Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20240423

Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports

Packages changed:
  NetworkManager (1.44.2 -> 1.44.4)
  gcc14 (14.0.1+git9885 -> 14.0.1+git10008)
  gdk-pixbuf
  glib2
  glibc
  gtk2
  gtk4 (4.14.2 -> 4.14.3)
  icewm
  inkscape
  kernel-firmware (20240322 -> 20240419)
  kernel-source (6.8.6 -> 6.8.7)
  kf6-solid
  libheif
  libmusicbrainz
  libqt5-qtwebengine
  libxml2 (2.11.6 -> 2.12.6)
  libxml2-python (2.11.6 -> 2.12.6)
  libzypp (17.32.4 -> 17.32.5)
  llvm18 (18.1.3 -> 18.1.4)
  mozjs115
  openSUSE-release (20240418 -> 20240423)
  python-argcomplete (3.2.2 -> 3.3.0)
  python-gevent (23.9.1 -> 24.2.1)
  python-numpy (1.26.2 -> 1.26.4)
  python-pycparser (2.21 -> 2.22)
  python-pycups (2.0.1 -> 2.0.4)
  python311 (3.11.8 -> 3.11.9)
  python311-core (3.11.8 -> 3.11.9)
  setools (4.4.4 -> 4.5.0)
  transactional-update (4.6.5 -> 4.6.6)
  xfsprogs (6.6.0 -> 6.7.0)

=== Details ===

==== NetworkManager ====
Version update (1.44.2 -> 1.44.4)
Subpackages: NetworkManager-bluetooth NetworkManager-tui NetworkManager-wwan 
libnm0 typelib-1_0-NM-1_0

- Update to version 1.44.4:
  + Add the 'dns-change' dispatcher event.
  + Various fixed related to IPv4 duplicate address detection.
  + Fix support for OVS netdev datapath
  + Fix handling of IPv6 hop limit

==== gcc14 ====
Version update (14.0.1+git9885 -> 14.0.1+git10008)
Subpackages: libasan8 libatomic1 libgcc_s1 libgfortran5 libgomp1 libhwasan0 
libitm1 liblsan0 libobjc4 libstdc++6 libstdc++6-pp libtsan2 libubsan1

- Update to trunk head, 7c2a9dbcc2c1cb1563774068c59d5e09e, git10008

==== gdk-pixbuf ====
Subpackages: gdk-pixbuf-query-loaders gdk-pixbuf-thumbnailer 
libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0

- Fix path to gdk-pixbuf-query-loader in pkg-config file: we rename
  the loader to be multi-arch compatible and thus also need to
  adjust the .pc file to have build-systems find it.

==== glib2 ====
Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 
libgobject-2_0-0 libgthread-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 
typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0

- require dbus-launch only if dbus-service is wanted. This helps
  with stripping down container-only builds

==== glibc ====
Subpackages: glibc-devel glibc-extra glibc-locale glibc-locale-base nscd

- iconv-iso-2022-cn-ext.patch: iconv: ISO-2022-CN-EXT: fix out-of-bound
  writes when writing escape sequence (CVE-2024-2961, bsc#1222992)

==== gtk2 ====
Subpackages: gtk2-data gtk2-tools libgtk-2_0-0

- Do not recommend the variuos -immodule-*: they have locale based
  provides which makes zypper install them when the locales are
  requested.

==== gtk4 ====
Version update (4.14.2 -> 4.14.3)
Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0

- Update to version 4.14.3:
  + GtkShortcutManager: Track the propagation phase of added
    controllers.
  + Accessibility: Implement GtkAccessibleRange for scrollbars.
  + X11:
  - Fix some confusing debug messages
  - Drop a no-longer-relevant optimization that was interfering
    with getting the current window manager capabilities.
  + Tools: Support generating pdf in gtk4-rendernode-tool.
  + Updated translations.

==== icewm ====
Subpackages: icewm-config-upstream icewm-default icewm-lite

- Do not recommends icewm-lang: the -lang package has already more
  sophisticated supplements. The various sub-packages require
  icewm, and thus get the supplements satisfied indirectly.

==== inkscape ====
Subpackages: inkscape-extensions-extra inkscape-extensions-gimp

- Add inkscape-libxml2.12.patch: Fix build with libxml 2.12.

