February 2024 - openSUSE ARM - openSUSE Mailing Lists

New Arm Tumbleweed snapshot 20240211 released!
by Guillaume Gardet 12 Feb '24

12 Feb '24

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (23.3.4 -> 23.3.5) Mesa-drivers (23.3.4 -> 23.3.5) SDL2 (2.28.5 -> 2.30.0) apparmor (3.1.6 -> 3.1.7) c-ares (1.20.1 -> 1.26.0) catfish cpio (2.14 -> 2.15) distribution-logos-openSUSE (20230921 -> 20240207) dracut (059+suse.538.ge7a5cff9 -> 059+suse.549.gc9f63878) ethtool (6.6 -> 6.7) freeipmi (1.6.11 -> 1.6.14) fwupd (1.9.12 -> 1.9.13) gc (8.2.4 -> 8.2.6) gcc12 gcc13 (13.2.1+git8250 -> 13.2.1+git8285) gcc7 glibc grub2 gstreamer-plugins-bad gtk4 (4.12.4 -> 4.12.5) gwenview5 ibus imlib2 (1.12.1 -> 1.12.2) inxi (3.3.32 -> 3.3.33) jasper (4.1.2 -> 4.2.0) kdsoap kernel-source (6.7.2 -> 6.7.4) libXext (1.3.5 -> 1.3.6) libapparmor (3.1.6 -> 3.1.7) libei (1.2.0 -> 1.2.1) libgarcon (4.18.1 -> 4.18.2) libgit2 (1.7.1 -> 1.7.2) libgsf (1.14.51 -> 1.14.52) libidn2 (2.3.4 -> 2.3.7) libjxl (0.9.0 -> 0.9.2) libjxl-gtk (0.9.0 -> 0.9.2) libpciaccess (0.17 -> 0.18) libxcb libxfce4ui (4.18.4 -> 4.18.5) libxfce4util (4.18.1 -> 4.18.2) libxkbfile (1.1.2 -> 1.1.3) libzypp (17.31.28 -> 17.31.31) lzip (1.23 -> 1.24) man menulibre microos-tools (2.21+git9 -> 2.21+git11) mousepad (0.6.1 -> 0.6.2) netpbm numactl (2.0.17.4.g63befa8 -> 2.0.18.0.g3871b1c) nvidia-open-driver-G06-signed (545.29.06_k6.7.2_1 -> 545.29.06_k6.7.4_1) openssl-1_1 openssl-3 pam pam-full-src permissions (1699_20230602 -> 1699_20240206) pipewire (1.0.2 -> 1.0.3) polkit-default-privs (1550+20231213.09963a4 -> 1550+20240207.d833f4b) postgresql postgresql16 (16.1 -> 16.2) pulseaudio (16.1 -> 17.0) python-MarkupSafe (2.1.4 -> 2.1.5) python-h11 python-msgpack (1.0.5 -> 1.0.7) python-mysqlclient (2.2.1 -> 2.2.4) python-pip python-rpm (4.19.1 -> 4.19.1.1) python-typing_extensions python311 (3.11.7 -> 3.11.8) python311-core (3.11.7 -> 3.11.8) qemu (8.1.3 -> 8.2.0) rebootmgr (2.1 -> 2.2) ristretto (0.13.1 -> 0.13.2) rp-pppoe rpm (4.19.1 -> 4.19.1.1) selinux-policy (20240116 -> 20240205) sendmail (8.17.2 -> 8.18.1) shim spectacle systemd transmission virt-manager webkit2gtk3 (2.42.4 -> 2.42.5) webkit2gtk3-soup2 (2.42.4 -> 2.42.5) wireplumber xfce4-screenshooter (1.10.4 -> 1.10.5) xkbcomp (1.4.6 -> 1.4.7) xprop (1.2.6 -> 1.2.7) yast2-installation (5.0.5 -> 5.0.6) yast2-network (5.0.1 -> 5.0.2) yast2-trans (84.87.20240126.9c7185e3f6 -> 84.87.20240205.897f2593b3) === Details === ==== Mesa ==== Version update (23.3.4 -> 23.3.5) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libOSMesa8 libgbm1 - Update to bugfix release 23.3.5 - -> https://docs.mesa3d.org/relnotes/23.3.5.html - re-enabled rusticl on sle15-sp6 after linkpac'ing rust-bindgen in X11:XOrg project ==== Mesa-drivers ==== Version update (23.3.4 -> 23.3.5) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Update to bugfix release 23.3.5 - -> https://docs.mesa3d.org/relnotes/23.3.5.html - re-enabled rusticl on sle15-sp6 after linkpac'ing rust-bindgen in X11:XOrg project ==== SDL2 ==== Version update (2.28.5 -> 2.30.0) - Update to release 2.30 * Added support for 2 bits-per-pixel indexed surface formats. * Added the function SDL_GameControllerGetSteamHandle() to get the Steam API handle for a controller, if available. * Added the event SDL_CONTROLLERSTEAMHANDLEUPDATED which is sent when the Steam API handle for a controller changes. This could also change the name, VID, and PID of the controller. * Added the environment variable SDL_LOGGING to control default log output. ==== apparmor ==== Version update (3.1.6 -> 3.1.7) Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - Update to AppArmor 3.1.7 - aa-logprof: don't skip exec events in hats - fix aa-cleanprof to work with named profiles - add permissions in various abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7 for the full list of changes - drop upstreamed apparmor-systemd-sessions.patch ==== c-ares ==== Version update (1.20.1 -> 1.26.0) - Ensure multibuild flavors result in different src names. - c-ares 1.26.0: * Event Thread support. Integrators are no longer required to monitor the file descriptors registered by c-ares for events and call ares_process() when enabling the event thread feature via ARES_OPT_EVENT_THREAD passed to ares_init_options(). * Added flags to are_dns_parse() to force RAW packet parsing * Mark ares_fds() as deprecated * Bug fixes - move tests into a build flavor to avoid gtest/gmock build loop - Update to version 1.25 Changes: o Rewrite ares_strsplit() as a wrapper for ares__buf_split() for memory safety reasons. o The ahost utility now uses ares_getaddrinfo() and returns both IPv4 and IPv6 addresses by default. Bug Fixes: o Tests: Live reverse lookups for Google's public DNS servers no longer return results, replace with CloudFlare pubic DNS servers. o Connection failures should increment the server failure count first or a retry might be enqueued to the same server o On systems that don't implement the ability to enumerate network interfaces the stubs used the wrong prototype. o Fix minor warnings and documentation typos o Fix support for older GoogleTest versions o getrandom() may require sys/random.h on some systems. o Fix building tests with symbol hiding enabled. - 0001-Use-RPM-compiler-options.patch: dropped, obsolete - Update to version 1.24 Features: * Add support for IPv6 link-local DNS servers. Nameserver formats can now accept the 0face suffix, and a new ares_get_servers_csv() function was added to return servers that can contain the link-local interface name. Changes: * Unbundle GoogleTest for test cases. Package maintainers will now need torequire GoogleTest (GMock) as a build dependency if building tests. New GoogleTest versions require C++14 or later. * Replace nameserver parsing code to use new memory-safe functions. * Replace the sortlist parser with new memory-safe functions. * Various warning fixes and dead code removal. Bugfixes: * Old Linux versions require POSIX_C_SOURCE or _GNU_SOURCE to compile with thread safety support * A non-responsive DNS server that caused timeouts wouldn't increment thefailure count, this would lead to other servers not being tried. Regression introduced in 1.22.0 * Some projects that depend on c-ares expect invalid parameter option valuespassed into ares_init_options() to simply be ignored. This behavior has been restored * getrandom() can fail if the kernel doesn't support the syscall, fall back to another random source * ares_cancel() when performing ares_gethostbyname() or ares_getaddrinfo()with AF_UNSPEC, if called after one address class was returned but before the other address class, it would return ARES_SUCCESS rather than ARES_ECANCELLED - disable-live-tests.patch: dropped, not needed - Update to version 1.23 Features: Introduce optional (but on by default) thread-safety for the c-ares library. This has no API nor ABI implications. resolv.conf in modern systems uses attempts and timeouts options instead of the old retrans and retry options. Query caching support based on TTL of responses. Can be enabled via ares_init_options() with ARES_OPT_QUERY_CACHE. Bugfixes: ares_init_options() for ARES_OPT_UDP_PORT and ARES_OPT_TCP_PORT accept theport in host byte order, but it was reading it as network byte order. Regression introduced in 1.20.0. ares_init_options() for ARES_FLAG_NOSEARCH was not being honored forares_getaddrinfo() or ares_gethostbyname(). Regression introduced in 1.16.0. Autotools MacOS and iOS version check was failing Environment variables passed to c-ares are meant to be an override for system configuration. Regression introduced in 1.22.0. Spelling fixes as detected by codespell. The timeout returned by ares_timeout() was truncated to milliseconds butvalidated to microseconds which could cause a user to attempt to process timeouts prior to the timeout actually expiring. CMake was not honoring CXXFLAGS passed in via the environment which couldcause compile and link errors with distribution hardening flags during packaging. Fix Windows UWP and Cygwin compilation. ares_set_servers_*() for legacy reasons needs to accept an empty server listand zero out all servers. This results in an inoperable channel and thus is only used in simulation testing, but we don't want to break users. Regression introduced in 1.21.0. Changes in version 1.22.1 Bugfixes: Fix /etc/hosts processing performance with all entries using same IPaddress. Large hosts files using the same IP address for all entries could use exponential time. Fix typos in manpages Fix OpenWatcom building Changes in version 1.22.0 Features: ares_reinit() is now implemented to re-read any system configuration and immediately apply to an existing ares channel The adig command line program has been rewritten and its format now more closely matches that of BIND's dig utility The new DNS message parser and writer functions have now been made public RFC9460 HTTPS and SVCB records are now supported RFC6698 TLSA records are now supported The server list is now internally dynamic and can be changed without impacting existing queries Hosts file processing is now cached until the file is detected to be changed to speed up repetitive lookups of large hosts files Changes: Internally all DNS messages are now written using the new DNS writing functions EDNS is now enabled by default Internal cleanups in function prototypes Bugfixes: Randomize retry penalties to prevent thundering herd issues when dns servers throttle requests Fix Windows build error for missing if_indextoname() - update to 1.21.0: * Replace multiple DNS hand-made parsers with new memory-safe DNS message parser * developer visible changes and bug fixes ==== catfish ==== Subpackages: catfish-lang - As long as a new Python version does not ship a broken python3-distutils, like python311 did in its early days, there is no need to deal with or skip a specific python version at all. Disable all %%{python_module ...} and skip_python... stuff again. - Don't use %%{python_module ...} as we only build for the default Python interpreter. python312 still needs to be skipped due to python3-distutils! - Skip python312 for now until all required Python modules have been built. - Use %%{python_module ...} to specify required Python modules to build this package. ==== cpio ==== Version update (2.14 -> 2.15) Subpackages: cpio-mt - Update to 2.15: * Fix the operation of --no-absolute-filenames --make-directories. * Restore access and modification times of symlinks in copy-in and copy-pass modes. - Remove fix-operation-no-absolute-filenames.patch ==== distribution-logos-openSUSE ==== Version update (20230921 -> 20240207) Subpackages: distribution-logos-openSUSE-Tumbleweed distribution-logos-openSUSE-icons - switch to a service using zstd - list the source url - Update Leap 15.6 branding poo#131666 ==== dracut ==== Version update (059+suse.538.ge7a5cff9 -> 059+suse.549.gc9f63878) - Update to version 059+suse.549.gc9f63878: * fix(overlayfs): split overlayfs mount in two steps (bsc#1219778) * fix(dracut-init.sh): handle decompress with `--sysroot` * fix(i18n): handle keymap includes with `--sysroot` * fix(dracut-systemd): replace `rd.udev.log-priority` with `rd.udev.log_level` * fix(i18n): handle symlinked keymap ==== ethtool ==== Version update (6.6 -> 6.7) Subpackages: ethtool-bash-completion - update to upstream release 6.7 * Feature: support for setting TCP data split * Fix: fix new gcc14 warning * Fix: fix SFF-8472 transceiver module identification (-m) ==== freeipmi ==== Version update (1.6.11 -> 1.6.14) Subpackages: libfreeipmi17 libipmiconsole2 libipmidetect0 - freeipmi 1.6.14 * Fix build issue common to non-x86 systems. - freeipmi 1.6.13 * Fix build issues on systems where inb/outb are declared with inline assembly. * Add additional sensor/event interpretations. - freeipmi 1.6.12 * Use poll() over select() to avoid fd limit in openipmi driver. * Fix potential portability problems on systems without cbrt(). * Minor documentation updates. ==== fwupd ==== Version update (1.9.12 -> 1.9.13) Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.9.13: + This release adds the following features: - Add a timer inhibit if the daemon took a long time to startup. - Add a concept of 'Test Mode' rather than enabling specific plugins. - Do not idle-quit the daemon if there is a connected D-Bus client. + This release fixes the following bugs: - Allow plugins to opt-out of the child-device first depsolve. - Allow setting multiple flags in LVFS::DeviceFlags. - Do not migrate config comments for removed keys. - Do not request the Advantech BMC to reboot. - Do not warn the user about ESP when using MBR. - Fix a critical warning when adding a PixArt wireless device. - Fix migration of legacy config files. - Only save config values to the mutable config file. - Parse DS-20 descriptors earlier in device setup. - Store the version format in the history database to fix offline reports. - Use the correct GUID for matching realtek-mst and parade-lspcon. + This release adds support for the following hardware: - GoodWay Acer Dock. ==== gc ==== Version update (8.2.4 -> 8.2.6) - Update to release 8.2.6 * Compiler warning fixes on various non-Linux platforms * Fix null dereference in check_finalizer_nested if redirecting malloc on Linux * Fix race in init_lib_bounds on Linux/glibc-2.34+ if redirecting malloc ==== gcc12 ==== - Use %{_target_cpu} to determine host and build. ==== gcc13 ==== Version update (13.2.1+git8250 -> 13.2.1+git8285) Subpackages: cpp13 libasan8 libatomic1 libgcc_s1 libgccjit0 libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libstdc++6 libstdc++6-locale libstdc++6-pp libtsan2 libubsan1 - Add gcc13-sanitizer-remove-crypt-interception.patch to remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Update to gcc-13 branch head, 67ac78caf31f7cb3202177e642, git8285 - Add gcc13-pr88345-min-func-alignment.diff to add support for - fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. ==== gcc7 ==== - Use %{_target_cpu} to determine host and build. - Add gcc7-pr87723.patch to avoid ICE when hitting a broken pattern in the s390 backend. - Add gcc7-bsc1216488.patch to avoid creating recursive DIE references through DW_AT_abstract_origin when using LTO. [bsc#1216488] ==== glibc ==== Subpackages: glibc-devel glibc-extra glibc-locale glibc-locale-base nscd - Add libnsl1 to baselibs.conf (bsc#1219640) - arm-dl-start-user.patch: arm: Remove wrong ldr from _dl_start_user (BZ [#31339]) ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Fix build error on gcc-14 (bsc#1218949) * 0001-squash-ieee1275-ofpath-enable-NVMeoF-logical-device-.patch ==== gstreamer-plugins-bad ==== Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Require libvpl only on supported architectures (x86_64 and aarch64) - drop support for libmfx, which is no longer supported upstream at all (boo#1219494) - added support for oneVPL ==== gtk4 ==== Version update (4.12.4 -> 4.12.5) Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.12.5: + GtkColumnView: Fix a crash on dispose. + GtkEmojiChooser: - Update to CLDR v44. - Add more translations. + GtkFileDialog: - Return an error if no file is selected. - Make closing the portal file chooser work. + GtkDropDown: Fix display of the initial checkmark. + GtkShortcutsWindow: Reduce the minimum width. + GDK: Make the png loader safer against overflow. + Wayland: Fix cursor handling with graphics tablets. ==== gwenview5 ==== - Add patch to support newer kImageAnnotator: * 0001-Support-building-against-kImageAnnotator-Qt5-as-well.patch ==== ibus ==== Subpackages: libibus-1_0-5 typelib-1_0-IBus-1_0 - Fix dead keys with non-English keyboard in some applications (MAME, Wine) (boo#1218135) ibus-complete-preedit-signals-for-postprocesskeyevent.patch ibus-enginesimple-dont-commit-any-characters.patch ==== imlib2 ==== Version update (1.12.1 -> 1.12.2) Subpackages: imlib2-loaders libImlib2-1 - update to 1.12.2: * Fixes for Y4M, ANI, PNG and JPG loaders ==== inxi ==== Version update (3.3.32 -> 3.3.33) - Updated to version 3.3.33: + /usr/share/doc/packages/inxi/inxi.changelog. ==== jasper ==== Version update (4.1.2 -> 4.2.0) - Update to 4.2.0: * Add the JAS_PACKAGING option to the CMake build in an attempt to allow easier control over rpath settings by packagers of JasPer. * Remove a number of obsolete scripts. * Make some cosmetic changes to the code for the JPC codec in order to improve readability (#371). * Fix a portability bug related to threads/atomics. * Replace some lingering uses of strtok in the JPC coder with jas_strtok, since the use of strtok is problematic in multithreading contexts. ==== kdsoap ==== - Fix package docs - Fix build to handle changes in (open)SUSE specific cmake macros, no user visible changes ==== kernel-source ==== Version update (6.7.2 -> 6.7.4) - Linux 6.7.4 (bsc#1012628). - asm-generic: make sparse happy with odd-sized put_unaligned_*() (bsc#1012628). - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (bsc#1012628). - arm64: irq: set the correct node for VMAP stack (bsc#1012628). - drivers/perf: pmuv3: don't expose SW_INCR event in sysfs (bsc#1012628). - powerpc: Fix build error due to is_valid_bugaddr() (bsc#1012628). - powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() (bsc#1012628). - powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping() (bsc#1012628). - x86/boot: Ignore NMIs during very early boot (bsc#1012628). - powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE (bsc#1012628). - powerpc/lib: Validate size for vector operations (bsc#1012628). - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel (bsc#1012628). - sched/numa: Fix mm numa_scan_seq based unconditional scan (bsc#1012628). - perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file (bsc#1012628). - debugobjects: Stop accessing objects after releasing hash bucket lock (bsc#1012628). - sched/fair: Fix tg->load when offlining a CPU (bsc#1012628). - regulator: core: Only increment use_count when enable_count changes (bsc#1012628). - audit: Send netlink ACK before setting connection in auditd_set (bsc#1012628). - ACPI: tables: Correct and clean up the logic of acpi_parse_entries_array() (bsc#1012628). - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (bsc#1012628). - PNP: ACPI: fix fortify warning (bsc#1012628). - ACPI: extlog: fix NULL pointer dereference check (bsc#1012628). - selftests/nolibc: fix testcase status alignment (bsc#1012628). - ACPI: NUMA: Fix the logic of getting the fake_pxm value (bsc#1012628). - kunit: tool: fix parsing of test attributes (bsc#1012628). - kunit: Reset test->priv after each param iteration (bsc#1012628). - PM / devfreq: Synchronize devfreq_monitor_[start/stop] (bsc#1012628). - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events (bsc#1012628). - OPP: The level field is always of unsigned int type (bsc#1012628). - thermal: core: Fix thermal zone suspend-resume synchronization (bsc#1012628). - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (bsc#1012628). - UBSAN: array-index-out-of-bounds in dtSplitRoot (bsc#1012628). - jfs: fix slab-out-of-bounds Read in dtSearch (bsc#1012628). - jfs: fix array-index-out-of-bounds in dbAdjTree (bsc#1012628). - jfs: fix uaf in jfs_evict_inode (bsc#1012628). - hwrng: starfive - Fix dev_err_probe return error (bsc#1012628). - crypto: p10-aes-gcm - Avoid -Wstringop-overflow warnings (bsc#1012628). - pstore/ram: Fix crash when setting number of cpus to an odd number (bsc#1012628). - erofs: fix up compacted indexes for block size < 4096 (bsc#1012628). - crypto: starfive - Fix dev_err_probe return error (bsc#1012628). - crypto: octeontx2 - Fix cptvf driver cleanup (bsc#1012628). - erofs: fix ztailpacking for subpage compressed blocks (bsc#1012628). - crypto: stm32/crc32 - fix parsing list of devices (bsc#1012628). - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (bsc#1012628). - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() (bsc#1012628). - jfs: fix array-index-out-of-bounds in diNewExt (bsc#1012628). - s390/boot: always align vmalloc area on segment boundary (bsc#1012628). - arch: consolidate arch_irq_work_raise prototypes (bsc#1012628). - arch: fix asm-offsets.c building with -Wmissing-prototypes (bsc#1012628). - s390/vfio-ap: fix sysfs status attribute for AP queue devices (bsc#1012628). - s390/ptrace: handle setting of fpc register correctly (bsc#1012628). - KVM: s390: fix setting of fpc register (bsc#1012628). - sysctl: Fix out of bounds access for empty sysctl registers (bsc#1012628). - SUNRPC: Fix a suspicious RCU usage warning (bsc#1012628). - ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1012628). - smb: client: fix renaming of reparse points (bsc#1012628). - smb: client: fix hardlinking of reparse points (bsc#1012628). - cifs: fix in logging in cifs_chan_update_iface (bsc#1012628). - ecryptfs: Reject casefold directory inodes (bsc#1012628). - ext4: fix inconsistent between segment fstrim and full fstrim (bsc#1012628). - ext4: unify the type of flexbg_size to unsigned int (bsc#1012628). - ext4: remove unnecessary check from alloc_flex_gd() (bsc#1012628). ... changelog too long, skipping 1153 lines ... - commit f71b395 ==== libXext ==== Version update (1.3.5 -> 1.3.6) - Update to version 1.3.6 * Wrap Xext*CheckExtension() in do { ... } while(0) * configure: raise minimum autoconf requirement to 2.70 * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * _xgeGetExtensionVersion should not free info on failure * Check for malloc failure in _xgeGetExtensionVersion * _xgeDpyClose: handle NULL return from _xgeFindDisplay * XEVI: fix -Walloc-size ==== libapparmor ==== Version update (3.1.6 -> 3.1.7) - Update to AppArmor 3.1.7 - aa-logprof: don't skip exec events in hats - fix aa-cleanprof to work with named profiles - add permissions in various abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7 for the full list of changes - drop upstreamed apparmor-systemd-sessions.patch ==== libei ==== Version update (1.2.0 -> 1.2.1) - Update to release 1.2.1 * Previously, using OEFFIS_DEVICE_ALL_DEVICES in oeffis_create_session() would erroneously result in the portal selecting no devices instead of all. ==== libgarcon ==== Version update (4.18.1 -> 4.18.2) Subpackages: libgarcon-1-0 libgarcon-data libgarcon-lang - Update to version 4.18.2 * Update copyright year * garcon-gtk: Remove weak ref on GarconMenu on finalize() * Use target desktop files instead of symlinks (Fixes #1) * garcon-gtk: Avoid populating a wrong menu * garcon-gtk: Prevent use-after-free when loading garcon menu * Add icon at 64px, clean up SVG metadata * Translation Updates ==== libgit2 ==== Version update (1.7.1 -> 1.7.2) - update to 1.7.2: * CVE-2024-24574: infinite loop condition given specially crafted inputs (boo#1219664) * CVE-2024-24577: arbitrary code execution due to heap corruption in git_index_add (boo#1219660) * Fix a bug in the smart transport negotiation could have caused an out-of-bounds read when a remote server did not advertise capabilities. ==== libgsf ==== Version update (1.14.51 -> 1.14.52) Subpackages: gsf-office-thumbnailer libgsf-1-114 - Update to version 1.14.52: + xml: Fix build with libxml2 2.12. ==== libidn2 ==== Version update (2.3.4 -> 2.3.7) - update to 2.3.7: * Un-deprecate idn2_to_ascii_4i and make it NUL terminate output * Export punycode APIs * Developer visible code maintenance ==== libjxl ==== Version update (0.9.0 -> 0.9.2) - Update to release 0.9.2 * Fixed some unspecified bugs in the gdk-pixbuf plugin ==== libjxl-gtk ==== Version update (0.9.0 -> 0.9.2) Subpackages: gdk-pixbuf-loader-jxl gimp-plugin-jxl - Update to release 0.9.2 * Fixed some unspecified bugs in the gdk-pixbuf plugin ==== libpciaccess ==== Version update (0.17 -> 0.18) - Update to version 0.18 * Remove "All rights reserved" from Oracle copyright notices * Try fopen(".../pci.ids", "re") on Solarish systems as well * Remove autotools build * gitlab-ci: use `meson setup` * gitlab-ci: don't bother to configure meson for the version check * gitlab-ci: remove unnecessary call to `meson configure` * FreeBSD: Fallback to /usr/share/misc/pci_vendors * FreeBSD: Remove sparc64 code * Fix compilation warnings when building against hurd-amd64. ==== libxcb ==== Subpackages: libxcb-composite0 libxcb-damage0 libxcb-dpms0 libxcb-dri2-0 libxcb-dri3-0 libxcb-glx0 libxcb-present0 libxcb-randr0 libxcb-record0 libxcb-render0 libxcb-res0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb-xinput0 libxcb-xkb1 libxcb-xv0 libxcb1 - devel package: added missing Requires to libxcb-dbe0 (boo#1219572) ==== libxfce4ui ==== Version update (4.18.4 -> 4.18.5) Subpackages: libxfce4kbd-private-3-0 libxfce4ui-2-0 libxfce4ui-lang libxfce4ui-tools typelib-1_0-Libxfce4ui-2_0 - Update to version 4.18.5 * Update copyright year * build: Search for bind_textdomain_codeset in libintl too * sm-client: Reset SmcConnection when IceConnection is closed on error * docs: Improve xfce_sm_client_get() * shortcuts-grabber: Fix filtering by level * shortcuts-grabber: Simplify filtering by group * shortcuts-grabber: Variable renaming * shortcuts-grabber: Filter grabbing by key level * Detect keyboard shortcuts with only single modifier keys on key release * Translation Updates ==== libxfce4util ==== Version update (4.18.1 -> 4.18.2) Subpackages: libxfce4util-lang libxfce4util7 typelib-1_0-Libxfce4util-1_0 - Update to version 4.18.2 * Update copyright year * Search for bind_textdomain_codeset in libintl too * xfce-rc: Add support for the LANGUAGE environment variable * Add missing config.h includes * Improve checksum calculation (#17) * xfce-rc: Document the fact that delimiter escaping is not supported * xfce-rc: Properly write translated entries when available * Update bug report address ==== libxkbfile ==== Version update (1.1.2 -> 1.1.3) - update to 1.1.3 * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * Set close-on-exec when opening files * _XkbMakeAtom: remove check for impossible case * _XkbInitAtoms: check for malloc() failure * XkbChangeAtomDisplay: stop leaking atom name * XkbCFReportError: avoid -Wformat-nonliteral warning * XkbWriteCFile: stop leaking header file ifdef name * DefaultParser: avoid -Wimplicit-fallthrough warnings * xkbtext.c: Add tbGetBufferString helper function * XkbIndentText: Fix -Wsign-compare warning * Fix -Wsign-compare warnings in xkbtext.c & xkmread.c * Add a meson build system - switched to meson build system ==== libzypp ==== Version update (17.31.28 -> 17.31.31) - tui: allow to access the underlying ostream of out::Info. - Add MLSep: Helper to produce not-NL-terminated multi line output. - version 17.31.31 (22) - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Add ProblemSolution::skipsPatchesOnly (for openSUSE/zypper#514) - Fix problems with EINTR in ExternalDataSource::getline (fixes bsc#1215698) - version 17.31.30 (22) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) - Make Wakeup class EINTR safe. - Add a way to cancel media operations on shutdown (openSUSE/zypper#522) This patch adds a mechanism to signal libzypp that a shutdown was requested, usually when CTRL+C was pressed by the user. Currently only the media backend will utilize this, but can be extended to all code paths that use g_poll() to wait for events. - Manually poll fds for curl in MediaCurl. Using curl_easy_perform does not give us the required control on when we want to cancel a download. Switching to the MultiCurl implementation with a external poll() event loop will give us much more freedom and helps us to improve our Ctrl+C handling. - Move reusable curl poll code to curlhelper.h. - version 17.31.29 (22) ==== lzip ==== Version update (1.23 -> 1.24) - Update to release 1.24 * Added the command-line switches --empty-error and - -marking-error * The option -o/--output now preserves dates, permissions, and ownership of the file when (de)compressing exactly one file. * The option -o/--output now creates missing intermediate directories when writing to a file. ==== man ==== - Make lua scriplets more failsafe (boo#1219370) ==== menulibre ==== - As long as a new Python version does not ship a broken python3-distutils, like python311 did in its early days, there is no need to deal with or skip a specific python version at all. Disable all %%{python_module ...} and skip_python... stuff again. - Don't use %%{python_module ...} as we only build for the default Python interpreter. python312 still needs to be skipped due to python3-distutils! - Skip python312 for now until all required Python modules have been built. - Use %%{python_module ...