Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version... Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: ImageMagick curl freerdp2 gcc13 (13.2.1+git8761 -> 13.3.0+git8781) glibc kf6-qqc2-desktop-style libarchive libcap-ng (0.8.4 -> 0.8.5) libguestfs (1.52.0 -> 1.52.1) libqt5-qtlocation (5.15.13+kde6 -> 5.15.13+kde7) libqt5-qtwebengine (5.15.16 -> 5.15.17) libreoffice llvm18 (18.1.5 -> 18.1.6) lvm2 lvm2-device-mapper openSUSE-release (20240522 -> 20240524) openssl-3 pangomm1_4 (2.46.3 -> 2.46.4) patterns-desktop permissions (1699_20240513 -> 1699_20240521) polkit-default-privs (1550+20240430.5327266 -> 1550+20240522.4ba9229) python-requests (2.31.0 -> 2.32.2) qqc2-desktop-style (5.116.0 -> 5.116.1) sane-backends (1.3.0 -> 1.3.1) speech-dispatcher (0.12.0~rc2 -> 0.12.0~rc3) suse-module-tools (16.0.43 -> 16.0.44) talloc (2.4.1 -> 2.4.2) tdb (1.4.9 -> 1.4.10) tevent (0.16.0 -> 0.16.1) udisks2 (2.10.0 -> 2.10.1) vlc xen (4.18.2_02 -> 4.18.2_04) zsh === Details === ==== ImageMagick ==== Subpackages: libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - reverted update-alternatives usage removal [bsc#1122033][bsc#1220818] ==== curl ==== Subpackages: libcurl4 - Add split-provides for libcurl-devel -> libcurl-devel-doc. - Spin documentation off to libcurl-devel-doc, this saves buildroots 495 files and time (mandb is run in %posttrans). ==== freerdp2 ==== Subpackages: libfreerdp2-2 libwinpr2-2 - Multiple CVE fixes + Add freerdp-CVE-2024-32659.patch (bsc#1223346, CVE-2024-32659) - out-of-bounds read if `((nWidth == 0) and (nHeight == 0))` + Add freerdp-CVE-2024-32660.patch (bsc#1223347, CVE-2024-32660) - client crash via invalid huge allocation size + Add freerdp-CVE-2024-32661.patch (bsc#1223348, CVE-2024-32661) - client NULL pointer dereference + Add freerdp-CVE-2024-32658.patch (bsc#1223353, CVE-2024-32658) - out-of-bounds read in Interleaved RLE Bitmap Codec in FreeRDP based clients ==== gcc13 ==== Version update (13.2.1+git8761 -> 13.3.0+git8781) Subpackages: cpp13 libgccjit0-gcc13 libstdc++6-devel-gcc13 - Update to GCC 13.3 release ==== glibc ==== Subpackages: glibc-devel glibc-extra glibc-locale glibc-locale-base nscd - glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch: nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599, bsc#1223423, BZ #31677) - glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch: nscd: Avoid null pointer crashes after notfound response (CVE-2024-33600, bsc#1223424, BZ #31678) - glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch: nscd: Do not send missing not-found response in addgetnetgrentX (CVE-2024-33600, bsc#1223424, BZ #31678) - glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch: netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601, CVE-2024-33602, bsc#1223425, BZ #31680) - nscd-netgroup-cache-timeout.patch: Use time_t for return type of addgetnetgrentX (CVE-2024-33602, bsc#1223425) - glibc-fix-cve-2024-33599.patch: renamed - ulp-prologue-into-asm-functions.patch: Avoid creating ULP prologue for _start routine (bsc#1221940) - utmp-time-bits.patch: login: structs utmp, utmpx, lastlog _TIME_BITS independence (BZ #30701) - elf-parse-tunables.patch: elf: Only process multiple tunable once (BZ [#31686]) ==== kf6-qqc2-desktop-style ==== - Update qqc2-desktop-style-lang obsoleted version ==== libarchive ==== - Fix bsdunzip test failing due to a locale issue * fix-bsdunzip-test.patch ==== libcap-ng ==== Version update (0.8.4 -> 0.8.5) - Update to version 0.8.5: * Remove python global exception handler since it's deprecated * Make the utilities link against just built libraries * Remove unused macro in cap-ng.h - Remove libcap-ng.rpmlintrc, it doesn't seem to be used any more. ==== libguestfs ==== Version update (1.52.0 -> 1.52.1) Subpackages: libguestfs-appliance libguestfs-winsupport libguestfs-xfs libguestfs0 - Update to version 1.52.1 bug fix release (jsc#PED-6305) * There are no upstream release notes for verion 1.52.x * Several python fixes * Rework Std_utils.Option so it works like the OCaml stdlib module * Update common submodule to latest - Drop