==== kernel-firmware ====
Version update (20240322 -> 20240419)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k 
kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros 
kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm 
kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 
kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio 
kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek 
kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network 
kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform 
kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic 
kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial 
kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle 
kernel-firmware-usb-network

- Update to version 20240419 (git commit 7eab37522984):
  * Montage: update firmware for Mont-TSSE
  * linux-firmware: Add tuning parameter configs for CS35L41 Firmware
  * linux-firmware: Fix firmware names for Laptop SSID 104316a3
  * linux-firmware: Add CS35L41 HDA Firmware for Lenovo Legion Slim 7 16ARHA7
  * linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
  * linux-firmware: update firmware for MT7922 WiFi device
  * iwlwifi: add gl FW for core87-44 release
  * iwlwifi: add ty/So/Ma firmwares for core87-44 release
  * iwlwifi: update cc/Qu/QuZ firmwares for core87-44 release
  * nvidia: Update Tegra210 XUSB firmware to v50.29
  * amdgpu: update beige goby firmware
  * amdgpu: update dimgrey cavefish firmware
  * amdgpu: update psp 13.0.11 firmware
  * amdgpu: update gc 11.0.4 firmware
  * amdgpu: update navy flounder firmware
  * amdgpu: update renoir firmware
  * amdgpu: update vcn 4.0.2 firmware
  * amdgpu: update sdma 6.0.1 firmware
  * amdgpu: update psp 13.0.4 firmware
  * amdgpu: update gc 11.0.1 firmware
  * amdgpu: update sienna cichlid firmware
  * amdgpu: update vega20 firmware
  * amdgpu: update yellow carp firmware
  * amdgpu: update green sardine firmware
  * amdgpu: update vega12 firmware
  * amdgpu: update raven2 firmware
  * amdgpu: update vcn 4.0.4 firmware
  * amdgpu: update smu 13.0.7 firmware
  * amdgpu: update sdma 6.0.2 firmware
  * amdgpu: update ipsp 13.0.7 firmware
  * amdgpu: update gc 11.0.2 firmware
  * amdgpu: update vega10 firmware
  * amdgpu: update raven firmware
  * amdgpu: update navi14 firmware
  * amdgpu: update smu 13.0.10 firmware
  * amdgpu: update sdma 6.0.3 firmware
  * amdgpu: update psp 13.0.10 firmware
  * amdgpu: update gc 11.0.3 firmware
  * amdgpu: update vcn 3.1.2 firmware
  * amdgpu: update psp 13.0.5 firmware
  * amdgpu: update gc 10.3.6 firmware
  * amdgpu: update navi12 firmware
  * amdgpu: update arcturus firmware
  * amdgpu: update vangogh firmware
  * amdgpu: update navi10 firmware
  * amdgpu: update vcn 4.0.3 firmware
  * amdgpu: update smu 13.0.6 firmware
  * amdgpu: update psp 13.0.6 firmware
  * amdgpu: update gc 9.4.3 firmware
  * amdgpu: update vcn 4.0.0 firmware
  * amdgpu: update smu 13.0.0 firmware
  * amdgpu: update sdma 6.0.0 firmware
  * amdgpu: update psp 13.0.0 firmware
  * amdgpu: update gc 11.0.0 firmware
  * amdgpu: update  firmware
  * amdgpu: update aldebaran firmware
  * amdgpu: update psp 13.0.8 firmware
  * amdgpu: update gc 10.3.7 firmware
  * linux-firmware: mediatek: Update MT8173 VPU firmware to v1.1.9
  * ath10k: WCN3990: hw1.0: add qcm2290 firmware API file
  * ath10k: WCN3990: hw1.0: move firmware back from qcom/ location
  * i915: Add DG2 HuC 7.10.15
  * amdgpu: DMCUB updates for various AMDGPU ASICs
  * linux-firmware: update firmware for en8811h 2.5G ethernet phy
  * rtw89: 8852c: update fw to v0.27.56.14
  * rtw89: 8922a: add firmware v0.35.18.0
  * rtw88: Add RTL8703B firmware v11.0.0

==== kernel-source ====
Version update (6.8.6 -> 6.8.7)