} to specify required Python modules to build this package. ==== microos-tools ==== Version update (2.21+git9 -> 2.21+git11) - Update to version 2.21+git11: * Install man-online alias only for bash ==== mousepad ==== Version update (0.6.1 -> 0.6.2) Subpackages: libmousepad0 - Update to version 0.6.2 * Update copyright year * history: Default to yes when user is asked to restore previous session * build: Search for bind_textdomain_codeset in libintl too * tests: Increase timeout a bit * tests: Check for pwait/pidwait * dialogs: Do not reuse text buffer to test encoding in save-as dialog * history: Remove dead code * history: Rework paste menu * Move paste history to mousepad-history.c * window: Fix GVariant management * Do not scroll text view when zooming in or out * file-monitoring: Delay emission of "externaly-modified" signal * Fix a typo in a comment, additionnal â additional. * Add icons at missing sizes, clean up SVG metadata * search: Properly reset current match * Translation Updates ==== netpbm ==== Subpackages: libnetpbm11 - added patches fix CVE-2017-5849 [bsc#1022790], CVE-2017-5849 [bsc#1022791] + netpbm-use-byrow-when-needed.patch ==== numactl ==== Version update (2.0.17.4.g63befa8 -> 2.0.18.0.g3871b1c) Subpackages: libnuma1 - Update to version 2.0.18.0.g3871b1c: * Increase version number to 2.0.18 * man pages: fix table include preprocessor - Update to version 2.0.17.8.g67984e5: * numastat: Print package version number instead of own. * numastat: Remove commented out perl code * Check for MPOL_PREFERRED_MANY lazily * libnuma: add numa_set_mempolicy_home_node API ==== nvidia-open-driver-G06-signed ==== Version update (545.29.06_k6.7.2_1 -> 545.29.06_k6.7.4_1) - provide nvidia-open-driver-G06-kmp = %version (jsc#PED-7117) * this makes it easy to replace the package from nVidia's CUDA repository with this presigned package ==== openssl-1_1 ==== Subpackages: libopenssl1_1 - Rename engines directories to the same name like in SLE: /etc/ssl/engines1_1.d -> /etc/ssl/engines1.1.d /etc/ssl/engdef1_1.d -> /etc/ssl/engdef1.1.d * Add migration script to move files (bsc#1219562) /etc/ssl/engines.d/* -> /etc/ssl/engines1.1.d /etc/ssl/engdef.d/* -> /etc/ssl/engdef1.1.d - Security fix: [bsc#1219243, CVE-2024-0727] * Add NULL checks where ContentInfo data can be NULL * Add openssl-CVE-2024-0727.patch ==== openssl-3 ==== Subpackages: libopenssl3 - Add migration script to move old files (bsc#1219562) /etc/ssl/engines.d/* -> /etc/ssl/engines1.1.d.rpmsave /etc/ssl/engdef.d/* -> /etc/ssl/engdef1.1.d.rpmsave They will be later restored by openssl-1_1 package to engines1.1.d and engdef1.1.d - Security fix: [bsc#1219243, CVE-2024-0727] * Add NULL checks where ContentInfo data can be NULL * Add openssl-CVE-2024-0727.patch ==== pam ==== - pam.tmpfiles: Make sure the content of the /run directories get removed in case of a soft-reboot ==== pam-full-src ==== - pam.tmpfiles: Make sure the content of the /run directories get removed in case of a soft-reboot ==== permissions ==== Version update (1699_20230602 -> 1699_20240206) Subpackages: chkstat permissions-config - Drop superfluous mkdir /usr/share/permissions/permissions.d This is now created by the Makefile. See also commit 5900bc1ffe6275298ded3c96dee03a5c98e4db1c - Update to version 20240206: * Whitelisting libgtop_server2 (bsc#1218921) * Removing bogus whitespaces * chkstat: harmonize and transform to a more compact coding and doc style * gitignore: also ignore hidden ctags * build: Create /usr/share/permissions/permissions.d for packagers * profiles: drop /usr/sbin/lockdev which is no longer packaged in Factory * profiles: drop /etc/ftpusers which is no longer shipped in netcfg ==== pipewire ==== Version update (1.0.2 -> 1.0.3) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.0.3: * Highlights - Fix ALSA version check. This should allow the alsa plugin to work again. - Some small fixes and improvements. * PipeWire - Escape @DEFAULT_SINK@ in the conf files. * Modules - Improve logging in module-pipe-tunnel. * SPA - Always recheck rate matching in ALSA when moving drivers. This fixes a potential issue where the adaptive resampler would not be activated in some cases. * ALSA - Fix ALSA version check. This should allow the alsa plugin to work again. ==== polkit-default-privs ==== Version update (1550+20231213.09963a4 -> 1550+20240207.d833f4b) - Update to version 1550+20240207.d833f4b: * profiles: remove no longer used device-rebind action ==== postgresql ==== Subpackages: postgresql-contrib postgresql-server - bsc#1219340: Require fillup. ==== postgresql16 ==== Version update (16.1 -> 16.2) Subpackages: libpq5 postgresql16-contrib postgresql16-server - Upgrade to 16.2: * bsc#1219679, CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY. One step of a concurrent refresh command was run under weak security restrictions. If a materialized view's owner could persuade a superuser or other high-privileged user to perform a concurrent refresh on that view, the view's owner could control code executed with the privileges of the user running REFRESH. Fix things so that all user-determined code is run as the view's owner, as expected * If you use GIN indexes, you may need to reindex after updating to this release. * LLVM 18 is now supported. * https://www.postgresql.org/docs/release/16.2/ ==== pulseaudio ==== Version update (16.1 -> 17.0) Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-setup pulseaudio-utils system-user-pulse - Update to version 17.0: * Updates to ALSA UCM-based setups * Battery level indication to Bluetooth devices * Support for the Bluetooth FastStream codec * webrtc-audio-processing dependency updated * Trigger role groups added to module-role-cork * XDG base directory spec for profile-set loading * PA_RATE_MAX increased * webrtc-audio-processing dependency updated For details, see: https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/17.0/ - Drop obsoleted patches: echo-cancel-add-webrtc-AEC3-support.patch build-sys-Bump-cpp_std-to-c-17.patch build-sys-Bump-webrtc-audio-processing-dependency.patch ==== python-MarkupSafe ==== Version update (2.1.4 -> 2.1.5) - update to 2.1.5: * Fix striptags not collapsing spaces. :issue:`417` ==== python-h11 ==== - spec cleanup ==== python-msgpack ==== Version update (1.0.5 -> 1.0.7) - update to 1.0.7: * remove inline macro for msvc * do not fallback on build error * fix: build status badge * Drop python2 support * Drop Python 3.6 support * try Cython 3.0 * sphinx-related work ==== python-mysqlclient ==== Version update (2.2.1 -> 2.2.4) - update to 2.2.4: * Support ssl=True in connect(). ==== python-pip ==== - Fix shebang path for "pip3.XX" binaries ==== python-rpm ==== Version update (4.19.1 -> 4.19.1.1) - update to rpm-4.19.1.1 ==== python-typing_extensions ==== - Add backport-recent-implementation-of-protocol.patch upstream patch gh#python/typing_extensions@004b893ddce2 ==== python311 ==== Version update (3.11.7 -> 3.11.8) Subpackages: python311-curses python311-dbm - Update to 3.11.8: - Security - gh-113659: Skip .pth files with names starting with a dot or hidden file attribute. - Core and Builtins - gh-114887: Changed socket type validation in create_datagram_endpoint() to accept all non-stream sockets. This fixes a regression in compatibility with raw sockets. - gh-114388: Fix a RuntimeWarning emitted when assign an integer-like value that is not an instance of int to an attribute that corresponds to a C struct member of type T_UINT and T_ULONG. Fix a double RuntimeWarning emitted when assign a negative integer value to an attribute that corresponds to a C struct member of type T_UINT. - gh-89811: Check for a valid tp_version_tag before performing bytecode specializations that rely on this value being usable. - gh-113602: Fix an error that was causing the parser to try to overwrite existing errors and crashing in the process. Patch by Pablo Galindo - gh-113566: Fix a 3.11-specific crash when the repr of a Future is requested after the module has already been garbage-collected. - gh-106905: Use per AST-parser state rather than global state to track recursion depth within the AST parser to prevent potential race condition due to simultaneous parsing. - The issue primarily showed up in 3.11 by multithreaded users of ast.parse(). In 3.12 a change to when garbage collection can be triggered prevented the race condition from occurring. - gh-112716: Fix SystemError in the import statement and in __reduce__() methods of builtin types when __builtins__ is not a dict. - gh-105967: Workaround a bug in Appleâs macOS platform zlib library where zlib.crc32() and binascii.crc32() could produce incorrect results on multi-gigabyte inputs. Including when using zipfile on zips containing large data. - gh-94606: Fix UnicodeEncodeError when email.message.get_payload() reads a message with a Unicode surrogate character and the message content is not well-formed for surrogateescape encoding. Patch by Sidney Markowitz. - Library - gh-114965: Update bundled pip to 24.0 - gh-114959: tarfile no longer ignores errors when trying to extract a directory on top of a file. - gh-109475: Fix support of explicit option value âââ in argparse (e.g. --option=--). - gh-110190: Fix ctypes structs with array on Windows ARM64 platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo - gh-113280: Fix a leak of open socket in rare cases when error occurred in ssl.SSLSocket creation. - gh-77749: email.policy.EmailPolicy.fold() now always encodes non-ASCII characters in headers if utf8 is false. - gh-114492: Make the result of termios.tcgetattr() reproducible on Alpine Linux. Previously it could leave a random garbage in some fields. - gh-75128: Ignore an OSError in asyncio.BaseEventLoop.create_server() when IPv6 is available but the interface cannot actually support it. - gh-114257: Dismiss the FileNotFound error in ctypes.util.find_library() and just return None on Linux. - gh-101438: Avoid reference cycle in ElementTree.iterparse. The iterator returned by ElementTree.iterparse may hold on to a file descriptor. The reference cycle prevented prompt clean-up of the file descriptor if the returned iterator was not exhausted. - gh-104522: OSError raised when run a subprocess now only has filename attribute set to cwd if the error was caused by a failed attempt to change the current directory. - gh-109534: Fix a reference leak in asyncio.selector_events.BaseSelectorEventLoop when SSL handshakes fail. Patch contributed by Jamie Phan. - gh-114077: Fix possible OverflowError in socket.socket.sendfile() when pass count larger than 2 GiB on 32-bit platform. - gh-114014: Fixed a bug in fractions.Fraction where an invalid string using d in the decimals part creates a different error compared to other invalid letters/characters. Patch by Jeremiah Gabriel Pascual. - gh-113951: Fix the behavior of tag_unbind() methods of tkinter.Text and tkinter.Canvas classes with three arguments. Previously, widget.tag_unbind(tag, sequence, funcid) destroyed the current binding for sequence, leaving sequence unbound, and deleted the funcid command. Now it removes only funcid from the binding for sequence, keeping other commands, and deletes the funcid command. It leaves sequence unbound only if funcid was the last bound command. - gh-113877: Fix tkinter method winfo_pathname() on 64-bit Windows. - gh-113781: Silence unraisable AttributeError when warnings are emitted during Python finalization. - gh-113594: Fix UnicodeEncodeError in email when re-fold lines that contain unknown-8bit encoded part followed by non-unknown-8bit encoded part. - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), there is callback that logs an error if the task wrapping the âconnected callbackâ fails. This callback would itself fail if the task was cancelled. Prevent this by checking whether the task was cancelled first. If so, close the transport but donât log an error. - gh-85567: Fix resource warnings for unclosed files in pickle and ... changelog too long, skipping 159 lines ... - support-expat-CVE-2022-25236-patched.patch ==== python311-core ==== Version update (3.11.7 -> 3.11.8) Subpackages: libpython3_11-1_0 python311-base - Update to 3.11.8: - Security - gh-113659: Skip .pth files with names starting with a dot or hidden file attribute. - Core and Builtins - gh-114887: Changed socket type validation in create_datagram_endpoint() to accept all non-stream sockets. This fixes a regression in compatibility with raw sockets. - gh-114388: Fix a RuntimeWarning emitted when assign an integer-like value that is not an instance of int to an attribute that corresponds to a C struct member of type T_UINT and T_ULONG. Fix a double RuntimeWarning emitted when assign a negative integer value to an attribute that corresponds to a C struct member of type T_UINT. - gh-89811: Check for a valid tp_version_tag before performing bytecode specializations that rely on this value being usable. - gh-113602: Fix an error that was causing the parser to try to overwrite existing errors and crashing in the process. Patch by Pablo Galindo - gh-113566: Fix a 3.11-specific crash when the repr of a Future is requested after the module has already been garbage-collected. - gh-106905: Use per AST-parser state rather than global state to track recursion depth within the AST parser to prevent potential race condition due to simultaneous parsing. - The issue primarily showed up in 3.11 by multithreaded users of ast.parse(). In 3.12 a change to when garbage collection can be triggered prevented the race condition from occurring. - gh-112716: Fix SystemError in the import statement and in __reduce__() methods of builtin types when __builtins__ is not a dict. - gh-105967: Workaround a bug in Appleâs macOS platform zlib library where zlib.crc32() and binascii.crc32() could produce incorrect results on multi-gigabyte inputs. Including when using zipfile on zips containing large data. - gh-94606: Fix UnicodeEncodeError when email.message.get_payload() reads a message with a Unicode surrogate character and the message content is not well-formed for surrogateescape encoding. Patch by Sidney Markowitz. - Library - gh-114965: Update bundled pip to 