva libxatracker2
- Make build recipe POSIX sh compatible
==== apache2 ====
Version update (2.4.62 -> 2.4.63)
- Update to 2.4.63:
* mod_dav: Update redirect-carefully example BrowserMatch config
to match more recent client versions.
* mod_cache_socache: Fix possible crash on error path.
* mod_ssl: Fail cleanly at startup if OpenSSL initialization fails.
* mod_md: update to version 2.4.31
- Improved error reporting when waiting for ACME server to verify
domains or finalizing the order fails, e.g. times out.
- Increasing the timeouts to wait for ACME server to verify domain
names and issue the certificate from 30 seconds to 5 minutes.
- Change a log level from error to debug when Stapling is enabled
but a certificate carries no OCSP responder URL.
* mod_proxy_balancer: Fix the handling of the stickysession
configuration parameter by the balancer manager.
* Add the ldap-search option to mod_authnz_ldap, allowing
authorization to be based on arbitrary expressions that do not
include the username. Make sure that when ldap searches are too
long, we explicitly log the error.
* mod_proxy: Honor parameters of ProxyPassMatch workers with substitution
in the host name or port.
* mod_log_config: Fix merging for the "LogFormat" directive.
* mod_lua: Make r.ap_auth_type writable.
* mod_md: update to version 2.4.29
- Fixed HTTP-01 challenges to not carry a final newline, as some
ACME server fail to ignore it.
- Fixed missing label+newline in server-status plain text output
when MDStapling is enabled.
* mod_ssl: Restore support for loading PKCS#11 keys via ENGINE
without "SSLCryptoDevice" configured.
* mod_authnz_ldap: Fix possible memory corruption if the
AuthLDAPSubGroupAttribute directive is configured.
* mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME when set via SetHandler.
* mod_rewrite, mod_proxy: mod_proxy to canonicalize rewritten URLs,
including "unix:" ones.
* mod_rewrite: Error out in case a RewriteRule in directory context
uses the proxy, but mod_proxy is not loaded.
* http: Remove support for Request-Range header sent by Navigator
2-3 and MSIE 3.
* mod_rewrite: Don't require flag to preserve a leading // added by
applying the perdir prefix to the substitution.
* Windows: Restore the ability to "Include" configuration files on
UNC paths.
* mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs
in Location (incomplete fix in 2.4.62).
* mod_md: update to version 2.4.28
- When the server starts, it looks for new, staged certificates to
activate. If the staged set of files in 'md/staging/' is messed
up, this could prevent further renewals to happen. Now, when the
staging set is present, but could not be activated due to an
error, purge the whole directory.
- Fix certificate retrieval on ACME renewal to not require a
'Location:' header returned by the ACME CA. This was the way it
was done in ACME before it became an IETF standard. Let's
Encrypt still supports this, but other CAs do not.
- Restore compatibility with OpenSSL < 1.1.
* mod_tls: removed the experimental module. It now is availble
standalone from
https://github.com/icing/mod_tls. The rustls
provided API is not stable and does not align with the httpd
release cycle.
* mod_rewrite: Better question mark tracking to avoid UnsafeAllow3F.
* mod_http2: Return connection monitoring to the event MPM when
blocking on client updates.
==== apache2-manual ====
Version update (2.4.62 -> 2.4.63)
- Update to 2.4.63:
* mod_dav: Update redirect-carefully example BrowserMatch config
to match more recent client versions.
* mod_cache_socache: Fix possible crash on error path.
* mod_ssl: Fail cleanly at startup if OpenSSL initialization fails.
* mod_md: update to version 2.4.31
- Improved error reporting when waiting for ACME server to verify
domains or finalizing the order fails, e.g. times out.
- Increasing the timeouts to wait for ACME server to verify domain
names and issue the certificate from 30 seconds to 5 minutes.
- Change a log level from error to debug when Stapling is enabled
but a certificate carries no OCSP responder URL.
* mod_proxy_balancer: Fix the handling of the stickysession
configuration parameter by the balancer manager.