- Linux 6.8.7 (bsc#1012628).
- drm/amd/display: fix disable otg wa logic in DCN316
  (bsc#1012628).
- drm/amd/display: always reset ODM mode in context when adding
  first plane (bsc#1012628).
- drm/amd/display: Return max resolution supported by DWB
  (bsc#1012628).
- drm/amd/display: Do not recursively call manual trigger
  programming (bsc#1012628).
- drm/amd/display: Set VSC SDP Colorimetry same way for MST and
  SST (bsc#1012628).
- drm/amd/display: Program VSC SDP colorimetry for all DP sinks >=
  1.4 (bsc#1012628).
- drm/amdgpu: differentiate external rev id for gfx 11.5.0
  (bsc#1012628).
- drm/amdgpu: fix incorrect number of active RBs for gfx11
  (bsc#1012628).
- drm/amdgpu: always force full reset for SOC21 (bsc#1012628).
- drm/amdgpu: Reset dGPU if suspend got aborted (bsc#1012628).
- drm/i915: Disable live M/N updates when using bigjoiner
  (bsc#1012628).
- drm/i915: Disable port sync when bigjoiner is used
  (bsc#1012628).
- drm/i915/psr: Disable PSR when bigjoiner is used (bsc#1012628).
- drm/i915/cdclk: Fix CDCLK programming order when pipes are
  active (bsc#1012628).
- commit a2ed3b5
-  x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with
  CONFIG_MITIGATION_SPECTRE_BHI (bsc#1012628 bsc#1217339
  CVE-2024-2201).
- Update config files.
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto
  (bsc#1012628).
- x86/bugs: Clarify that syscall hardening isn't a BHI mitigation
  (bsc#1012628).
- x86/bugs: Fix BHI handling of RRSBA (bsc#1012628).
- x86/bugs: Rename various 'ia32_cap' variables to
  'x86_arch_cap_msr' (bsc#1012628).
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES
  (bsc#1012628).
- x86/bugs: Fix BHI documentation (bsc#1012628).
- x86/bugs: Fix return type of spectre_bhi_state() (bsc#1012628).
- kernfs: annotate different lockdep class for of->mutex of
  writable files (bsc#1012628).
- selftests: kselftest: Fix build failure with NOLIBC
  (bsc#1012628).
- irqflags: Explicitly ignore lockdep_hrtimer_exit() argument
  (bsc#1012628).
- x86/apic: Force native_apic_mem_read() to use the MOV
  instruction (bsc#1012628).
- selftests: kselftest: Mark functions that unconditionally call
  exit() as __noreturn (bsc#1012628).
- selftests: timers: Fix abs() warning in posix_timers test
  (bsc#1012628).
- selftests: timers: Fix posix_timers ksft_print_msg() warning
  (bsc#1012628).
- selftests/timers/posix_timers: Reimplement
  check_timer_distribution() (bsc#1012628).
- x86/cpu: Actually turn off mitigations by default for
  SPECULATION_MITIGATIONS=n (bsc#1012628).
- perf/x86: Fix out of range data (bsc#1012628).
- vhost: Add smp_rmb() in vhost_enable_notify() (bsc#1012628).
- vhost: Add smp_rmb() in vhost_vq_avail_empty() (bsc#1012628).
- arm64: dts: imx8-ss-dma: fix spi lpcg indices (bsc#1012628).
- arm64: dts: imx8-ss-lsio: fix pwm lpcg indices (bsc#1012628).
- arm64: dts: imx8-ss-dma: fix pwm lpcg indices (bsc#1012628).
- arm64: dts: imx8-ss-conn: fix usb lpcg indices (bsc#1012628).
- arm64: dts: imx8-ss-dma: fix adc lpcg indices (bsc#1012628).
- arm64: dts: imx8-ss-dma: fix can lpcg indices (bsc#1012628).
- arm64: dts: imx8qm-ss-dma: fix can lpcg indices (bsc#1012628).
- drm/amdgpu/umsch: reinitialize write pointer in hw init
  (bsc#1012628).
- drm/msm/dp: fix runtime PM leak on connect failure
  (bsc#1012628).
- drm/msm/dp: fix runtime PM leak on disconnect (bsc#1012628).
- drm/client: Fully protect modes[] with dev->mode_config.mutex
  (bsc#1012628).
- drm/panfrost: Fix the error path in
  panfrost_mmu_map_fault_addr() (bsc#1012628).
- drm/ast: Fix soft lockup (bsc#1012628).
- drm/amdkfd: Reset GPU on queue preemption failure (bsc#1012628).
- drm/i915/vrr: Disable VRR when using bigjoiner (bsc#1012628).
- drm/vmwgfx: Enable DMA mappings with SEV (bsc#1012628).
- accel/ivpu: Fix deadlock in context_xa (bsc#1012628).
- accel/ivpu: Return max freq for DRM_IVPU_PARAM_CORE_CLOCK_RATE
  (bsc#1012628).
- accel/ivpu: Put NPU back to D3hot after failed resume
  (bsc#1012628).
- accel/ivpu: Fix PCI D0 state entry in resume (bsc#1012628).
- accel/ivpu: Check return code of ipc->lock init (bsc#1012628).
- scsi: sg: Avoid race in error handling & drop bogus warn
  (bsc#1012628).
- scsi: sg: Avoid sg device teardown race (bsc#1012628).
- fs/proc: Skip bootloader comment if no embedded kernel
  parameters (bsc#1012628).
- fs/proc: remove redundant comments from /proc/bootconfig
  (bsc#1012628).
- kprobes: Fix possible use-after-free issue on kprobe
  registration (bsc#1012628).
    ... changelog too long, skipping 198 lines ...
- commit 5c0cf23

==== kf6-solid ====
Subpackages: kf6-solid-tools libKF6Solid6

- Add patch to fix mounting encrypted drives (kde#485507, boo#1222980):
  * 0001-udisks-Return-empty-string-for-root-clearTextPath.patch

==== libheif ====
Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg 
libheif-jpeg libheif-openjpeg libheif-rav1e libheif-svtenc libheif1

- Add libheif-svtav1.patch: Fix compilation with libsvtav1 2.0.0.