24.0 - gh-114959: tarfile no longer ignores errors when trying to extract a directory on top of a file. - gh-109475: Fix support of explicit option value âââ in argparse (e.g. --option=--). - gh-110190: Fix ctypes structs with array on Windows ARM64 platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo - gh-113280: Fix a leak of open socket in rare cases when error occurred in ssl.SSLSocket creation. - gh-77749: email.policy.EmailPolicy.fold() now always encodes non-ASCII characters in headers if utf8 is false. - gh-114492: Make the result of termios.tcgetattr() reproducible on Alpine Linux. Previously it could leave a random garbage in some fields. - gh-75128: Ignore an OSError in asyncio.BaseEventLoop.create_server() when IPv6 is available but the interface cannot actually support it. - gh-114257: Dismiss the FileNotFound error in ctypes.util.find_library() and just return None on Linux. - gh-101438: Avoid reference cycle in ElementTree.iterparse. The iterator returned by ElementTree.iterparse may hold on to a file descriptor. The reference cycle prevented prompt clean-up of the file descriptor if the returned iterator was not exhausted. - gh-104522: OSError raised when run a subprocess now only has filename attribute set to cwd if the error was caused by a failed attempt to change the current directory. - gh-109534: Fix a reference leak in asyncio.selector_events.BaseSelectorEventLoop when SSL handshakes fail. Patch contributed by Jamie Phan. - gh-114077: Fix possible OverflowError in socket.socket.sendfile() when pass count larger than 2 GiB on 32-bit platform. - gh-114014: Fixed a bug in fractions.Fraction where an invalid string using d in the decimals part creates a different error compared to other invalid letters/characters. Patch by Jeremiah Gabriel Pascual. - gh-113951: Fix the behavior of tag_unbind() methods of tkinter.Text and tkinter.Canvas classes with three arguments. Previously, widget.tag_unbind(tag, sequence, funcid) destroyed the current binding for sequence, leaving sequence unbound, and deleted the funcid command. Now it removes only funcid from the binding for sequence, keeping other commands, and deletes the funcid command. It leaves sequence unbound only if funcid was the last bound command. - gh-113877: Fix tkinter method winfo_pathname() on 64-bit Windows. - gh-113781: Silence unraisable AttributeError when warnings are emitted during Python finalization. - gh-113594: Fix UnicodeEncodeError in email when re-fold lines that contain unknown-8bit encoded part followed by non-unknown-8bit encoded part. - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), there is callback that logs an error if the task wrapping the âconnected callbackâ fails. This callback would itself fail if the task was cancelled. Prevent this by checking whether the task was cancelled first. If so, close the transport but donât log an error. - gh-85567: Fix resource warnings for unclosed files in pickle and ... changelog too long, skipping 159 lines ... - support-expat-CVE-2022-25236-patched.patch ==== qemu ==== Version update (8.1.3 -> 8.2.0) Subpackages: qemu-arm qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-pr-helper qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios - Fix a build issue of OVMF caused by https://gitlab.com/qemu-project/qemu/-/issues/2064: * target/i386: fix incorrect EIP in PC-relative translation blocks * target/i386: Do not re-compute new pc with CF_PCREL - Update to latest upstream release, 8.2.0: The full list of changes are available at: https://wiki.qemu.org/ChangeLog/8.2 Highlights include: * New virtio-sound device emulation * New virtio-gpu rutabaga device emulation used by Android emulator * New hv-balloon for dynamic memory protocol device for Hyper-V guests * New Universal Flash Storage device emulation * Network Block Device (NBD) 64-bit offsets for improved performance * dump-guest-memory now supports the standard kdump format * ARM: Xilinx Versal board now models the CFU/CFI, and the TRNG device * ARM: CPU emulation support for cortex-a710 and neoverse-n2 * ARM: architectural feature support for PACQARMA3, EPAC, Pauth2, FPAC, FPACCOMBINE, TIDCP1, MOPS, HBC, and HPMN0 * HPPA: CPU emulation support for 64-bit PA-RISC 2.0 * HPPA: machine emulation support for C3700, including Astro memory controller and four Elroy PCI bridges * LoongArch: ISA support for LASX extension and PRELDX instruction * LoongArch: CPU emulation support for la132 * RISC-V: ISA/extension support for AIA virtualization support via KVM, and vector cryptographic instructions * RISC-V: Numerous extension/instruction cleanups, fixes, and reworks * s390x: support for vfio-ap passthrough of crypto adapter for protected virtualization guests * Tricore: support for TC37x CPU which implements ISA v1.6.2 * Tricore: support for CRCN, FTOU, FTOHP, and HPTOF instructions * x86: Zen support for PV console and network devices - Patch added (from upstream stable tree): * include/ui/rect.h: fix qemu_rect_init() mis-assignment - Some packaging and dependencies fixes: * [openSUSE] rpm: restrict canokey to openSUSE only * [openSUSE] rpm: fix virtiofsd dependency on 32 bit systems * [openSUSE] rpm: add support for canokeys (boo#1217520) - Rearrange dependencies and subpackages and filter features for ALP * [openSUSE] rpm: disable Xen support in ALP-based distros * [openSUSE] rpm: some more refinements of inter-subpackage dependencies - Fix boo#1084909 and create a new qemu-spice metapackage: * [openSUSE] rpm: normalize hostname, for reproducible builds (#44) * [openSUSE] rpm: new subpackage, for SPICE ==== rebootmgr ==== Version update (2.1 -> 2.2) - Update to version 2.2 - Make sure /run/reboot-needed get's deleted after a soft-reboot ==== ristretto ==== Version update (0.13.1 -> 0.13.2) Subpackages: ristretto-lang - Update to version 0.13.2 * Update copyright year * Fix duplicate mnemonic in File menu * image_viewer: Add missing sanity check * Fix criticals about unset GIO attributes * viewer: Fix possible crash when closing while an image is loading * Ensure that file manager proxy creation is non-blocking * Add icons at missing sizes, clean up SVG metadata * Translation Updates ==== rp-pppoe ==== - Removed rcpppoe and rcpppoe-server rudiments. ==== rpm ==== Version update (4.19.1 -> 4.19.1.1) Subpackages: librpmbuild10 - update to rpm-4.19.1.1 * don't warn about missing user/group on skipped files * make user/group lookup caching thread-safe * fix regression in Lua scriptlet runaway child detection * restore readline support as an explicit option - refreshed patches: * rpmqpack.diff - fix %_host not containing the abi suffix on arm [bnc#1219627] updated patch: canongnu.diff - Need to mention the changed patches for the python-setuptools to cmake migration: * Drop python_setup.diff * Add cmake_python_version.diff ==== selinux-policy ==== Version update (20240116 -> 20240205) Subpackages: selinux-policy-targeted - Update to version 20240205: * Allow gpg manage rpm cache * Allow login_userdomain name_bind to howl and xmsg udp ports * Allow rules for confined users logged in plasma * Label /dev/iommu with iommu_device_t * Remove duplicate file context entries in /run * Dontaudit getty and plymouth the checkpoint_restore capability * Allow su domains write login records * Revert "Allow su domains write login records" * Allow login_userdomain delete session dbusd tmp socket files * Allow unix dgram sendto between exim processes * Allow su domains write login records * Allow smbd_t to watch user_home_dir_t if samba_enable_home_dirs is on * Allow chronyd-restricted read chronyd key files * Allow conntrackd_t to use bpf capability2 * Allow systemd-networkd manage its runtime socket files * Allow init_t nnp domain transition to colord_t * Allow polkit status systemd services * nova: Fix duplicate declarations * Allow httpd work with PrivateTmp * Add interfaces for watching and reading ifconfig_var_run_t * Allow collectd read raw fixed disk device * Allow collectd read udev pid files * Set correct label on /etc/pki/pki-tomcat/kra * Allow systemd domains watch system dbus pid socket files * Allow certmonger read network sysctls * Allow mdadm list stratisd data directories * Allow syslog to run unconfined scripts conditionally * Allow syslogd_t nnp_transition to syslogd_unconfined_script_t * Allow qatlib set attributes of vfio device files * Allow systemd-sleep set attributes of efivarfs files * Allow samba-dcerpcd read public files * Allow spamd_update_t the sys_ptrace capability in user namespace * Allow bluetooth devices work with alsa * Allow alsa get attributes filesystems with extended attributes * Allow hypervkvp_t write access to NetworkManager_etc_rw_t * Add interface for write-only access to NetworkManager rw conf * Allow systemd-sleep send a message to syslog over a unix dgram socket * Allow init create and use netlink netfilter socket * Allow qatlib load kernel modules * Allow qatlib run lspci * Allow qatlib manage its private runtime socket files * Allow qatlib read/write vfio devices * Label /etc/redis.conf with redis_conf_t * Remove the lockdown-class rules from the policy * Allow init read all non-security socket files * Replace redundant dnsmasq pattern macros * Remove unneeded symlink perms in dnsmasq.if * Add additions to dnsmasq interface * Allow nvme_stas_t create and use netlink kobject uevent socket * Allow collectd connect to statsd port * Allow keepalived_t to use sys_ptrace of cap_userns * Allow dovecot_auth_t connect to postgresql using UNIX socket * Make named_zone_t and named_var_run_t a part of the mountpoint attribute * Allow sysadm execute traceroute in sysadm_t domain using sudo * Allow sysadm execute tcpdump in sysadm_t domain using sudo * Allow opafm search nfs directories * Add support for syslogd unconfined scripts * Allow gpsd use /dev/gnss devices * Allow gpg read rpm cache * Allow virtqemud additional permissions * Allow virtqemud manage its private lock files * Allow virtqemud use the io_uring api * Allow ddclient send e-mail notifications * Allow postfix_master_t map postfix data files * Allow init create and use vsock sockets * Allow thumb_t append to init unix domain stream sockets * Label /dev/vas with vas_device_t * Create interface selinux_watch_config and add it to SELinux users * Update cifs interfaces to include fs_search_auto_mountpoints() * Allow sudodomain read var auth files * Allow spamd_update_t read hardware state information * Allow virtnetworkd domain transition on tc command execution * Allow sendmail MTA connect to sendmail LDA * Allow auditd read all domains process state * Allow rsync read network sysctls * Add dhcpcd bpf capability to run bpf programs * Dontaudit systemd-hwdb dac_override capability * Allow systemd-sleep create efivarfs files * Allow map xserver_tmpfs_t files when xserver_clients_write_xshm is on * Allow graphical applications work in Wayland * Allow kdump work with PrivateTmp * Allow dovecot-auth work with PrivateTmp * Allow nfsd get attributes of all filesystems * Allow unconfined_domain_type use io_uring cmd on domain * ci: Only run Rawhide revdeps tests on the rawhide branch * Label /var/run/auditd.state as auditd_var_run_t * Allow fido-device-onboard (FDO) read the crack database * Allow ip an explicit domain transition to other domains * Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t * Allow winbind_rpcd_t processes access when samba_export_all_* is on * Enable NetworkManager and dhclient to use initramfs-configured DHCP connection * Allow ntp to bind and connect to ntske port. ==== sendmail ==== Version update (8.17.2 -> 8.18.1) Subpackages: libmilter1_0 - Update to version sendmail 8.18.1 2024/01/31 * sendmail is now stricter in following the RFCs and rejects some invalid input with respect to line endings and pipelining: - Prevent transaction stuffing by ensuring SMTP clients wait for the HELO/EHLO and DATA response before sending further SMTP commands. This can be disabled using the new srv_features option 'F'. Issue reported by Yepeng Pan and Christian Rossow from CISPA Helmholtz Center for Information Security. - Accept only CRLF . CRLF as end of an SMTP message as required by the RFCs, which can disabled by the new srv_features option 'O'. - Do not accept a CR or LF except in the combination CRLF (as required by the RFCs). These checks can be disabled by the new srv_features options 'U' and 'G', respectively. In this case it is suggested to use 'u2' and 'g2' instead so the server replaces offending bare CR or bare LF with a space. It is recommended to only turn these protections off for trusted networks due to the potential for abuse. * Full DANE support is available if OpenSSL versions 1.1.1 or 3.x are used, i.e., TLSA RR 2-x-y and 3-x-y are supported as required by RFC 7672. * OpenSSL version 3.0.x is supported. Note: OpenSSL 3 loads by default an openssl.cnf file from a location specified in the library which may cause unwanted behaviour in sendmail. Hence sendmail sets the environment variable OPENSSL_CONF to /etc/mail/sendmail.ossl to override the default. The file name can be changed by defining confOPENSSL_CNF in the mc file; using an empty value prevents setting OPENSSL_CONF. Note: referring to a file which does not exist does not cause an an error. * Two new values have been added for {verify}: "DANE_TEMP": DANE verification failed temporarily. "DANE_NOTLS": DANE was required but STARTTLS was not offered by the server. The default rules return a temporary error for these cases, so delivery is not attempted. * If the TLS setup code in the client fails and DANE requirements exist then {verify} will be set to "DANE_TEMP" thus preventing delivery by default. * DANE related logging has been slightly changed for clarification: "DANE configured in DNS but no STARTTLS available" changed to "DANE configured in DNS but STARTTLS not offered" * When the compile time option USE_EAI is enabled, vacation could fail to respond when it should (the code change in 8.17.2 was incomplete). Problem reported by Alex Hautequest. * If SMTPUTF8 BODY=7BIT are used as parameters for the MAIL command the parsing of UTF8 addresses could fail (USE_EAI). * If a reply to a previous RCPT was received while sending