* Add the ldap-search option to mod_authnz_ldap, allowing
authorization to be based on arbitrary expressions that do not
include the username. Make sure that when ldap searches are too
long, we explicitly log the error.
* mod_proxy: Honor parameters of ProxyPassMatch workers with substitution
in the host name or port.
* mod_log_config: Fix merging for the "LogFormat" directive.
* mod_lua: Make r.ap_auth_type writable.
* mod_md: update to version 2.4.29
- Fixed HTTP-01 challenges to not carry a final newline, as some
ACME server fail to ignore it.
- Fixed missing label+newline in server-status plain text output
when MDStapling is enabled.
* mod_ssl: Restore support for loading PKCS#11 keys via ENGINE
without "SSLCryptoDevice" configured.
* mod_authnz_ldap: Fix possible memory corruption if the
AuthLDAPSubGroupAttribute directive is configured.
* mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME when set via SetHandler.
* mod_rewrite, mod_proxy: mod_proxy to canonicalize rewritten URLs,
including "unix:" ones.
* mod_rewrite: Error out in case a RewriteRule in directory context
uses the proxy, but mod_proxy is not loaded.
* http: Remove support for Request-Range header sent by Navigator
2-3 and MSIE 3.
* mod_rewrite: Don't require flag to preserve a leading // added by
applying the perdir prefix to the substitution.
* Windows: Restore the ability to "Include" configuration files on
UNC paths.
* mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs
in Location (incomplete fix in 2.4.62).
* mod_md: update to version 2.4.28
- When the server starts, it looks for new, staged certificates to
activate. If the staged set of files in 'md/staging/' is messed
up, this could prevent further renewals to happen. Now, when the
staging set is present, but could not be activated due to an
error, purge the whole directory.
- Fix certificate retrieval on ACME renewal to not require a
'Location:' header returned by the ACME CA. This was the way it
was done in ACME before it became an IETF standard. Let's
Encrypt still supports this, but other CAs do not.
- Restore compatibility with OpenSSL < 1.1.
* mod_tls: removed the experimental module. It now is availble
standalone from
https://github.com/icing/mod_tls. The rustls
provided API is not stable and does not align with the httpd
release cycle.
* mod_rewrite: Better question mark tracking to avoid UnsafeAllow3F.
* mod_http2: Return connection monitoring to the event MPM when
blocking on client updates.
==== apache2-prefork ====
Version update (2.4.62 -> 2.4.63)
- Update to 2.4.63:
* mod_dav: Update redirect-carefully example BrowserMatch config
to match more recent client versions.
* mod_cache_socache: Fix possible crash on error path.
* mod_ssl: Fail cleanly at startup if OpenSSL initialization fails.
* mod_md: update to version 2.4.31
- Improved error reporting when waiting for ACME server to verify
domains or finalizing the order fails, e.g. times out.
- Increasing the timeouts to wait for ACME server to verify domain
names and issue the certificate from 30 seconds to 5 minutes.
- Change a log level from error to debug when Stapling is enabled
but a certificate carries no OCSP responder URL.
* mod_proxy_balancer: Fix the handling of the stickysession
configuration parameter by the balancer manager.
* Add the ldap-search option to mod_authnz_ldap, allowing
authorization to be based on arbitrary expressions that do not
include the username. Make sure that when ldap searches are too
long, we explicitly log the error.
* mod_proxy: Honor parameters of ProxyPassMatch workers with substitution
in the host name or port.
* mod_log_config: Fix merging for the "LogFormat" directive.
* mod_lua: Make r.ap_auth_type writable.
* mod_md: update to version 2.4.29
- Fixed HTTP-01 challenges to not carry a final newline, as some
ACME server fail to ignore it.
- Fixed missing label+newline in server-status plain text output
when MDStapling is enabled.
* mod_ssl: Restore support for loading PKCS#11 keys via ENGINE
without "SSLCryptoDevice" configured.
* mod_authnz_ldap: Fix possible memory corruption if the
AuthLDAPSubGroupAttribute directive is configured.
* mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME when set via SetHandler.