==== libmusicbrainz ====

- Add libmusicbrainz-libxml2.12.patch: Fix build against libxml
  2.12.

==== libqt5-qtwebengine ====

- Add patch to fix build with libxml >= 2.12:
  * 0001-Fix-building-with-system-libxml2.patch

==== libxml2 ====
Version update (2.11.6 -> 2.12.6)
Subpackages: libxml2-2 libxml2-tools

- Update to version 2.12.6
  * Regressions
  - parser: Fix detection of duplicate attributes in XML namespace
  - xmlreader: Fix xmlTextReaderConstEncoding
  - html: Fix htmlCreatePushParserCtxt with encoding
  - xmllint: Return error code if XPath returns empty nodeset
- Update to version 2.12.5
  * Security
  - [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking
  * Regressions
  - parser: Fix crash in xmlParseInNodeContext with HTML documents
- Update to version 2.12.4
  * Regressions
  - parser: Fix regression parsing standalone declarations
  - autotools: Readd --with-xptr-locs configuration option
  - parser: Fix build --without-output
  - parser: Don't grow or shrink pull parser memory buffers
  - io: Fix memory lifetime issue with input buffers
- Update to version 2.12.3
  * Regressions
  - parser: Fix namespaces redefined from default attributes
  * Build fixes
  - include: Rename XML_EMPTY helper macro
  - include: Move declaration of xmlInitGlobals
  - include: Add missing includes
  - include: Move globals from xmlsave.h to parser.h
  - include: Readd circular dependency between tree.h and parser.h
- Drop libxml2-CVE-2024-25062.patch as it is part of upstream

==== libxml2-python ====
Version update (2.11.6 -> 2.12.6)

- Update to version 2.12.6
  * Regressions
  - parser: Fix detection of duplicate attributes in XML namespace
  - xmlreader: Fix xmlTextReaderConstEncoding
  - html: Fix htmlCreatePushParserCtxt with encoding
  - xmllint: Return error code if XPath returns empty nodeset
- Update to version 2.12.5
  * Security
  - [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking
  * Regressions
  - parser: Fix crash in xmlParseInNodeContext with HTML documents
- Update to version 2.12.4
  * Regressions
  - parser: Fix regression parsing standalone declarations
  - autotools: Readd --with-xptr-locs configuration option
  - parser: Fix build --without-output
  - parser: Don't grow or shrink pull parser memory buffers
  - io: Fix memory lifetime issue with input buffers
- Update to version 2.12.3
  * Regressions
  - parser: Fix namespaces redefined from default attributes
  * Build fixes
  - include: Rename XML_EMPTY helper macro
  - include: Move declaration of xmlInitGlobals
  - include: Add missing includes
  - include: Move globals from xmlsave.h to parser.h
  - include: Readd circular dependency between tree.h and parser.h
- Drop libxml2-CVE-2024-25062.patch as it is part of upstream

==== libzypp ====
Version update (17.32.4 -> 17.32.5)

- Don't try to refresh volatile media as long as raw metadata are
  present (bsc#1223094)
- version 17.32.5 (32)

==== llvm18 ====
Version update (18.1.3 -> 18.1.4)
Subpackages: clang-tools clang18 libLLVM18 libclang-cpp18 libclang13 llvm18-gold

- Update to version 18.1.4.
  * Fixes an issue with Arm64EC code generation where calls to some
    intrinsics implemented in compiler-rt used the wrong name
    mangling, eventually resulting in unresolved symbol errors
    during linking.
  * Fixed an incorrect poison-generating flag preservation in
    `InstSimplify`. It will fix a miscompilation on RISCV, which
    turns the incorrect `or disjoint` into an `add`.
  * Save/restore routines for RV32E/RV64E are added to compiler-rt.
  * Fix regressions introduced in LLVM 18.1.3 in MIPS atomicrmw
    min/max codegen.
- Include module files for libc++ in libc++-devel.
- Rebase llvm-do-not-install-static-libraries.patch.

==== mozjs115 ====

- Properly tag patches.