another RCPT in pipelining mode then parts of the reply could have been assigned to the wrong RCPT. * New DontBlameSendmail option CertOwner to relax requirement for certificate public and private key ownership. Based on suggestion from Marius Strobl of the FreeBSD project. * clt_features was not checked for connections via Unix domain sockets. * CONFIG: FEATURE(`enhdnsbl') did not handle multiple replies from DNS lookups thus potentially causing random "false negatives". Note: the fix creates an incompatibility: the arguments must not have a trailing dot anymore because the -a. option has been removed (as it only applies to the entire result, not individual values). * CONFIG: New FEATURE(`fips3') for basic FIPS support in OpenSSL 3. * VACATION: Add support for Return-Path header to set sender to match OpenBSD and NetBSD functionality. * VACATION: Honor RFC3834 and avoid an auto-reply if 'Auto-Submitted: no' is found in the headers to match OpenBSD and NetBSD functionality. * VACATION: Avoid an auto-reply if a 'List-Id:' is found in the headers to match OpenBSD functionality. * VACATION: Add support for $SUBJECT in .vacation.msg which is replaced with the first line of the subject of the original message to match OpenBSD and NetBSD functionality. * New Files: cf/feature/fips3.m4 devtools/OS/Darwin.23.x - This release fixes CVE-2023-51765 (bsc#1218351) - Port and rename patch sendmail-8.17.2.dif which is now sendmail-8.18.1.dif ==== shim ==== - Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) ==== spectacle ==== - Drop meanwhile unneeeded BuildReqs on kColorPicker and kImageAnnotator ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-container systemd-coredump udev - Drop python3-pefile dependency from the experimental package. MicroOs is fond of the experimental stuff but OTOH it doesn't ship python3. Let's drop the dependency for now, users of ukify are invited to install python3-pe manually. - Move systemd-reboot.service from udev to the main package as this service is useful in containers. ==== transmission ==== Subpackages: transmission-common transmission-gtk - Add correct creation of the transmission user/group (needed by the latest RPM 4.19). - Remove now useless Provides in the daemon subpackage. ==== virt-manager ==== Subpackages: virt-install virt-manager-common - Handle case where vm-install no longer exists on the host. This is related to bsc#1219133. virt-install.rb ==== webkit2gtk3 ==== Version update (2.42.4 -> 2.42.5) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.42.5 (boo#1219604): + Fix webkit_web_context_allow_tls_certificate_for_host to handle IPv6 URIs produced by SoupURI. + Ignore stops with offset zero before last one when rendering gradients with cairo. + Write bwrapinfo.json to disk for xdg-desktop-portal. + Fix gamepads detection by correctly handling focused window in GTK4. + Fix several crashes and rendering issues. + Security fixes: CVE-2024-23222, CVE-2024-23206, CVE-2024-23213. - Drop webkit2gtk3-CVE-2024-23222.patch: fixed upstream. - Add webkit2gtk3-llint-build-fix.patch: fix the build for non-x86 architectures. ==== webkit2gtk3-soup2 ==== Version update (2.42.4 -> 2.42.5) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update to version 2.42.5 (boo#1219604): + Fix webkit_web_context_allow_tls_certificate_for_host to handle IPv6 URIs produced by SoupURI. + Ignore stops with offset zero before last one when rendering gradients with cairo. + Write bwrapinfo.json to disk for xdg-desktop-portal. + Fix gamepads detection by correctly handling focused window in GTK4. + Fix several crashes and rendering issues. + Security fixes: CVE-2024-23222, CVE-2024-23206, CVE-2024-23213. - Drop webkit2gtk3-CVE-2024-23222.patch: fixed upstream. - Add webkit2gtk3-llint-build-fix.patch: fix the build for non-x86 architectures. ==== wireplumber ==== Subpackages: libwireplumber-0_4-0 wireplumber-audio - Add patch to only enable bluetooth when audio support is enabled by installing wireplumber-audio (bsc#1219411): * fix-bsc1219411.patch ==== xfce4-screenshooter ==== Version update (1.10.4 -> 1.10.5) Subpackages: xfce4-screenshooter-lang xfce4-screenshooter-plugin - Update to 1.10.5 * Add imgur support as custom action (!51) * Translation Updates - Recommend curl, jq and zenity for the new script imgur.sh ==== xkbcomp ==== Version update (1.4.6 -> 1.4.7) - update to 1.4.7 * This release mainly focuses on code cleanup and improving maintainability and making static analysis work better on this code base. It also fixes a bug that could cause build failures with gcc when the -ftracer option was used. ==== xprop ==== Version update (1.2.6 -> 1.2.7) - Update to version 1.2.7 * This release fixes a failure to build with C23 compilers. ==== yast2-installation ==== Version update (5.0.5 -> 5.0.6) - Restore the selected products after reloading the package manager, properly install all products for new modules and extensions when upgrading from SLE12 (bsc#1218391) - 5.0.6 ==== yast2-network ==== Version update (5.0.1 -> 5.0.2) - Consider firmware configured interfaces as non bridgeable (bsc#1218595). - 5.0.2 ==== yast2-trans ==== Version update (84.87.20240126.9c7185e3f6 -> 84.87.20240205.897f2593b3) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20240205.897f2593b3: * New POT for text domain 'control'. * Translated using Weblate (Russian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * New POT for text domain 'installation'.

1 0

New Arm Tumbleweed snapshot 20240205 released!
by Guillaume Gardet 08 Feb '24

08 Feb '24

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: 389-ds (2.4.0~git126.5936946 -> 3.0.1~git1.1f95b57) AppStream (1.0.0 -> 1.0.1) MozillaFirefox alsa (1.2.10 -> 1.2.11) alsa-ucm-conf (1.2.10 -> 1.2.11) alsa-utils (1.2.10 -> 1.2.11) crypto-policies cups cups-filters (1.28.15 -> 1.28.17) drkonqi5 emacs (29.1 -> 29.2) ffmpeg-4 glibc (2.38 -> 2.39) gnome-remote-desktop gstreamer (1.22.8 -> 1.22.9) gstreamer-plugins-bad (1.22.8 -> 1.22.9) gstreamer-plugins-base (1.22.8 -> 1.22.9) gstreamer-plugins-good (1.22.8 -> 1.22.9) gstreamer-plugins-libav (1.22.8 -> 1.22.9) gstreamer-plugins-ugly (1.22.8 -> 1.22.9) inxi (3.3.31 -> 3.3.32) iproute2 (6.6 -> 6.7) kernel-firmware (20240126 -> 20240201) kio kio-extras5 ksystemstats5 kwin5 libguestfs libksysguard5 libusb-1_0 (1.0.26 -> 1.0.27) libzio (1.08 -> 1.09) mutter netpbm (11.2.0 -> 11.5.2) pam pam-full-src parted (3.5 -> 3.6) perl-gettext pipewire (1.0.1 -> 1.0.2) plasma5-addons plasma5-workspace pragha python-Twisted python-jmespath python-pip python-pytz (2023.3.post1 -> 2023.4) python-rpm python-setuptools (69.0.2 -> 69.0.3) salt sddm sendmail shim (15.7 -> 15.8) strace systemd-presets-common-SUSE timezone (2023d -> 2024a) timezone-java (2023d -> 2024a) transmission virt-v2v vlc wicked xdg-utils xen (4.18.0_04 -> 4.18.0_06) === Details === ==== 389-ds ==== Version update (2.4.0~git126.5936946 -> 3.0.1~git1.1f95b57) Subpackages: lib389 libsvrcore0 - Update to version 3.0.1~git1.1f95b57: * Issue 6061 - Certificate lifetime displayed as NaN * Bump version to 3.0.1 * Issue 6043, 6044 - Enhance Rust and JS bundling and add SPDX licenses for both (#6045) * Issue 3555 - Remove audit-ci from dependencies (#6056) * Issue 6052 - Paged results test sets hostname to `localhost` on test collection * Issue 6051 - Drop unused pytest markers * Issue 6049 - lmdb - changelog is wrongly recreated by reindex task (#6050) * Issue 6047 - Add a check for tagged commits * Issue 6041 - dscreate ds-root - accepts relative path (#6042) * Switch default backend to lmdb and bump version to 3.0 (#6013) * Issue 6032 - Replication broken after backup restore (#6035) * Issue 6037 - Server crash at startup in vlvIndex_delete (#6038) * Issue 6034 - Change replica_id from str to int ==== AppStream ==== Version update (1.0.0 -> 1.0.1) Subpackages: libAppStreamQt5-3 libappstream5 - Update to 1.0.1 Bugfixes: * Fix lib name for Qt5 link target * meson: Pass -D_DARWIN_C_SOURCE on darwin * Fix macOS build * stemmer: Resolve potential issue where stemmer may never be initialized * cli: Don't fail what-provides if components were found * Fix query element order for what-provides queries * validator: Demote developer-name-tag-deprecated to info severity for now * content-rating: Fix missing or wrong value descriptions for rating IDs * curl: Add transfer speed timeouts for HTTP downloads * curl: Retry operations on potentially transient errors Miscellaneous: * validator: Improve hint for content-attribute-value-invalid * Allow building without zstd temporarily - Drop patches, merged upstream: * 0001-validator-Demote-developer-name-tag-deprecated-to-in.patch * 0001-content-rating-Fix-missing-or-wrong-value-descriptio.patch * 0001-Fix-lib-name-for-Qt5-link-target.patch - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== MozillaFirefox ==== - Recommend libfido2-udev on codestreams that exist, in order to try to get security keys (e.g. Yubikeys) work out of the box. (bsc#1184272) ==== alsa ==== Version update (1.2.10 -> 1.2.11) Subpackages: libasound2 libatopology2 - Updated to alsa-lib 1.2.11: * auto-tools fixes, versioned symbol fixes * support dB TLVs for single controls * various PCM updates, including subformat extensions * UMP and sequencer API fixes For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.10_v1.2.11#alsa-lib - Dropped obsoleted patches: 0001-control.h-Fix-ump-header-file-detection.patch 0002-global.h-move-__STRING-macro-outside-PIC-ifdef-block.patch 0003-pcm-Fix-segfault-with-32bit-libs.patch 0004-reshuffle-included-files-to-include-config.h-as-firs.patch 0005-seq-Fix-typos-in-symbol-version-definitions.patch 0006-seq-Fix-invalid-sanity-check-in-snd_seq_set_input_bu.patch 0007-mixer-simple-Support-dB-TLVs-for-CTL_SINGLE-controls.patch 0008-seq-Clear-UMP-event-flag-for-legacy-apps.patch 0009-seq-Simplify-snd_seq_extract_output.patch 0010-seq-Check-protocol-compatibility-with-the-current-ve.patch ==== alsa-ucm-conf ==== Version update (1.2.10 -> 1.2.11) - Update to version 1.2.11: * Qualcomm, Mediatek, SOF soundwire, and various USB-audio profiles For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.10_v1.2.11#alsa-ucm-conf - Drop obsoleted patch: 0001-SplitPCM-Device-argument-may-not-be-set.patch ==== alsa-utils ==== Version update (1.2.10 -> 1.2.11) - Update to alsa-utils 1.2.11: * alsactl buffer overflow fix * alsatplg updates, NHLT ACPI parser updates * use smaller periods for speaker-test * add bandwidth-limited pink noise for speaker-test * aplay updates, including subformat extensions * compile warning fixes For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.10_v1.2.11#alsa-utils - Drop obsoleted patches: 0001-axfer-use-ATTRIBUTE_UNUSED-instead-remove-argument-n.patch 0002-amidi-use-ATTRIBUTE_UNUSED-instead-remove-argument-n.patch 0003-alsaloop-use-ATTRIBUTE_UNUSED-instead-remove-argumen.patch 0004-bat-use-ATTRIBUTE_UNUSED-instead-remove-argument-nam.patch 0005-seq-use-ATTRIBUTE_UNUSED-instead-remove-argument-nam.patch 0006-alsaucm-use-ATTRIBUTE_UNUSED-instead-remove-argument.patch 0007-topology-use-ATTRIBUTE_UNUSED-instead-remove-argumen.patch 0008-topology-include-locale.h.patch 0009-nhlt-dmic-info.c-include-sys-types.h.patch 0010-topology-pre-processor-Add-support-for-enum-controls.patch 0011-configure.ac-fix-UMP-support-detection.patch 0012-bat-really-skip-analysis-of-the-first-period-and-upd.patch 0013-topology-add-include-for-ENABLE_NLS-on-musl.patch 0014-nhlt-use-stdint.h-types.patch 0015-Revert-nhlt-dmic-info.c-include-sys-types.h.patch 0016-aplay-use-stdint.h-types-instead-u_int-u_short-u_cha.patch 0017-alsa-restore.rules-use-devnode-instead-number-atribu.patch 0018-nhlt-Revert-SSP_ANALOG-device_type-field.patch 0019-alsactl-fix-potential-buffer-overwrite.patch 0020-aplay-fix-buffer-overflow-and-tainted-format-string.patch 0021-misc-fix-incorrect-usages-of-strerror.patch 0022-aplay-Add-option-for-specifying-subformat.patch 0023-aplay-allow-to-compile-with-older-alsa-lib-subformat.patch 0024-aplay-log-pcm-status-before-reporting-a-fatal-error.patch 0025-aplay-enable-timestamps-by-default.patch 0026-aplay-status-dumps-are-called-only-in-verbose-mode.patch 0027-aplaymidi-Set-event-completely-for-tempo-event.patch ==== crypto-policies ==== Subpackages: crypto-policies-scripts - avoid the cycle rpm/cmake/crypto-policies/python-rpm-macros: we only need python3-base here, we don't need the python macros as no module is being built ==== cups ==== Subpackages: cups-client cups-config libcups2 libcupsimage2 - Removed outdated ntadmin stuff from cups.spec (boo#1219503) ==== cups-filters ==== Version update (1.28.15 -> 1.28.17) - Removed outdated and obsoleted "Requires: cups > 1.5.4" which was used to require a sufficient CUPS version at times when also CUPS <= 1.5.4 was available but it was not meant to require CUPS (boo#1216560) - Version upgrade to 1.28.17 See https://github.com/OpenPrinting/cups-filters/releases Bug fix release, to more reliably discover all printer capablities from driverless printers, especially borderless printing, and to preferably use Apple Raster instead of PWG Raster or PCLM. * libcupsfilters: In PPD generator create only one *cupsFilter2: line for raster. Only use the most desirable/reliable format, usually Apple Raster (Issue #498). * libcupsfilters: In get_printer_attributes() poll media-col-database separately if needed. On some printers one gets media-col-database only this way. Often it reveals important functionality, like for example borderless printing (Issue #492). * libcupsfilters: Let PPD generator also parse media-col-ready IPP attribute. media-col-ready lists the loaded media, in contrary to media-ready, as list of complete descriptions of the media (media-col data structure). This often lists also variants like borderless (it is the same physical paper). Especially useful when media-col-database is not available (Issue #492). * libcupsfilters: In generate_sizes() consider all margin alternatives. When generating the PPD file for a driverless printer, and in the media-{left,right,top,bottom}-margin-supported printer IPP attributes there was more than 1 value, the first value (which often was the 0 for borderless printing) was not considered, leaving the