* mod_rewrite, mod_proxy: mod_proxy to canonicalize rewritten URLs,
including "unix:" ones.
* mod_rewrite: Error out in case a RewriteRule in directory context
uses the proxy, but mod_proxy is not loaded.
* http: Remove support for Request-Range header sent by Navigator
2-3 and MSIE 3.
* mod_rewrite: Don't require flag to preserve a leading // added by
applying the perdir prefix to the substitution.
* Windows: Restore the ability to "Include" configuration files on
UNC paths.
* mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs
in Location (incomplete fix in 2.4.62).
* mod_md: update to version 2.4.28
- When the server starts, it looks for new, staged certificates to
activate. If the staged set of files in 'md/staging/' is messed
up, this could prevent further renewals to happen. Now, when the
staging set is present, but could not be activated due to an
error, purge the whole directory.
- Fix certificate retrieval on ACME renewal to not require a
'Location:' header returned by the ACME CA. This was the way it
was done in ACME before it became an IETF standard. Let's
Encrypt still supports this, but other CAs do not.
- Restore compatibility with OpenSSL < 1.1.
* mod_tls: removed the experimental module. It now is availble
standalone from
https://github.com/icing/mod_tls. The rustls
provided API is not stable and does not align with the httpd
release cycle.
* mod_rewrite: Better question mark tracking to avoid UnsafeAllow3F.
* mod_http2: Return connection monitoring to the event MPM when
blocking on client updates.
==== apache2-utils ====
Version update (2.4.62 -> 2.4.63)
- Update to 2.4.63:
* mod_dav: Update redirect-carefully example BrowserMatch config
to match more recent client versions.
* mod_cache_socache: Fix possible crash on error path.
* mod_ssl: Fail cleanly at startup if OpenSSL initialization fails.
* mod_md: update to version 2.4.31
- Improved error reporting when waiting for ACME server to verify
domains or finalizing the order fails, e.g. times out.
- Increasing the timeouts to wait for ACME server to verify domain
names and issue the certificate from 30 seconds to 5 minutes.
- Change a log level from error to debug when Stapling is enabled
but a certificate carries no OCSP responder URL.
* mod_proxy_balancer: Fix the handling of the stickysession
configuration parameter by the balancer manager.
* Add the ldap-search option to mod_authnz_ldap, allowing
authorization to be based on arbitrary expressions that do not
include the username. Make sure that when ldap searches are too
long, we explicitly log the error.
* mod_proxy: Honor parameters of ProxyPassMatch workers with substitution
in the host name or port.
* mod_log_config: Fix merging for the "LogFormat" directive.
* mod_lua: Make r.ap_auth_type writable.
* mod_md: update to version 2.4.29
- Fixed HTTP-01 challenges to not carry a final newline, as some
ACME server fail to ignore it.
- Fixed missing label+newline in server-status plain text output
when MDStapling is enabled.
* mod_ssl: Restore support for loading PKCS#11 keys via ENGINE
without "SSLCryptoDevice" configured.
* mod_authnz_ldap: Fix possible memory corruption if the
AuthLDAPSubGroupAttribute directive is configured.
* mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME when set via SetHandler.
* mod_rewrite, mod_proxy: mod_proxy to canonicalize rewritten URLs,
including "unix:" ones.
* mod_rewrite: Error out in case a RewriteRule in directory context
uses the proxy, but mod_proxy is not loaded.
* http: Remove support for Request-Range header sent by Navigator
2-3 and MSIE 3.
* mod_rewrite: Don't require flag to preserve a leading // added by
applying the perdir prefix to the substitution.
* Windows: Restore the ability to "Include" configuration files on
UNC paths.
* mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs
in Location (incomplete fix in 2.4.62).
* mod_md: update to version 2.4.28
- When the server starts, it looks for new, staged certificates to
activate. If the staged set of files in 'md/staging/' is messed
up, this could prevent further renewals to happen. Now, when the
staging set is present, but could not be activated due to an
error, purge the whole directory.