==== openSUSE-release ====
Version update (20240418 -> 20240423)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd

- automatically generated by openSUSE-release-tools/pkglistgen

==== python-argcomplete ====
Version update (3.2.2 -> 3.3.0)

- Update to 3.3.0 (bsc#1222880):
  * Preserve compatibility with argparse option tuples of length 4.
    This update is required to use argcomplete on Python 3.11.9+ or
    3.12.3+.
- update to 3.2.3:
  * Allow register-python-argcomplete output to be used as lazy-loaded
    zsh completion module (#475)
  - Move debug_stream initialization to helper method to allow fd 9
    behavior to be overridden in subclasses (#471)

==== python-gevent ====
Version update (23.9.1 -> 24.2.1)

- Add gh-113964-fix-tests-3.12.3.patch to tix tests with python 3.12.3
  (bsc#1223128)
- Drop upstream patches:
  * gevent-fix-unittest-returncode-py312-c1.patch
  * gevent-fix-unittest-returncode-py312-c2.patch
- Update to version 24.2.1:
  - Add support for Python patch releases 3.11.8 and 3.12.2, which
    changed internal details of threading.
  - Errors raised from subprocess.Popen may not have a filename set.
  - SSLSocket.recv_into and SSLSocket.read no longer require the
    buffer to implement len and now work with buffers whose size is
    not 1.
  - gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close
    flaw.
  - Drop setuptools to a soft test dependency.
  - Drop support for very old versions of CFFI.
  - Update bundled c-ares from 1.19.1 to 1.26.0.
  - Locks created by gevent, but acquired from multiple different
    threads (not recommended), no longer spin to implement timeouts
    and interruptible blocking. Instead, they use the native
    functionality of the Python 3 lock. This may improve some
    scenarios. See issue #2013.

==== python-numpy ====
Version update (1.26.2 -> 1.26.4)

- Update to 1.26.4
  * NumPy 1.26.4 is a maintenance release that fixes bugs and
    regressions discovered after the 1.26.3 release. The Python
    versions supported by this release are 3.9-3.12. This is the
    last planned release in the 1.26.x series.
  * BUG: Restore missing asstr import
  * MAINT: prepare 1.26.x for further development
  * BUG: numpy.array_api: fix linalg.cholesky upper decomp...
  * MAINT, BLD: Fix unused inline functions warnings on clang
  * TST: Fix test_numeric on riscv64
  * MAINT: add newaxis to __all__ in numpy.array_api
  * BUG: Use large file fallocate on 32 bit linux platforms
  * TST: Fix test_warning_calls on Python 3.12
  * TST: Bump pytz to 2023.3.post1
  * BUG: Fix AVX512 build flags on Intel Classic Compiler
  * BLD: fix potential issue with escape sequences in __config__.py
  * BLD: unvendor meson-python on 1.26.x and upgrade to
    meson-python...
  * MAINT: Include header defining backtrace
  * BUG: Fix np.quantile([Fraction(2,1)], 0.5) (#24711)
- Release 1.26.3
  [#]# Compatibility
  * f2py will no longer accept ambiguous -m and .pyf CLI
    combinations. When more than one .pyf file is passed, an error
    is raised. When both -m and a .pyf is passed, a warning is
    emitted and the -m provided name is ignored.
  [#]# Improvements
  * f2py now handles common blocks which have kind specifications
    from modules. This further expands the usability of intrinsics
    like iso_fortran_env and iso_c_binding.
  [#]# Pull requests merged
  * MAINT: prepare 1.26.x for further development
  * TYP: add None to __getitem__ in numpy.array_api
  * BLD,BUG: quadmath required where available [f2py]
  * BUG: alpha doesn't use REAL(10)
  * BUG: Fix FP overflow error in division when the divisor is
    scalar
  * MAINT: Pin scipy-openblas version.
  * BUG: Fix f2py to enable use of string optional inout argument
  * BUG: Fix -fsanitize=alignment issue in
    numpy/_core/src/multiarray/arraytypes.c.src
  * TST: Explicitly pass NumPy path to cython during tests (also...
  * BUG: fix issues with newaxis and linalg.solve in
    numpy.array_api
  * BUG: Disallow shadowed modulenames
  * BUG: Handle common blocks with kind specifications from modules
  * BUG: Fix moving compiled executable to root with f2py -c on
    Windows
  * BUG: Fix single to half-precision conversion on PPC64/VSX3
  * TST: f2py: fix issue in test skip condition
  * Revert "MAINT: Pin scipy-openblas version."
  * MAINT: do not use long type
  * TST: PyPy needs another gc.collect on latest versions
  * MAINT: Bump conda-incubator/setup-miniconda from 2.2.0 to 3.0.1
  * BLD: update vendored Meson for AIX shared library fix
  * MAINT: Init base in cpu_avx512_kn
  * BUG: Fix failing test_features on SapphireRapids
  * BUG: Fix non-contiguous memory load when ARM/Neon is enabled
  * MAINT,BUG: Never import distutils above 3.12 [f2py]
  * MAINT: make the import-time check for old Accelerate more
    specific
  * MAINT: Bump actions/setup-node and
    larsoner/circleci-artifacts-redirector-action
  * BUG: avoid seg fault from OOB access in RandomState.set_state()
  * BUG: Fix two errors related to not checking for failed
    allocations
  * BUG: Fix regression with f2py wrappers when modules and
    subroutines...
  * BUG: Fix build issues on SPR
  * BLD: fix uninitialized variable warnings from
    simd/neon/memory.h
  * BUG: Handle iso_c_type mappings more consistently
  * BUG: Fix module name bug in signature files [urgent] [f2py]
  * BUG: Handle .pyf.src and fix SciPy [urgent]
  * DOC: f2py rewrite with meson details
  * BUG: Add external library handling for meson [f2py]
  * MAINT: Run f2py's meson backend with the same python that
    ran...
  * MAINT: Update numpy/f2py/_backends from main.
  * MAINT: Easy updates of f2py/*.py from main.
  * MAINT: Update crackfortran.py and f2py2e.py from main