borderless functionality of many printers undiscovered (Issue #492). Issues are those at https://github.com/OpenPrinting/cups-filters/issues - Version upgrade to 1.28.16 See https://github.com/OpenPrinting/cups-filters/releases Bug fix release, to make images be printed in their original size with "print-scaling=none" and to not use deprecated data types for reading TIFF images. * imagetoraster, imagetopdf, libcupsfilters: Added support for reading the resolution of an image from its EXIF data when loading it. This way we get the image reproduced in its original size with "print-scaling=none" (Issue #362). * libcupsfilters: Replaced deprecated data types uint16 and uint32. The function to read TIFF image files via libtiff in cupsfilters/image-tiff.c uses the deprecated types uint16 and uint32. The replacements for these types are uint16_t and uint32_t. Issues are those at https://github.com/OpenPrinting/cups-filters/issues ==== drkonqi5 ==== Subpackages: drkonqi5-lang - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== emacs ==== Version update (29.1 -> 29.2) Subpackages: emacs-el emacs-eln emacs-info emacs-nox emacs-x11 etags - Update to GNU Emacs version 29.2 * Startup Changes in Emacs 29.2 On GNU/Linux, Emacs is now the default application for 'org-protocol'. Org mode provides a way to quickly capture bookmarks, notes, and links using 'emacsclient': emacsclient "org-protocol://store-link?url=URL&title=TITLE" * This is a bug-fix release with no new features. * Changes in Specialized Modes and Packages in Emacs 29.2 - Tramp New user option 'tramp-show-ad-hoc-proxies'. When non-nil, ad-hoc definitions are kept in remote file names instead of showing the shortcuts. * Incompatible Lisp Changes in Emacs 29.2 'with-sqlite-transaction' rolls back changes if its BODY fails. If the BODY of the macro signals an error, or committing the results of the transaction fails, the changes will now be rolled back. - Port patches mainly by correcting hunk offsets * emacs-24.1-ps-mule.patch * emacs-24.4-ps-bdf.patch * emacs-25.2-ImageMagick7.patch * emacs-27.1-Xauthority4server.patch * emacs-27.1-pdftex.patch * emacs-29.1.dif * pdump.patch ==== ffmpeg-4 ==== Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9 - drop support for libmfx, which is no longer supported upstream at all (boo#1219494) ==== glibc ==== Version update (2.38 -> 2.39) Subpackages: glibc-devel glibc-extra glibc-locale glibc-locale-base nscd - Update to glibc 2.39 * A new tunable, glibc.cpu.plt_rewrite, can be used to enable PLT rewrite on x86-64 * Sync with Linux kernel 6.6 shadow stack interface * struct statvfs now has an f_type member, equal to the f_type statfs member * On Linux, the functions posix_spawnattr_getcgroup_np and posix_spawnattr_setcgroup_np have been added, along with the POSIX_SPAWN_SETCGROUP flag * On Linux, the pidfd_spawn and pidfd_spawp functions have been added * On Linux, the pidfd_getpid function has been added * scanf-family functions now support the wN format length modifiers for arguments pointing to types intN_t, int_leastN_t, uintN_t or uint_leastN_t * A new tunable, glibc.mem.decorate_maps, can be used to add additional information on underlying memory allocated by the glibc * The <stdbit.h> header has been added from ISO C2X * On AArch64 new symbols were added to libmvec * The ldconfig program now skips file names containing ';' or ending in ".dpkg.tmp" or ".dpkg.new" * The dynamic linker calls the malloc and free functions in more cases during TLS access if a shared object with dynamic TLS is loaded and unloaded - aarch64-rawmemchr-unwind.patch, cache-amd-legacy.patch, cache-intel-shared.patch, call-init-proxy-objects.patch, fstat-implementation.patch, gb18030-2022.patch, getaddrinfo-eai-memory.patch, getaddrinfo-memory-leak.patch, getcanonname-use-after-free.patch, iconv-error-verbosity.patch, intl-c-utf-8-like-c-locale.patch, ldconfig-process-elf-file.patch, libio-io-vtables.patch, libio-wdo-write.patch, no-aaaa-read-overflow.patch, posix-memalign-fragmentation.patch, ppc64-flock-fob64.patch, qsort-invalid-cmp.patch, sem-open-o-creat.patch, setxid-propagate-glibc-tunables.patch, syslog-buffer-overflow.patch, tls-modid-reuse.patch, tunables-string-parsing.patch: Removed - syslog-buffer-overflow.patch: syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6246, CVE-2023-6779, CVE-2023-6780, bsc#1218863, bsc#1218867, bsc#1218868) - qsort-invalid-cmp.patch: qsort: handle degenerated compare function (bsc#1218866) - Change minimum GCC to 13 - Split off libnsl.so.1 into a separate package ==== gnome-remote-desktop ==== - Explict require higher version of gcc on SLE/Leap. ==== gstreamer ==== Version update (1.22.8 -> 1.22.9) Subpackages: gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.22.9: + Highlighted bugfixes in 1.22.9 - More Security fixes for the AV1 video codec parser - va: fixes for Mesa Gallium drivers in Mesa versions older than v23.2 - v4l2src: Consider framerate during caps selection - v4l2codec: decoder fixes - rtspsrc: multicast fixes - camerabin viewfinder fixes - various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + gstreamer - aggregator: fix use-after-free in queries processing - multiqueue: Ignore queue fullness for most events - Rebase reduce-required-meson.patch ==== gstreamer-plugins-bad ==== Version update (1.22.8 -> 1.22.9) Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.22.9: + av1parser: Fix potential stack overflow during tile list parsing (CVE-2024-0444, bsc#1219453, ZDI-CAN-22300) + camerabin: Correctly relink viewfinderbin_queue + GstPlay: Fix error details parsing + h264decoder: Handle malformed avc/avc3 packets + h264decoder: h265decoder: Align with wraparound fix + vp8decoder: vp9decoder: av1decoder: mpeg2decoder: Fix multiplication wraparound + vah264enc/vah264dec issues after recent upgrade to 1.22.8 from 1.22.7 + va: fixes for Mesa Gallium drivers in Mesa versions older than v23.2 + vp9parse: Fix critical warning during caps negotiation - Rebase reduce-required-meson.patch ==== gstreamer-plugins-base ==== Version update (1.22.8 -> 1.22.9) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.22.9: + audiobasesink: Don't wait on gap events + audioconvert: change gst_audio_convert_get_unit_size() log levels + glcolorconvert: Correct transform_caps direction + gloverlay: Apply updated overlay coordinates correctly + videorate: keep pool if max_buffers is unlimited - Rebase reduce-required-meson.patch ==== gstreamer-plugins-good ==== Version update (1.22.8 -> 1.22.9) Subpackages: gstreamer-plugins-good-extra gstreamer-plugins-good-gtk gstreamer-plugins-good-jack gstreamer-plugins-good-qtqml - Update to version 1.22.9: + rtpsession: Only warn once if configured latency needs to be known but isn't yet + rtphdrext-clientaudiolevel: Fix level value being written by the extension + rtspsrc: set multicast-iface on udpsinks and fix RTCP sink TTL + v4l2object: clear old fds when initializing poll during opening v4l2 device + v4l2src: Consider framerate during caps selection + vpxdec: Use appropriate domain and code for decoding errors - Rebase reduce-required-meson.patch ==== gstreamer-plugins-libav ==== Version update (1.22.8 -> 1.22.9) - Update to version 1.22.9: + No changes, stable bump only. - Rebase reduce-required-meson.patch. ==== gstreamer-plugins-ugly ==== Version update (1.22.8 -> 1.22.9) - Update to version 1.22.9: + No changes, stable bump only. - Rebase reduce-required-meson.patch. ==== inxi ==== Version update (3.3.31 -> 3.3.32) - - Updated to version 3.3.32: + /usr/share/doc/packages/inxi/inxi.changelog. ==== iproute2 ==== Version update (6.6 -> 6.7) Subpackages: iproute2-bash-completion - Update to release 6.7 * devlink: Support setting port function ipsec_crypto cap and ipsec_packet cap * iplink: bridge: Add support for bridge FDB learning limits * bridge: fdb: support match on source VNI, nexthop ID, destination VNI, destination port, destination IP address and [no]router flag in the flush command * bridge: mdb: Add get support ==== kernel-firmware ==== Version update (20240126 -> 20240201) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - More update on version 20240201 (git commit 3677750467cb): * linux-firmware: wilc1000: update WILC1000 firmware to v16.1.2 * rtl_nic: add firmware for RTL8126A (bsc#1217417) * qcom: Add Audio firmware for SM8550 HDK - Update to version 20240201 (git commit 1b24d7d3379b): * linux-firmware: intel: Add IPU6 firmware binaries * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.37 * Revert "amdgpu: DMCUB updates for various AMDGPU ASICs" * amdgpu: update SMU 13.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * brcm: Add brcmfmac43430-sdio.xxx.txt nvram for the Chuwi Hi8 (CWI509) tablet * amdgpu: DMCUB updates for various AMDGPU ASICs ==== kio ==== Subpackages: kio-core - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== kio-extras5 ==== Subpackages: libkioarchive5 - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== ksystemstats5 ==== - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== kwin5 ==== - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== libguestfs ==== Subpackages: libguestfs-appliance libguestfs-xfs libguestfs0 - BuildRequire pkgconfig(libzstd) additionaly to zstd: we need the devel package. In the past, it was pulled in by indirect deps. ==== libksysguard5 ==== Subpackages: ksysguardsystemstats-data libKSysGuardSystemStats1 libksysguard5-imports libksysguard5-plugins - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== libusb-1_0 ==== Version update (1.0.26 -> 1.0.27) - Update to version 1.0.27 * New libusb_init_context API to replace libusb_init * New libusb_get_max_alt_packet_size API * New libusb_get_platform_descriptor API (BOS) * Allow setting log callback with libusb_set_option/libusb_init_context * New WebAssembly + WebUSB backend using Emscripten * Fix regression in libusb_set_interface_alt_setting * Fix sync transfer completion race and use-after-free * Fix hotplug exit ordering * Linux: NO_DEVICE_DISCOVERY option set per context - added signature and keyring. (key received via keyserver) ==== libzio ==== Version update (1.08 -> 1.09) - Version 1.09: Allow to create files without suffix as well ==== mutter ==== - Drop mutter-SLE-bsc984738-grab-display.patch: It blocks non-CSD apps with GNOME 45, and the latest LTS Oracle Installer works fine without it, the original bug is not a problem (bsc#1218935). ==== netpbm ==== Version update (11.2.0 -> 11.5.2) Subpackages: libnetpbm11 - version update to 11.5.2 Release 11.05.02 + ppmtowinicon: fix array overrun with 4 and 8 bits per pixel. Release 11.05.01 Fix typo in ppmforge test case. Release 11.05.00 + pnmpad: Add -color, -promote, -extend-edge, -detect-background . + pnmconvol: Restore ability of convolution matrix to be a pseudo-plain-PNM with samples that exceed the maxval. Lost in 10.30 (October 2005) because maxval-checking code was added to libnetpbm. (Was fixed in 10.47.08 in November 2010, but only in the 10.47 series). + pnmindex: Improve failure mode when -size or -across is zero. + pnmindex: Make -plain work. + pnmpad: fix behavior with -left, -right, and -width together or - top, -bottom, -height together: ignores -width where it should fail. Broken in Netpbm 10.72 (September 2015). + pamtosvg: fix "zero determinant" failure. Introduced in Netpbm 11.04 (September 2023). + pjtoppm: fix crash based on uninitialized variable. Introduced in Netpbm 11.04 (September 2023). + ppmtopcxl: fix incorrect output with > 256 colors. Always broken. (Program was added in primordial Netpbm in 1990). + pbmtext: fix buffer overrun with insanely large input. + picttoppm: fix buffer overrun with insanely wide input. + ppmtoxpm: fix incorrect output with insanely large number of colors. + pnmscalefixed: fix incorrect output with really big image and - pixels option. + ppmdither: fix buffer overrun with insanely large dithering matrix. + pnmpad: no longer accept old-style options (e.g. -t50). + libnetpbm: Add pm_feed_from_file, pm_accept_to_files, pm_accept_to_filestream Standard Input feeder, Output accepter for pm_system. + libnetpbm, programs that use color maps: fix buffer overrun with insanely deep images. + merge build: Fix 'pnmcat'. Introduced in Netpbm 11.00 (September 2023). Release 11.04.00 + pamaddnoise: add -salt. + pamaddnoise: reject options that aren't meaningful for the type of noise specified rather than just ignore them. + ppmtosixel: Add -7bit, so it works on more terminals, including xterms. Thanks Scott Pakin. + g3topbm: Add -correctlong + pnmtojpeg: minor improvement to error messages about bad files. + pammixmulti: Remove disclaimer of patent license. + pamstack: Fix bug: acts like -firstmaxval specified when it wasn't. Introduced in Netpbm 11.03 (June 2023). + pamstack: Fix -lcmmaxval: chooses wrong maxval. Always broken (-lcmmaxval was new in Netpbm 11.03 (June 2023)). + pamstack: Fail gracefully when total number of planes is too large for unsigned integer. Always broken (Pamstack was new in Netpbm 10.0 (June 2002). + pamtosvg: fix hang. + ppmfade: fix "file not found" crash for most fade modes. Introduced in Netpbm 10.98 (March 2022). + ppmfade: fix incorrect block mode fade. Always broken (ppmfade was new in Netpbm 8.4 (April 2000)). + pamaddnoise: fix very incorrect noise added for all types. Introduced in Netpbm 10.94 (March 2021). + ppmrough: fix buffer overrun. Always broken (Ppmrough was new in Netpbm 10.9 (September 2002). ppmrough: fix excessive roughness. Introduced in Netpbm 10.94 (March 2021). + pgmtexture: Fix buffer overflow with maxval > 255. Always broken. Maxvals > 255 were possible starting in Netpbm 9.0 (April 2000). + pgmtexture: Fix bug: ignores -d. Introduced in Netpbm 10.56 (September 2011). + xwdtopnm Fix spurious output with really wide/deep rows. + imgtoppm: Fix spurious output with really wide/deep rows. + pbmtopgm: Fix error message for excessive -width. + pbmtoxbm: Fix spurious output with really wide rows. + tifftopnm: Fix incorrect output with insanely wide/deep rows. + thinkjettopbm: Fix incorrect output with insanely wide rows. + ybmtopbm: Fix incorrect output with insanely wide rows. + pjtoppm: Fix incorrect output with insanely large number of