- Fix certificate retrieval on ACME renewal to not require a
'Location:' header returned by the ACME CA. This was the way it
was done in ACME before it became an IETF standard. Let's
Encrypt still supports this, but other CAs do not.
- Restore compatibility with OpenSSL < 1.1.
* mod_tls: removed the experimental module. It now is availble
standalone from
https://github.com/icing/mod_tls. The rustls
provided API is not stable and does not align with the httpd
release cycle.
* mod_rewrite: Better question mark tracking to avoid UnsafeAllow3F.
* mod_http2: Return connection monitoring to the event MPM when
blocking on client updates.
==== checkpolicy ====
Version update (3.8 -> 3.8.1)
- Update to version 3.8.1
https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
* no source change
==== container-selinux ====
Version update (2.234.2 -> 2.235.0)
- Update to version 2.235.0:
* Bump to v2.235.0
* OWNERS: add wrabcak and zpytela
* OWNERS: initial commit
* container_log{reader,writer}_t: allow watch file
* RPM: Update gating config
* Enable aarch64 testing
* TMT: simplify podman tests
* feat: support /var/lib/crio
- OBS service file: use the tagged commit for archive versioning and don't
just archive the latest changes from the main branch using the latest tag
==== libisofs ====
Version update (1.5.6 -> 1.5.6.pl01)
- update to 1.5.6.pl01:
* Bug fix: iso_write_opts_set_part_like_isohybrid() did not cause
a MBR partition table if the partitions are data files in the
ISO rather than appended
* Bug fix: The lseek methods of IsoFileSource for local
filesystem and loaded ISO returned libisofs error codes as
positive off_t numbers
* Bug fix: Freshly cloned data files from imported image were
not marked as imported.
* Bug fix: Size of further CE area was calculated wrong if its
CE entry ended exactly at a block boundary
* New iso_write_opts_set_system_area() option bits 16:
GPT "Legacy BIOS bootable" and 17: GPT writable
* New API calls iso_assess_written_features(),
iso_read_image_feature_named(),
iso_read_image_features_text()
* Allowed lseekable device files with
iso_tree_add_new_cut_out_node().
* New API call iso_write_opts_set_max_ce_entries()
==== libkate ====
Version update (0.4.1 -> 0.4.3)
Subpackages: libkate1 liboggkate1
- update to 0.4.3:
* full Python 3 compatibility
- includes changes from 0.4.2:
* Adjust decoder to allow zero sized metadata content
* Adjust text parsing to better recognize invalid UNICODE
* Eliminate timing precision issues in writing to kate format,
and ensure seconds are written with a leading 0 if less than 10
* Fixes to build systems, compiler warnings
* Correct option handling in KateDJ.
* Adust kate_high_decode_init() to avoid use after free
- drop disable-namespace-test.patch
==== libmysofa ====
Version update (1.3.2 -> 1.3.3)
- update to 1.3.3:
* Remove file size limit
* add an -o output option
* developer visible fixes and portability fixes
- drop Install-header-when-only-building-shared-lib.patch, included
==== libselinux ====
Version update (3.8 -> 3.8.1)
Subpackages: libselinux1 libselinux1-32bit selinux-tools
- Update to version 3.8.1
https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
* no source change
==== libselinux-bindings ====
Version update (3.8 -> 3.8.1)
- Update to version 3.8.1
https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
* no source change
==== libsemanage ====
Version update (3.8 -> 3.8.1)
Subpackages: libsemanage-conf libsemanage2
- Update to version 3.8.1
https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
* libsemanage: improved performance of semanage store rebuild
==== libsepol ====
Version update (3.8 -> 3.8.1)
- Update to version 3.8.1
https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
* no source change
==== luajit ====
- Enable lua 5.2 compatibility (Needed for build aegisubs)
==== netpbm ====
Version update (11.7.0 -> 11.9.3)
Subpackages: libnetpbm11
- version update to 11.9.3
* Release 11.09.03
+ giftopnm: Fix wild pointer reference with -verbose and
invalid extension type. Broken in Netpbm 10.59 (December 2012).
pdbimgtopam, pamtopdbimg: Fix crash when out of memory. Always
broken (programs were new in Netpbm 10.52 (September 2010)).