==== python-pycparser ====
Version update (2.21 -> 2.22)

- update to 2.22:
  * Add missing SCHAR limit defines
  * Use proper SPDX identifier
  * Add Python 3.11 as a supported version
  * Fix multi-pragma/single statement blocks (#479)
  * Add an encoding parameter to parse_file
  * Feature/add pragma support
  * Set up permissions to ci.yml
  * _build_tables: Invalidate cache before importing generated modules
  * Upgrade GitHub Actions
  * Create a Security Policy
  * New example to generate AST from scratch
  * Add support for Python 3.12
  * ply: Make generated lextab.py deterministic
- drop fix-lexer-build.patch (upstream)

==== python-pycups ====
Version update (2.0.1 -> 2.0.4)

- update to 2.0.4:
  * remove the install_requires from setup.py
  * removed shebang from example/cupstree.py
  * ignore driverless utilities for postscriptdriver tags
    creation (Fedora bug #1873385)
  * remove epydoc from Makefile (#27)
  * fix invalid delete of pointer (#11)
  * Makefile uses wrong Python (#32)
  * define PY_SSIZE_T_CLEAN in cupsipp.h - fixes traceback during
    IPPRequest.writeIO with Python 3.10
  * fix the test.py when there is no printer installed (#46)
  * Use PyObject_Call() instead of deprecated PyEval

==== python311 ====
Version update (3.11.8 -> 3.11.9)
Subpackages: python311-curses python311-dbm

- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with
  patched libexpat below 2.6.0 that doesn't update the version number,
  just in SLE.
- Remove not needed upstream patches:
  * libexpat260.patch
  * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666
- Update to 3.11.9:
  * Security
  - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
    (CVE-2023-52425,  bsc#1219559) by adding five new methods:
    xml.etree.ElementTree.XMLParser.flush()
    xml.etree.ElementTree.XMLPullParser.flush()
    xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
    xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
    xml.sax.expatreader.ExpatParser.flush()
  - gh-115399: Update bundled libexpat to 2.6.0
  - gh-115243: Fix possible crashes in collections.deque.index()
    when the deque is concurrently modified.
  - gh-114572: ssl.SSLContext.cert_store_stats() and
    ssl.SSLContext.get_ca_certs() now correctly lock access to the
    certificate store, when the ssl.SSLContext is shared across
    multiple threads.
  * Core and Builtins
  - gh-116296: Fix possible refleak in object.__reduce__() internal
    error handling.
  - gh-116034: Fix location of the error on a failed assertion.
  - gh-115823: Properly calculate error ranges in the parser when
    raising SyntaxError exceptions caused by invalid byte sequences.
    Patch by Pablo Galindo
  - gh-112087: For an empty reverse iterator for list will be
    reduced to reversed(). Patch by Donghee Na.
  - gh-115011: Setters for members with an unsigned integer type now
    support the same range of valid values for objects that has a
    __index__() method as for int.
  - gh-96497: Fix incorrect resolution of mangled class variables
    used in assignment expressions in comprehensions.
  * Library
  - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered
    crash in ssl when creating a new _ssl._SSLContext if CPython was
    built implausibly such that the default cipher list is empty or
    the SSL library it was linked against reports a failure from its
    C SSL_CTX_set_cipher_list() API.
  - gh-117178: Fix regression in lazy loading of self-referential
    modules, introduced in gh-114781.
  - gh-117084: Fix zipfile extraction for directory entries with the
    name containing backslashes on Windows.
  - gh-117110: Fix a bug that prevents subclasses of typing.Any to
    be instantiated with arguments. Patch by Chris Fu.
  - gh-90872: On Windows, subprocess.Popen.wait() no longer calls
    WaitForSingleObject() with a negative timeout: pass 0 ms if the
    timeout is negative. Patch by Victor Stinner.
  - gh-116957: configparser: Don’t leave ConfigParser values in an
    invalid state (stored as a list instead of a str) after an
    earlier read raised DuplicateSectionError or
    DuplicateOptionError.
  - gh-90095: Ignore empty lines and comments in .pdbrc
  - gh-116764: Restore support of None and other false values in
    urllib.parse functions parse_qs() and parse_qsl(). Also, they
    now raise a TypeError for non-zero integers and non-empty
    sequences.
  - gh-116811: In PathFinder.invalidate_caches, delegate to
    MetadataPathFinder.invalidate_caches.
  - gh-116600: Fix repr() for global Flag members.
  - gh-116484: Change automatically generated tkinter.Checkbutton
    widget names to avoid collisions with automatically generated
    tkinter.ttk.Checkbutton widget names within the same parent
    widget.
  - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on
    opening named pipe.
  - gh-116143: Fix a race in pydoc _start_server, eliminating a
    window in which _start_server can return a thread that is
    “serving” but without a docserver set.
  - gh-116325: typing: raise SyntaxError instead of AttributeError
    on forward references as empty strings.
  - gh-90535: Fix support of interval values > 1 in
    logging.TimedRotatingFileHandler for when='MIDNIGHT' and
    when='Wx'.
  - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on
    WASI.
  - Under wasmtime for WASI 0.2, these functions don’t pass
    test_posix
    (https://github.com/bytecodealliance/wasmtime/issues/7830).
  - gh-88352: Fix the computation of the next rollover time in the
    logging.TimedRotatingFileHandler handler. computeRollover() now
    always returns a timestamp larger than the specified time and
    works correctly during the DST change. doRollover() no longer
    overwrite the already rolled over file, saving from data loss
    when run at midnight or during repeated time at the DST change.
  - gh-87115: Set __main__.__spec__ to None when running a script
    with pdb
  - gh-76511: Fix UnicodeEncodeError in email.Message.as_string()
    that results when a message that claims to be in the ascii
    character set actually has non-ascii characters. Non-ascii
    characters are now replaced with the U+FFFD replacement
    character, like in the replace error handler.
  - gh-75988: Fixed unittest.mock.create_autospec() to pass the call
    through to the wrapped object to return the real result.
  - gh-115881: Fix issue where ast.parse() would incorrectly flag
    conditional context managers (such as with (x() if y else z()):
    ... changelog too long, skipping 156 lines ...
    64-bit platforms.