rows. + library: add check of maxval for computable size. + Build: Include LDFLAGS in link of shared library. * Release 11.03.00 + pamstack: Add -firstmaxval, -lcmmaxval + pnmcolormap: make result independent of how system's qsort orders records with equal keys. Affects pnmquant. + pamtopng: fix typo in error message about -chroma option. + pamtopng, pnmtopng, pngtopam: fix error message when something fails in libpng. Always broken (the programs were new in Netpbm 8.1 (March 2000)). - modified patches % netpbm-gcc-warnings.patch (refreshed) % netpbm-security-code.patch (refreshed) ==== pam ==== - Enable pam_canonicalize_user.so ==== pam-full-src ==== - Enable pam_canonicalize_user.so ==== parted ==== Version update (3.5 -> 3.6) Subpackages: libparted-fs-resize0 libparted2 - update to version 3.6: - Support GPT partition attribute bit 63 as no_automount flag - Add type commands to set type-id on MS-DOS and type-uuid on GPT - Add swap flag support to the dasd disklabel - Add display of GPT disk and partition UUIDs in JSON output refreshed patches: - parted-mac.patch - libparted-dasd-implicit-partition-disk-flag.patch - tests-disable.patch removed patches: - direct-handling-of-partition-type-id-and-uuid.patch - type-command.patch - libparted-dasd-improve-lvm-raid-flag-handling.patch - libparted-dasd-add-swap-flag-handling-for-DASD-CDL.patch ==== perl-gettext ==== - Run testsuite with locale LANG=en_US.UTF. It fails otherwise with glibc 2.39 ==== pipewire ==== Version update (1.0.1 -> 1.0.2) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.0.2: * Highlights - Fix v4l2 enumeration with filter. This should fix negotiation in some GStreamer pipelines with capsfilter. Also probe for EXPBUF support before using it. - Fix max-latency property and Buffer param when dealing with small ALSA device buffers. This should fix stuttering with some AMD based soundcards. - More small cleanups an improvements. * Modules - Improve netjack2 channel positions. - Improve RAOP module state after suspend/resume. (#3778) - Avoid crash in some LV2 plugins by configuring the Atom ports. (#3815) * SPA - Bump libcamera requirements to 0.2.0. - Try to avoid unaligned load exceptions. (#3790) - Fix v4l2 enumeration with filter. (#1793) - Fix max-latency property and Buffer param when dealing with small ALSA device buffers. This should fix stuttering with some AMD based soundcards. (#3744,#3622) - Add a resync.ms option to node.driver to make it possible to resync fast to clock jumps. - Probe for EXPBUF support in v4l2 before using it. (#3821) * pulse-server - Also emit change events when the port list change. * Bluetooth - Log a more verbose explanation when other soundservers seem to be interfering with bluetooth. - Add quirks for Rockbox Brick. (#3786) - Add quirks for SoundCore mini2. (#2927) * JACK - Improve check for the running state of clients. (#3794) - Drop patches already included by upstream: * 0001-spa-libcamera-use-CameraConfigurationorientation.patch * 0002-spa-libcamera-bump-minimum-supported-version-to-0.2.0.patch ==== plasma5-addons ==== Subpackages: plasma5-addons-lang - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== plasma5-workspace ==== Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-libs xembedsniproxy - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== pragha ==== Subpackages: pragha-lang pragha-plugins - Fix build for Leap 15.6 * Build with pkgconfig(gupnp-1.6) on 15.6 ==== python-Twisted ==== Subpackages: python311-Twisted python311-Twisted-tls - Add stop-using-3-arg-throw.patch: * Avoid 3-arg throw to fix a DeprecationWarning in Python 3.12. ==== python-jmespath ==== - switch to PEP517 / wheel build ==== python-pip ==== - Drop deprecated setup.py installmethod, bootstrap PEP517 with built-in pip instead - python3XX-pip-wheel can now be a regular subpackage - Drop obsolete python2 directives in specfile ==== python-pytz ==== Version update (2023.3.post1 -> 2023.4) - update to 2023.4: * Update olson to 2023d ==== python-rpm ==== - buildrequire setuptools ==== python-setuptools ==== Version update (69.0.2 -> 69.0.3) - update to 69.0.3: * Bugfixes - Retain valid names with underscores in egg_info. ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-transactional-update - Prevent directory traversal when creating syndic cache directory on the master (CVE-2024-22231, bsc#1219430) - Prevent directory traversal attacks in the master's serve_file method (CVE-2024-22232, bsc#1219431) - Added: * fix-cve-2024-22231-and-cve-2024-22232-bsc-1219430-bs.patch ==== sddm ==== Subpackages: sddm-branding-openSUSE sddm-greeter-qt5 - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== sendmail ==== Subpackages: libmilter1_0 - Correct permisson files path to /usr/share/permissions/permissions.d/ (boo#1219339) - Fix file provides of openssl and timeout - Avoid error messages of chkstat as this tools does not accept slashes at the end of directory paths! - Move sendmails permissions files to /usr/share/permissions/ - Work on certificates usage of smart and relay host - Work on certificates for running sendmail ==== shim ==== Version update (15.7 -> 15.8) -- Update to version 15.8 - Various CVE fixes are already merged into this version mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) - remove shim-Enable-the-NX-compatibility-flag-by-default.patch The codes in this patch are already existing in shim-15.8 The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now. - Patches (git log --oneline --reverse 15.7..15.8) 657b248 Make sbat_var.S parse right with buggy gcc/binutils 7c76425 Enable the NX compatibility flag by default. 89972ae CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper c7b3051 pe: Align section size up to page size for mem attrs e4f40ae pe: Add IS_PAGE_ALIGNED macro f23883c Don't loop forever in load_certs() with buggy firmware 1f38cb3 Optionally allow to keep shim protocol installed 102a658 Drop invalid calls to `CRYPTO_set_mem_functions` aae3df0 test-sbat: Fix exit code cca3933 Block Debian grub binaries with SBAT < 4 cf59f34 Further improve load_certs() for non-compliant drivers/firmwares 0601f44 SBAT-related documents formatting and spelling 0640e13 Add a security contact email address in README.md 0bfc397 Work around malformed path delimiters in file paths from DHCP a8b0b60 pe: only process RelocDir->Size of reloc section f7a4338 Skip testing msleep() 549d346 Rename 'msecs' to 'usecs' to avoid potential confusion 908c388 Change type of fallback_verbose_wait from int to unsigned long 05eae92 Add SbatLevel_Variable.txt to document the various revocations 243f125 Use -Wno-unused-but-set-variable for Cryptlib and OpenSSL 89d25a1 Add a make rule for compile_commands.json 118ff87 Add gnu-stack notes f132655 test: Make our fake dprintf be a statement. be00279 Remove CentOS 7 test builds. 9964960 Split pe.c up even more. 569270d Test (and fix) ImageAddress() 61e9894 Verify signature before verifying sbat levels 1578b55 Add libFuzzer support for csv.c a0673e3 Fix a 1-byte memory leak in .sbat parsing. e246812 Add libFuzzer support to the .sbat parser. fd43eda Work around ImageAddress() usage mistake 1e985a3 Correctly free memory allocated in handle_image() dbbe3c8 mok: Avoid underflow in maximum variable size calculation 04111d4 Make some of the static analysis tools a little easier to run 7ba7440 compile_commands.json: remove stuff clang doesn't like 66e6579 CVE-2023-40546 mok: fix LogError() invocation f271826 Add primitives for overflow-checked arithmetic operations. 8372147 pe-relocate: Add a fuzzer for read_header() 5a5147d CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries e912071 pe-relocate: make read_header() use checked arithmetic operations. 93ce255 CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat() e7f5fdf pe-relocate: Ensure nothing else implements CVE-2023-40550 afdc503 CVE-2023-40549 Authenticode: verify that the signature header is in bounds. 96dccc2 CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system dae82f6 Further mitigations against CVE-2023-40546 as a class ea0f9df Allow SbatLevel data from external binary b078ef2 Always clear SbatLevel when Secure Boot is disabled 7dfb687 BS Variables for bootmgr revocations a967c0e shim should not self revoke 577cedd Print message when refusing to apply SbatLevel e801b0d sbat revocations: check the full section name 0226b56 CVE-2023-40547 - avoid incorrectly trusting HTTP headers 6f0c8d2 Print errors when setting/clearing memory attrs 57c0eed Updated Revocations for January 2024 CVEs 49c6d95 Fix some minor ia32 build issues. be8ff7c post-process-pe: Don't set the NX_COMPAT flag by default after all. 13abd9f pe-relocate: Avoid __builtin_add_overflow() on GCC < 5 c46c975 Suppress "Failed to open <..>\revocations.efi" when file does not exist 30a4f37 Rename "previous" revocations to "automatic" 6f395c2 Build time selectable automatic SBATLevel revocations a23e2f0 netboot read_image() should not hardcode DEFAULT_LOADER 993a345 Try to load revocations.efi even if directory read fails 1770a03 gitmodules: use shim-15.8 for gnu-efi branch 5914984 (HEAD -> main, tag: latest-release, tag: 15.8, origin/main, origin/HEAD) Bump version to 15.8 ==== strace ==== - Enable SELinux Context Printing (--secontext). ==== systemd-presets-common-SUSE ==== - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84) Support both the old and new service to avoid complex version interdependency. ==== timezone ==== Version update (2023d -> 2024a) - Update to 2024a: * Kazakhstan unifies on UTC+5 beginning 2024-03-01 * Palestine springs forward a week later after Ramadan * zic no longer pretends to support indefinite-past DST * localtime no longer mishandles Ciudad JuÃ¡rez in 2422 ==== timezone-java ==== Version update (2023d -> 2024a) - Update to 2024a: * Kazakhstan unifies on UTC+5 beginning 2024-03-01 * Palestine springs forward a week later after Ramadan * zic no longer pretends to support indefinite-past DST * localtime no longer mishandles Ciudad JuÃ¡rez in 2422 - update to 2023d: * Ittoqqortoormiit, Greenland changes time zones on 2024-03-31. * Vostok, Antarctica changed time zones on 2023-12-18. * Casey, Antarctica changed time zones five times since 2020. * Code and data fixes for Palestine timestamps starting in 2072. * A new data file zonenow.tab for timestamps starting now. * Fix predictions for DST transitions in Palestine in 2072-2075, correcting a typo introduced in 2023a. * Vostok, Antarctica changed to +05 on 2023-12-18. It had been at +07 (not +06) for years. * Change data for Casey, Antarctica to agree with timeanddate.com, by adding five time zone changes since 2020. Casey is now at +08 instead of +11. * Much of Greenland, represented by America/Nuuk, changed its standard time from -03 to -02 on 2023-03-25, not on 2023-10-28. * localtime.c no longer mishandles TZif files that contain a single transition into a DST regime. Previously, it incorrectly assumed DST was in effect before the transition too. * tzselect no longer creates temporary files. * tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/. * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments. * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension. * zic no longer mishandles data for Palestine after the year 2075. ==== transmission ==== Subpackages: transmission-common transmission-gtk - Have transmission-daemon provide user(transmission) and group(transmission): the user/group are generated in the pre scriptlet using useradd/groupadd. ==== virt-v2v ==== Subpackages: virt-v2v-bash-completion - Relax the openssh requirement. Options passed to scp are known by openssh 8.4 - Move autoreconf from prep to build, to simplify quilt setup. ==== vlc ==== Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau - drop support for libmfx, which is no longer supported upstream at all (boo#1219494) ==== wicked ==== Subpackages: wicked-service - ifreload: VLAN changes require device deletion (bsc#1218927) [+ 0009-ifreload-VLAN-changes-require-device-deletion-bsc-12.patch] - ifcheck: fix config changed check (bsc#1218926) [+ 0008-ifcheck-fix-config-changed-check-bsc-1218926.patch] - client: fix exit code for no-carrier status (bsc#1219265) [+ 0007-Fix-ifstatus-exit-code-for-NI_WICKED_ST_NO_CARRIER-s.patch] - dhcp6: omit the SO_REUSEPORT option (bsc#1215692) [+ 0006-dhcp6-omit-the-SO_REUSEPORT-option-bsc-1215692.patch] - duid: fix comment for v6time (https://github.com/openSUSE/wicked/pull/989) [+ 0005-duid-fix-comment-for-v6time.patch] - rtnl: fix peer address parsing for non ptp-interfaces (https://github.com/openSUSE/wicked/pull/987, https://github.com/openSUSE/wicked/pull/988) [+ 0003-rtnl-pass-ifname-in-newaddr-parsing-and-logging.patch] [+ 0004-rtnl-parse-peer-address-on-non-ptp-interfaces.patch] - system-updater: Parse updater format from XML configuration to ensure install calls can run. (https://github.com/openSUSE/wicked/pull/985) [+ 0002-system-updater-Parse-updater-format-from-XML-configu.patch] ==== xdg-utils ==== - Update to version 1.2.0+20240130: * xdg-icon-resource: unbreak syntax by removing stray grave accent (boo#1219420) ==== xen ==== Version update (4.18.0_04 -> 4.18.0_06) Subpackages: xen-libs xen-tools-domU - Upstream bug fixes (bsc#1027519) 6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch 6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch 656ee5e1-x86emul-avoid-triggering-event-assertions.patch 656ee602-cpupool-adding-offline-CPU.patch 656ee6c3-domain_create-error-path.patch 6571ca95-fix-sched_move_domain.patch 6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch 65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch 65a7a0a4-x86-Intel-GPCC-setup.patch 65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch 65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch 65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) 65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) 65b8f9ab-VT-d-else-vs-endif-misplacement.patch - Patches dropped / replaced by newer upstream versions xsa449.patch xsa450.patch - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) xsa450.patch - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) xsa449.patch

1 0

New Arm Tumbleweed snapshot 20240131 released!