+ pamrestack: fix failure when height too large for computations.
Broken in Netpbm 10.99 (June 2022).
* Release 11.09.02
+ pammixmulti: Fix crash similar to that fixed in 11.09.01.
Introduced in Netpbm 11.09.00 (December 2024).
* Release 11.09.01
+ pammixmulti: Fix crash from uninitialized memory. Introduced in
Netpbm 11.09.00 (December 2024).
* Release 11.09.00
+ pammixmulti: Add -blend=alpha-weighted. Thanks Scott Pakin.
+ ppmhist: Don't accept -nomap and -map together, or -colorname
with -map. (Before, -nomap and -colorname were ignored with
- map).
+ libnetpbm: Fix crash in ppm_colorDict_destroy; affects all
programs that use color names. Introduced in Netpbm 11.07 (June
2024).
+ pcxtoppm: Fix wildly incorrect output for all multiplane images.
Broken in Netpbm 11.04 (September 2023).
+ pbmtoascii: Fix bug: allows both -1x2 and -2x4. Always present
(pbmtoascii existed in primordial Netpbm).
+ build: fix type mismatch warning linking ppmtompeg. Always
broken (ppmtompeg was new to Netpbm in April 2004).
+ build: Make it work with -std=gnu23, which is the default in
recent GCC. To wit, remove local declaration of "bool".
+ makeman: fix for HTML lists that have blank lines between items.
* Release 11.08.00
+ libnetpbm color name parsing: Fix handling of rgb: color names
with more than 4 hex digits per plane, so it throws an error
instead of generating an invalid or wrong color. Broken in
primordial Netpbm.
+ libnetpbm color name parsing: Fix error message for invalid
rgb-<MAXVAL> color name.
+ build: fix typo in check of DARWIN_C_SOURCE so strdup, etc.
are properly defined on OS X.
- modified patches
% netpbm-security-code.patch (refreshed)
- deleted patches
- netpbm-gcc15.patch (upstreamed)
==== openSUSE-release ====
Version update (20250310 -> 20250311)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== policycoreutils ====
Version update (3.8 -> 3.8.1)
Subpackages: policycoreutils-lang policycoreutils-python-utils python313-policycoreutils
- Update to version 3.8.1
https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
* no source change
==== python-Jinja2 ====
Version update (3.1.5 -> 3.1.6)
- Update to 3.1.6
* The ``|attr`` filter does not bypass the environment's attribute lookup,
allowing the sandbox to apply its checks.
==== python-Pygments ====
Subpackages: python311-Pygments python313-Pygments
- Remove files from testsamples that licensedigger flagged as high risks.
Also created an issue upstream for potential licensing issues. See
https://github.com/pygments/pygments/issues/2872
- Disable tests which depended on those files
==== python-kiwi ====
Version update (10.2.12 -> 10.2.13)
- Bump version: 10.2.12 → 10.2.13
- Lookup CHRP loader instead of using a static name
On ppc the CHRP loader name can vary between distributions.