==== python311-core ====
Version update (3.11.8 -> 3.11.9)
Subpackages: libpython3_11-1_0 python311-base

- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with
  patched libexpat below 2.6.0 that doesn't update the version number,
  just in SLE.
- Remove not needed upstream patches:
  * libexpat260.patch
  * CVE-2023-6597-TempDir-cleaning-symlink.patch, bsc#1219666
- Update to 3.11.9:
  * Security
  - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
    (CVE-2023-52425,  bsc#1219559) by adding five new methods:
    xml.etree.ElementTree.XMLParser.flush()
    xml.etree.ElementTree.XMLPullParser.flush()
    xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
    xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
    xml.sax.expatreader.ExpatParser.flush()
  - gh-115399: Update bundled libexpat to 2.6.0
  - gh-115243: Fix possible crashes in collections.deque.index()
    when the deque is concurrently modified.
  - gh-114572: ssl.SSLContext.cert_store_stats() and
    ssl.SSLContext.get_ca_certs() now correctly lock access to the
    certificate store, when the ssl.SSLContext is shared across
    multiple threads.
  * Core and Builtins
  - gh-116296: Fix possible refleak in object.__reduce__() internal
    error handling.
  - gh-116034: Fix location of the error on a failed assertion.
  - gh-115823: Properly calculate error ranges in the parser when
    raising SyntaxError exceptions caused by invalid byte sequences.
    Patch by Pablo Galindo
  - gh-112087: For an empty reverse iterator for list will be
    reduced to reversed(). Patch by Donghee Na.
  - gh-115011: Setters for members with an unsigned integer type now
    support the same range of valid values for objects that has a
    __index__() method as for int.
  - gh-96497: Fix incorrect resolution of mangled class variables
    used in assignment expressions in comprehensions.
  * Library
  - gh-117310: Fixed an unlikely early & extra Py_DECREF triggered
    crash in ssl when creating a new _ssl._SSLContext if CPython was
    built implausibly such that the default cipher list is empty or
    the SSL library it was linked against reports a failure from its
    C SSL_CTX_set_cipher_list() API.
  - gh-117178: Fix regression in lazy loading of self-referential
    modules, introduced in gh-114781.
  - gh-117084: Fix zipfile extraction for directory entries with the
    name containing backslashes on Windows.
  - gh-117110: Fix a bug that prevents subclasses of typing.Any to
    be instantiated with arguments. Patch by Chris Fu.
  - gh-90872: On Windows, subprocess.Popen.wait() no longer calls
    WaitForSingleObject() with a negative timeout: pass 0 ms if the
    timeout is negative. Patch by Victor Stinner.
  - gh-116957: configparser: Don’t leave ConfigParser values in an
    invalid state (stored as a list instead of a str) after an
    earlier read raised DuplicateSectionError or
    DuplicateOptionError.
  - gh-90095: Ignore empty lines and comments in .pdbrc
  - gh-116764: Restore support of None and other false values in
    urllib.parse functions parse_qs() and parse_qsl(). Also, they
    now raise a TypeError for non-zero integers and non-empty
    sequences.
  - gh-116811: In PathFinder.invalidate_caches, delegate to
    MetadataPathFinder.invalidate_caches.
  - gh-116600: Fix repr() for global Flag members.
  - gh-116484: Change automatically generated tkinter.Checkbutton
    widget names to avoid collisions with automatically generated
    tkinter.ttk.Checkbutton widget names within the same parent
    widget.
  - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on
    opening named pipe.
  - gh-116143: Fix a race in pydoc _start_server, eliminating a