by Guillaume Gardet 02 Feb '24

02 Feb '24

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: cups (2.4.2 -> 2.4.7) curl (8.5.0 -> 8.6.0) fillup kexec-tools libbs2b libssh (0.10.5 -> 0.10.6) patterns-base permissions python-pygit2 (1.13.3 -> 1.14.0) python-rpm (4.18.0 -> 4.19.1) qt6-base rpm (4.18.0 -> 4.19.1) suse-module-tools (16.0.42 -> 16.0.43) vala-panel-appmenu virtiofsd (1.7.2 -> 1.10.1) vsftpd xz (5.4.5 -> 5.4.6) === Details === ==== cups ==== Version update (2.4.2 -> 2.4.7) Subpackages: cups-client cups-config libcups2 libcupsimage2 - Version upgrade to 2.4.7: See https://github.com/openprinting/cups/releases CUPS 2.4.7 is released to ship the fix for CVE-2023-4504 and several other changes, among them it is adding OpenSSL support for cupsHashData function and bug fixes. Detailed list: * CVE-2023-4504 - Fixed Heap-based buffer overflow when reading Postscript in PPD files * Added OpenSSL support for cupsHashData (Issue #762) * Fixed delays in lpd backend (Issue #741) * Fixed extensive logging in scheduler (Issue #604) * Fixed hanging of lpstat on IBM AIX (Issue #773) * Fixed hanging of lpstat on Solaris (Issue #156) * Fixed printing to stderr if we can't open cups-files.conf (Issue #777) * Fixed purging job files via cancel -x (Issue #742) * Fixed RFC 1179 port reserving behavior in LPD backend (Issue #743) * Fixed a bug in the PPD command interpretation code (Issue #768) Issues are those at https://github.com/OpenPrinting/cups/issues - Version upgrade to 2.4.6: See https://github.com/openprinting/cups/releases CUPS 2.4.6 is released to ship the fix for CVE-2023-34241 and two other bug fixes. Detailed list: * Fix linking error on old MacOS (Issue #715) * Fix printing multiple files on specific printers (Issue #643) * Fix use-after-free when logging warnings in case of failures in cupsdAcceptClient() (fixes CVE-2023-34241) Issues are those at https://github.com/OpenPrinting/cups/issues - Version upgrade to 2.4.5: See https://github.com/openprinting/cups/releases CUPS 2.4.5 is a hotfix release for a bug which corrupted locally saved certificates, which broke secured printing via TLS after the first print job. - Version upgrade to 2.4.4: See https://github.com/openprinting/cups/releases CUPS 2.4.4 release is created as a hotfix for segfault in cupsGetNamedDest(), when caller tries to find the default destination and the default destination is not set on the machine. - Version upgrade to 2.4.3: See https://github.com/openprinting/cups/releases CUPS 2.4.3 brings fix for CVE-2023-32324, several improvements and many bug fixes. CUPS now implements fallback for printers with broken firmware, which is not capable of answering to IPP request get-printer-attributes with all, media-col-database - this enables driverless support for bunch of printers which don't follow IPP Everywhere standard. Aside from the CVE fix the most important fixes are around color settings, printer application support fixes and OpenSSL support. Detailed list of changes: * Added a title with device uri for found network printers (Issues #402, #393) * Added new media sizes defined by IANA (Issues #501) * Added quirk for GoDEX label printers (Issue #440) * Fixed --enable-libtool-unsupported (Issue #394) * Fixed configuration on RISC-V machines (Issue #404) * Fixed the device_uri invalid pointer for driverless printers with .local hostname (Issue #419) * Fixed an OpenSSL crash bug (Issue #409) * Fixed a potential SNMP OID value overflow issue (Issue #431) * Fixed an OpenSSL certificate loading issue (Issue #465) * Fixed Brazilian Portuguese translations (Issue #288) * Fixed cupsd default keychain location when building with OpenSSL (Issue #529) * Fixed default color settings for CMYK printers as well (Issue #500) * Fixed duplicate PPD2IPP media-type names (Issue #688) * Fixed possible heap buffer overflow in _cups_strlcpy() (fixes CVE-2023-32324) * Fixed InputSlot heuristic for photo sizes smaller than 5x7" if there is no media-source in the request (Issue #569) * Fixed invalid memory access during generating IPP Everywhere queue (Issue #466) * Fixed lprm if no destination is provided (Issue #457) * Fixed memory leaks in create_local_bg_thread() (Issue #466) * Fixed media size tolerance in ippeveprinter (Issue #487) * Fixed passing command name without path into ippeveprinter (Issue #629) * Fixed saving strings file path in printers.conf (Issue #710) * Fixed TLS certificate generation bugs (Issue #652) * ippDeleteValues would not delete the last value (Issue #556) * Ignore some of IPP defaults if the application sends its PPD alternative (Issue #484) * Make Letter the default size in ippevepcl (Issue #543) * Now accessing Admin page in Web UI requires authentication (Issue #518) * Now look for default printer on network if needed (Issue #452) * Now we poll media-col-database separately if we fail at first (Issue #599) * Now report fax attributes and values as needed (Issue #459) * Now localize HTTP responses using the Content-Language value (Issue #426) * Raised file size limit for importing PPD via Web UI (Issue #433) * Raised maximum listen backlog size to INT MAX (Issue #626) * Update print-color-mode if the printer is modified ... changelog too long, skipping 14 lines ... see the above CUPS 2.4.3 changes ==== curl ==== Version update (8.5.0 -> 8.6.0) Subpackages: libcurl4 - Update to 8.6.0: [bsc#1219149, CVE-2024-0853] * Security fixes: - CVE-2024-0853: OCSP verification bypass with TLS session reuse * Changes: - add CURLE_TOO_LARGE, CURLINFO_QUEUE_TIME_T * Bugfixes: - altsvc: free 'as' when returning error - asyn-ares: with modern c-ares, use its default timeout - cf-socket: show errno in tcpkeepalive error messages - cmdline-opts: update availability for the *-ca-native options - configure: when enabling QUIC, check that TLS supports QUIC - content_encoding: change return code to typedef'ed enum - curl: show ipfs and ipns as supported "protocols" - CURLINFO_REFERER.3: clarify that it is the *request* header - dist: add tests/errorcodes.pl to the tarball - gen.pl: support ## for doing .IP in table-like lists - GHA: bump ngtcp2, gnutls, mod_h2, quiche - hostip: return error immediately when Curl_ip2addr() fails - http3/quiche: fix result code on a stream reset - http3: initial support for OpenSSL 3.2 QUIC stack - http: check for "Host:" case insensitively - http: fix off-by-one error in request method length check - http: only act on 101 responses when they are HTTP/1.1 - lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT - lib: error out on multissl + http3 - lib: fix variable undeclared error caused by `infof` changes - lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding - lib: strndup/memdup instead of malloc, memcpy and null-terminate - libssh2: use `libssh2_session_callback_set2()` with v1.11.1 - ngtcp2: put h3 at the front of alpn - openldap: fix an LDAP crash - openldap: fix STARTTLS - openssl: re-match LibreSSL deinit with init - rtsp: deal with borked server responses - sasl: make login option string override http auth - tool: prepend output_dir in header callback - tool_getparam: stop supporting `@filename` style for --cookie - transfer: fix upload rate limiting, add test cases - url: don't set default CA paths for Secure Transport backend - url: for disabled protocols, mention if found in redirect - vquic: extract TLS setup into own source - websockets: check for negative payload lengths * Remove patches fixed upstream: - curl-adjust-pollset-fix.patch - curl-tests-errorcodes.patch * Rebase dont-mess-with-rpmoptflags.patch ==== fillup ==== - remove bin symlink for non-suse distributions ==== kexec-tools ==== - add kexec-dont-use-kexec_file_load-on-xen.patch: kexec: don't use kexec_file_load on xen (bsc#1218590) ==== libbs2b ==== - Add libbs2b-clipping.patch to remove clipping of overloaded samples. Patch is taken from: https://github.com/alexmarsev/libbs2b For more details see: https://github.com/strawberrymusicplayer/strawberry/issues/1320 ==== libssh ==== Version update (0.10.5 -> 0.10.6) Subpackages: libssh-config libssh4 - Fix regression parsing IPv6 addresses provided as hostname * Added libssh-fix-ipv6-hostname-regression.patch - Update to version 0.10.6 https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-r… - Fix CVE-2023-6004: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (bsc#1218209) - Fix CVE-2023-48795: prefix truncation breaking ssh channel integrity (bsc#1218126) - Fix CVE-2023-6918: Added Missing checks for return values for digests (bsc#1218186) ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - patterns-base-fips: Require openssl-fips-provider when libopenssl is installed (meta package and libopenssl3) (boo#1219384). ==== permissions ==== Subpackages: chkstat permissions-config - Create directory /usr/share/permissions/permissions.d for packages to place their drop-ins. ==== python-pygit2 ==== Version update (1.13.3 -> 1.14.0) - update to 1.14.0: * Drop support for Python 3.8 * New `Repository.submodules` namespace * New `Repository.listall_mergeheads()`, `Repository.message`, `Repository.raw_message` and `Repository.remove_message()` * New `pygit2.enums` supersedes the `GIT_` constants * Now `Repository.status()`, `Repository.status_file()`, `Repository.merge_analysis()`, `DiffFile.flags`, `DiffFile.mode`, `DiffDelta.flags` and `DiffDelta.status` return enums * Now repository\'s `merge()`, `merge_commits()` and `merge_trees()` take enums/flags for their `favor`, `flags` and `file_flags` arguments. * Fix crash in filter cleanup * Documentation fixes * Remove deprecated `Repository.create_remote(...)` function, use instead `Repository.remotes.create(...)` * Deprecate `Repository.add_submodule(...)`, use `Repository.submodules.add(...)` * Deprecate `Repository.lookup_submodule(...)`, use `Repository.submodules[...]` * Deprecate `Repository.init_submodules(...)`, use `Repository.submodules.init(...)` * Deprecate `Repository.update_submodule(...)`, use `Repository.submodules.update(...)` * Deprecate `GIT_*` constants, use `pygit2.enums` * Passign dicts to repository\'s `merge(...)`, `merge_commits(...)` and `merge_trees(...)` is deprecated. Instead pass `MergeFavor` for the `favor` argument, `MergeFlag` for `flags`, and `MergeFileFlag` for `file_flags`. ==== python-rpm ==== Version update (4.18.0 -> 4.19.1) - Modernize python-rpm.spec to stop using deprecated macros (%python_build and %python_install). - update to rpm-4.19.1 ==== qt6-base ==== Subpackages: libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6Sql6 libQt6Test6 libQt6Widgets6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-platformtheme-gtk3 - Switch to the latest GCC version available in Leap - Replace 0001-Require-GCC-12.patch with 0001-Use-newer-GCC-on-Leap.patch ==== rpm ==== Version update (4.18.0 -> 4.19.1) - fix Source url to match what is listed on https://rpm.org/download.html - disable sysusers handling for now - update to rpm-4.19.1 * new spec snippet support for dynamic spec generation * new sysusers.d integration for automated user and group handling * new CMake build system * removal of various deprecated and/or unused APIs * various internal code cleanups - refreshed patches: * brp-compress-no-img.patch * brp.diff * brpcompress.diff * build.diff * enable-postin-scripts-error.diff * fileattrs.diff * findlang.diff * findsupplements.diff * langnoc.diff * macrosin.diff * platformin.diff * posttrans.diff * refreshtestarch.diff * rpm-findlang-inject-metainfo.patch * rpmqpack.diff * rpmrc.diff * selinux_transactional_update.patch * localetag.diff * weakdepscompat.diff * zstdpool.diff - deleted patches: * cpuid_lzcnt.patch * libmagic-exceptions.patch * remove-awk-dependency.patch * whatrequires-doc.diff * x86_64-microarchitectures.patch - new patches: * python_setup.diff * rpmsort_reverse.diff * canongnu.diff - new file: * build-aux.tar.bz2 (taken from rpm-4.18) - fix --runposttrans not working correctly with the --root option [bnc#1216091] ==== suse-module-tools ==== Version update (16.0.42 -> 16.0.43) Subpackages: suse-module-tools-scriptlets - Update to version 16.0.43: * macros.initrd: %regenerate_initrd_post: don't fail if mkdir is unavailable (boo#1217979) * Don't rebuild existing initramfs imagees if the environment variable SKIP_REGENERATE_ALL=1 is set (boo#1192014) * README: Update blacklist description (gh#openSUSE/suse-module-tools#71) ==== vala-panel-appmenu ==== Subpackages: appmenu-gtk-module-common appmenu-gtk2-module appmenu-gtk3-module libappmenu-gtk2-parser0 libappmenu-gtk3-parser0 - Fix CFLAGS and CXXFLAGS to use distro flags ==== virtiofsd ==== Version update (1.7.2 -> 1.10.1) - Fix CVE-2023-50711: vmm-sys-util: out of bounds memory accesses (bsc#1218502, bsc#1218500) - Update to version 1.10.1: * Bump version to v1.10.1 * Fix mandatory user namespaces * Don't drop supplemental groups in unprivileged user namespace * Bump version to v1.10.0 * Update rust-vmm dependencies (bsc#1218500) * Bump version to v1.9.0 - Spec: switch to using the upstream virtio-fs config file for qemu - Spec: switch back to greedy cargo updates of vendored dependencies ==== vsftpd ==== - Fix location of ftpusers in /usr/lib/pam.d/vsftpd (boo#1219362) ==== xz ==== Version update (5.4.5 -> 5.4.6) Subpackages: liblzma5 - Build static library on SLE - update to 5.4.6: * Fixed a bug involving internal function pointers in liblzma not being initialized to NULL. The bug can only be triggered if lzma_filters_update() is called on a LZMA1 encoder, so it does not affect xz or any application known to us that uses liblzma. * Fixed a regression introduced in 5.4.2 that caused encoding in the raw format to unnecessarily fail if --suffix was not used. For instance, the following command no longer reports that --suffix must be used: echo foo | xz --format=raw --lzma2 | wc -c * Fixed an issue on MinGW-w64 builds that prevented reading from or writing to non-terminal character devices like NUL. * Added a new test.

1 0