This commit adds a search method to lookup different ELF
loader names. In addition an integration test image for
Fedora was added. This Fixes #2741
==== python-semanage ====
Version update (3.8 -> 3.8.1)
- Update to version 3.8.1
https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
* libsemanage: improved performance of semanage store rebuild
==== python311 ====
Subpackages: python311-curses python311-dbm python311-x86-64-v3
- Skip PGO with %want_reproducible_builds (bsc#1239210)
==== python311-core ====
Subpackages: libpython3_11-1_0 libpython3_11-1_0-x86-64-v3 python311-base python311-base-x86-64-v3
- Skip PGO with %want_reproducible_builds (bsc#1239210)
==== qca-qt5 ====
Version update (2.3.9 -> 2.3.10)
Subpackages: libqca-qt5-2 qca-qt5-plugins
- Update to version 2.3.10:
* Increase version number
* Avoid some clang-format incompatibility issues
* Port away from CMP0042
* CI: Remove build_clazy_clang_tidy build
* CI: Use clang-format 19
* CI: Fix FreeBSD build
* Retire KF5 Android CI
* Avoid using QtTest module include which slows down compilation
- Switch _service to use mode="manual"
==== qca-qt6 ====
Version update (2.3.9 -> 2.3.10)
Subpackages: libqca-qt6-2 qca-qt6-plugins
- Update to version 2.3.10:
* Increase version number
* Avoid some clang-format incompatibility issues
* Port away from CMP0042
* CI: Remove build_clazy_clang_tidy build
* CI: Use clang-format 19
* CI: Fix FreeBSD build
* Retire KF5 Android CI
* Avoid using QtTest module include which slows down compilation
- Switch _service to use mode="manual"
==== salt ====
Subpackages: python311-salt salt-master salt-minion
- Detect openEuler as RedHat family OS
- Ensure the correct crypt module is loaded
- Implement multiple inventory for ansible.targets
- Make x509 module compatible with M2Crypto 0.44.0
- Remove deprecated code from x509.certificate_managed test mode
- Move logrotate config to /usr/etc/logrotate.d where possible
- Added:
* detect-openeuler-as-redhat-family-os.patch
* ensure-the-correct-crypt-module-is-loaded.patch
* implement-multiple-inventory-for-ansible.targets.patch
* make-x509-module-compatible-with-m2crypto-0.44.0.patch
* remove-deprecated-code-from-x509.certificate_managed.patch
- Add DEB822 apt repository format support
- Make Salt-SSH work with all SSH passwords (bsc#1215484)
- Added:
* add-deb822-apt-source-format-support-692.patch
* remove-password-from-shell-after-functional-text-mat.patch
==== sdl12_compat ====
- Delete self-conflicts
==== selinux-policy ====
Version update (20250305 -> 20250307)
Subpackages: selinux-policy-targeted
- Update to version 20250307:
* allow systemd_pcrlock_t to manage dos directories (bsc#1233358)
* Allow snapper to manage dos files and dontaudit execmem (bsc#1233358)
* enabled filed name transitions for systemd_pcrlock (bsc#1233358)
* Update kmscon policy module to kmscon version 9 (bsc#1238137)
* Revert "Allow systemd-networkd to rw memfd objects in tmpfs (bsc#1237515)"
* Remove duplicate dev_rw_dma_dev(xdm_t)
* Allow thumbnailer read and write the dma device
* Allow named_filetrans_domain filetrans raid/mdadm named content
* Allow afterburn to mount and read config drives
* Allow mptcpd the net_admin capability
* Allow systemd-networkd the sys_admin capability
* Update systemd-networkd policy in systemd v257
* Separate insights-core from insights-client
* Removed unused insights_client interfaces calls from other modules
* Update policy for insights_client wrt new rules for insights_core_t
* Add policy for insights-core
* Allow systemd-networkd use its private tmpfs files
* Allow boothd connect to systemd-machined over a unix socket
* Update init_explicit_domain() interface
* Allow tlp to read/write nmi_watchdog state information
* Allow power-profiles-daemon the bpf capability
* Allow svirt_t to connect to nbdkit over a unix stream socket
* Update ktlshd policy to read /proc/keys and domain keyrings
* Allow virt_domain read hardware state information unconditionally
* Allow init mounton crypto sysctl files
* Rename winbind_rpcd_* types to samba_dcerpcd_*
* Support peer-to-peer migration of vms using ssh
* Allow virtqemud use hostdev usb devices conditionally
* Allow virtqemud map svirt_image_t plain files
* Allow virtqemud work with nvdimm devices
* Support saving and restoring a VM to/from a block device