    window in which _start_server can return a thread that is
    “serving” but without a docserver set.
  - gh-116325: typing: raise SyntaxError instead of AttributeError
    on forward references as empty strings.
  - gh-90535: Fix support of interval values > 1 in
    logging.TimedRotatingFileHandler for when='MIDNIGHT' and
    when='Wx'.
  - gh-115978: Disable preadv(), readv(), pwritev(), and writev() on
    WASI.
  - Under wasmtime for WASI 0.2, these functions don’t pass
    test_posix
    (https://github.com/bytecodealliance/wasmtime/issues/7830).
  - gh-88352: Fix the computation of the next rollover time in the
    logging.TimedRotatingFileHandler handler. computeRollover() now
    always returns a timestamp larger than the specified time and
    works correctly during the DST change. doRollover() no longer
    overwrite the already rolled over file, saving from data loss
    when run at midnight or during repeated time at the DST change.
  - gh-87115: Set __main__.__spec__ to None when running a script
    with pdb
  - gh-76511: Fix UnicodeEncodeError in email.Message.as_string()
    that results when a message that claims to be in the ascii
    character set actually has non-ascii characters. Non-ascii
    characters are now replaced with the U+FFFD replacement
    character, like in the replace error handler.
  - gh-75988: Fixed unittest.mock.create_autospec() to pass the call
    through to the wrapped object to return the real result.
  - gh-115881: Fix issue where ast.parse() would incorrectly flag
    conditional context managers (such as with (x() if y else z()):
    ... changelog too long, skipping 156 lines ...
    64-bit platforms.

==== setools ====
Version update (4.4.4 -> 4.5.0)
Subpackages: python311-setools setools-console

- Fix build for 15.4 and 15.5:
  - Minimum required python version is 3.11, so building only for python311
  - Remove dependency for networkx: 
0001-Make-networkx-optional-again-Fixes-125.patch
- Update to version 4.5.0:
  - User Visible Changes
  * Add graphical results for information flow analysis and domain
    transition analysis, available in apol, sedta, and seinfoflow.
  * Add tooltips, What's This?, and detail popups in apol to help
    cross-referencing query and analysis results along with
    context-sensitive help.
  - Under The Hood Changes
  * Rework apol to fully generate the UI programmatically.
  * Update apol to PyQt6
  * Replace deprecated uses of pkg_resources and distutils.
  * Begin adding unit tests for apol UI.
  - Updated Dependencies
    SETools now higher minimum versions of the following dependencies:
  * Python 3.10
  * NetworkX 2.6
  * PyQt6
  * Cython 0.29.14
  - New Dependencies
  * pygraphviz (for seinfoflow, sedta, apol)

==== transactional-update ====
Version update (4.6.5 -> 4.6.6)
Subpackages: dracut-transactional-update libtukit4 
transactional-update-zypp-config tukit

- Version 4.6.6
  - soft-reboot: Fix inverted logic of soft-reboot detection
  - soft-reboot: Don't use D-Bus for snapper call - it may be
    shutting down already
  - soft-reboot: Remove unused variable
  - doc: Document configuration file snippets for tukit.conf
- Remove script to disable soft-reboot support - this is the
  default for now anyway

==== xfsprogs ====
Version update (6.6.0 -> 6.7.0)
Subpackages: libhandle1

- update to 6.7.0
  - xfsprogs: Several configure script updates
  - xfs_io: Use system's SEEK_DATA and SEEK_HOLE definition
  - xfsprogs: Remove platform_defs.h generation on build time
  - xfs_db: Fix metadata read error due hardcoded initialization of bb_count
  - xfsprogs: Request 64-bit time_t where possible
  - xfsprogs: Remove use of LFS64 interfaces


Reply via email to