* Allow virtnwfilterd dbus chat with firewalld
- Update embedded container-selinux version to commit:
* c9b3eca0e1a878a1fe79408cb6c2e89b38b10829
==== serd ====
Version update (0.32.2 -> 0.32.4)
- update to 0.32.4:
* Fix overly permissive parsing of syntax names on the command
line
* Fix parsing NQuads lines with no space before the final dot
* Fix reading chunks from files without trailing newlines
* Fix rewriting special literals when datatype URIs are prefixed
names
* Gracefully handle errors while writing the end of anonymous
nodes
* Support reading lone lists in lax mode
* Treat out of range unicode characters as errors
* Write blank lines between graphs and statements in TriG
* developer visible fixes
==== sord ====
Version update (0.16.16 -> 0.16.18)
- update to 0.16.18:
* Replace more platform-specific code with use of zix
==== sratom ====
Version update (0.6.14 -> 0.6.18)
- update to 0.6.18:
* Avoid snprintf when writing MIDI events
* developer visible code fixes
- includes changes from 0.6.16:
* Constrain relative URI references to the base URI
* maintenance and clean-up of build system
==== xinit ====
Version update (1.4.3 -> 1.4.4)
- Update to version 1.4.4
This release fixes regresssions introduced by the shell script modernization
in the 1.4.3 release, primarily seen on systems without the "mcookie" helper
program to make xauth cookies, and thus using openssl or /dev/urandom to
make cookies instead. Thanks to Peter Tribble of the Tribblix illumos distro
for reporting the issue and testing the fixes.
- adjusted xinit-suse.patch, xinit-tolerant-hostname-changes.patch
==== zxing-cpp ====
Version update (2.2.1 -> 2.3.0)
- Update to 2.3.0
New features:
* Add support for DX Film Edge read
* Add support for detecting and reading Aztec Runes
* Add reader support for DataBarLimited symbols
* Add C-API in official build (EDIT: unfortunately the default
is still off, to enable do cmake -DZXING_C_API=ON)
* Add Kotlin/Native Wrapper
* Add Rust wrapper based on C-API
* Add .NET wrapper based on C-API
* Introduce new name Barcode for Result which will be removed
in 3.0
* LocalAverage binarizer: re-implement with symmetric
threshold interpolation for improved detection of inverted
symbols
* cmake: replace BUILD_... prefix of cmake options with ZXING_...
* cmake: switch to c++-20 by default for the core library
* ImageView: introduce bounds checks in constructor
* ImageView: Add ImageFormat::LumX for 2-byte grey + alpha input
* ImageFormat: replace 'X' with 'A', e.g. RGBX -> RGBA
* ZXingReader: add -binarizer <local|global|fixed> command
line option
* ZXingReader: add -single option to setMaxNumberOfSymbols(1)
* ZXingReader: parse -formats (including 's') command line
argument
* ZXingReader: support reading image file from stdin by passing '-'
* android: switch 'namespace' from zxingcpp to zxingcpp.lib to fix
issue with maven central publication
* Python: add support to write bytes as binary data
* ZXing::Version() function to query the library version at
runtime (useful when dynamically linked)
Minor changes and bug fixes:
* Complete ZXIReaderOptions in iOS Wrapper
* ios: remove initWithFormats initializer
* cmake: Make build reproducible across different build directories
* Release color space after use in iOS wrapper
* cmake: allow overriding python install directories
* Refine MultiFormatReader results filtering and apply C++20 erase_if
* HRI: update AIs to latest gs1-syntax-dictionary.txt
* android: add linker flag to support flexible page sizes in Android 15
* Deprecate validateITFCheckSum, validateCode39CheckSum,
returnCodabarStartEnd
* BitHacks: fix random QRCode content on pre-Haswell Windows machines
* DataMatrix: improve detection of near 45° rotated symbols
* cmake: add /utf-8 to MSVC compile flags
* Barcode: tune operator==() to not split up overly tall linear symbols
* Several ITFReader improvements
* QRDecoder: return some content even in the presence of a checksum error
* DataBar: improve detection rate by incorporating edge-2-edge pattern
* PDF417: prevent wrong position info with right side collapsing to (0,0)
* Python: make sure macOS and 64bit Linux packes on pypi.org support
multi-symbol DataMatrix detection (c++20 support)
- Drop obsolete version checks
- Drop cmake.patch, no longer needed