patches contained in new tarball Split-chown-parameter-on-character.patch Initialise-bar-fp-as-NULL.patch ==== libqt5-qtlocation ==== Version update (5.15.13+kde6 -> 5.15.13+kde7) - Update to version 5.15.13+kde7: * Update mapbox-gl-native (boo#1224376) ==== libqt5-qtwebengine ==== Version update (5.15.16 -> 5.15.17) - Add compatibility patches for ICU 75: * qt5-webengine-icu-75.patch * 0001-Use-default-constructor-in-place-of-self-delegation-.patch - Consequently build with a newer compiler on Leap 15 - Update to version 5.15.17: * Add option to chose python version for building 5.15 WebEngine * Update Chromium. Backported fixes: * [Backport] Security bug 325296797 * [Backport] CVE-2024-1059: Use after free in WebRTC * [Backport] Security bug 1518994 * Fixup for [Backport] Security bug 1519980 * [Backport] CVE-2024-1283: Heap buffer overflow in Skia * [Backport] CVE-2024-1060: Use after free in Canvas * [Backport] CVE-2024-1077: Use after free in Network * [Backport] Security bug 1519980 * [Backport] CVE-2024-0808: Integer underflow in WebUI * [Backport] CVE-2024-0807: Use after free in WebAudio * Fix ffmpeg assembly with newer binutil * [Backport] Security bug 1511689 * [Backport] CVE-2024-0224: Use after free in WebAudio * [Backport] CVE-2023-7024: Heap buffer overflow in WebRTC * [Backport] Security bug 1506535 * [Backport] CVE-2024-0519: Out of bounds memory access in V8 * [Backport] CVE-2024-0518: Type Confusion in V8 * [Backport] CVE-2024-0333: Insufficient data validation in Extensions * [Backport] CVE-2024-0222: Use after free in ANGLE * Fixup: [Backport] Security bug 1488199 * FIXUP: Fix compilation with system ICU * Fixup: [Backport] Security bug 1505632 * [Backport] Security bug 1505632 * [Backport] CVE-2023-6702: Type Confusion in V8 * [Backport] CVE-2023-6345: Integer overflow in Skia * Bump V8_PATCH_LEVEL * [Backport] Security bug 1488199 (2/2) * [Backport] Security bug 1488199 (1/2) * [Backport] CVE-2023-6510: Use after free in Media Capture * Fix building with system libxml2 * [Backport] CVE-2023-6347: Use after free in Mojo * [Backport] CVE-2023-6112: Use after free in Navigation * [Backport] CVE-2023-5997: Use after free in Garbage Collection - Drop patches, merged upstream: * 0001-Fix-building-with-system-libxml2.patch * qtwebengine-python3.patch * python311-fixes.patch - Update _service file, catapult snapshots are not needed anymore ==== libreoffice ==== Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-en libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - bsc#1224309: LibreOffice fails to build with ICU 75. - Add patch to fix bsc#1224309. * icu-74-compatibility.patch - Add required 'sed' usage during %prep to fix bsc#1224309. - These two changes have been applied on both Gentoo and Arch Linux, but originally they come from upstream. ==== llvm18 ==== Version update (18.1.5 -> 18.1.6) Subpackages: clang-tools clang18 libLLVM18 libclang-cpp18 libclang13 llvm18-gold - Update to version 18.1.6. * Fixes issues where LLVM is either generating the incorrect thunk for a function with aligned parameters or didn't correctly pass through the return value when StructRet was used. * `-Xclang -target-feature -Xclang +unaligned-scalar-mem` can be used to enable unaligned scalar memory accesses for CPUs that do not support unaligned vector accesses. `-mno-strict-align` will enable unaligned scalar and vector memory accesses. * Don't replace an aliasee with an alias that has weak linkage. This avoids incorrect linkage that can lead to using the wrong symbols during linking time. * Fixes build failures when compiling AVX512 code using `-march=native` on machines without AVX512. The problem was introduced in LLVM 18.1.5. * Fixes crash in AArch64 backend when having `true` or `false` as operand for `fcmp` instruction on IR level. * Fixes compiler crash when user specifies `-mno-evex512` with AVX512 features but no AVX512VL. * Fixes a bug that tries to do VBROADCAST_LOAD for `f16` without AVX2. - Rebase llvm-do-not-install-static-libraries.patch. ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - Use %patch -P N instead of deprecated %patchN syntax. ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Use %patch -P N instead of deprecated %patchN syntax. ==== openSUSE-release ==== Version update (20240522 -> 20240524) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openssl-3 ==== Subpackages: libopenssl3 - Security fix: [bsc#1224388, CVE-2024-4603] * Check DSA parameters for excessive sizes before validating * Add openssl-CVE-2024-4603.patch ==== pangomm1_4 ==== Version update (2.46.3 -> 2.46.4) - Update to version 2.46.4: + Coverage: Don't use deprecated pango_coverage_ref/unref() + Documentation: - Doxyfile.in: Don't hide undocumented classes - Remove AUTHORS, HACKING, README.SUN; add general info to README.md. + Meson build: - Detect if we build from a git subtree - Don't copy files with configure_file() - Fix the evaluation of is_git_build on Windows - Don't fail if warning_level=everything - Enable check section: run meson test (no tests defined as of now). ==== patterns-desktop ==== Subpackages: patterns-desktop-books patterns-desktop-imaging patterns-desktop-mobile patterns-desktop-multimedia - No longer recommend tlp: we have three (conflicting) power tuners by now, each is recommended by some pattern/feature: + tuned is recommended by the base patterns (installed on all systems) + power-daemon-profiles is recommended by GNOME and Plasma (GUI controlled) + tlp recommended by laptop pattern (tlp conflicts explicitly with the other two though). ==== permissions ==== Version update (1699_20240513 -> 1699_20240521) Subpackages: permctl permissions-config - Update to version 1699_20240521: * permctl: return special exit code in --warn mode if entries need fixing ==== polkit-default-privs ==== Version update (1550+20240430.5327266 -> 1550+20240522.4ba9229) - Update to version 1550+20240522.4ba9229: * whitelist gnome-remote-desktop (bsc#1222159) ==== python-requests ==== Version update (2.31.0 -> 2.32.2) - Update to 2.32.2 * To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0. - Update to 2.32.1 * Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (bsc#1224788, CVE-2024-35195) * verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. * Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. * Requests has officially added support for CPython 3.12 and dropped support for CPython 3.7. * Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling. ==== qqc2-desktop-style ==== Version update (5.116.0 -> 5.116.1) - Update to 5.116.1 - Changes since 5.116.0: * Extract translations into qqc2desktopstyle_qt5.pot * Really fix the translation file ==== sane-backends ==== Version update (1.3.0 -> 1.3.1) Subpackages: libsane1 sane-backends-autoconfig - Updated to sane-backends version 1.3.1 * Re-release of 1.3.0 because upstream unreleased 1.3.0 due to VCS issues. ( https://gitlab.com/sane-project/backends/-/issues/751 ) ==== speech-dispatcher ==== Version update (0.12.0~rc2 -> 0.12.0~rc3) Subpackages: libspeechd2 python311-speechd speech-dispatcher-module-espeak - Update to version 0.12.0~rc3: * Detect module failures from generic module. * Make the fallback espeak-ng and dummy modules hardcoded. * Better detect generic module failures to disable them. * pulse: Use asynchronous API to avoid buffer underruns. * generic: Make stripping punctuation use locale charset. - Add speech-dispatcher-missing-return-vals.patch: add missing return statements. ==== suse-module-tools ==== Version update (16.0.43 -> 16.0.44) Subpackages: suse-module-tools-scriptlets - Update to version 16.0.44: * Include unblacklist in initramfs (bsc#1224320) * regenerate-initrd-posttrans: run update-bootloader --refresh for XEN (bsc#1223278) ==== talloc ==== Version update (2.4.1 -> 2.4.2) Subpackages: libtalloc2 python3-talloc - Update to 2.4.2 * build with Python 3.12 (bso#15513) * documentation fixes * Update patch talloc-python3.5-fix-soabi_name.patch ==== tdb ==== Version update (1.4.9 -> 1.4.10) Subpackages: libtdb1 python3-tdb - Update to 1.4.10 * build with Python 3.12 (bso#15513) * documentation fixes * minor build fixes ==== tevent ==== Version update (0.16.0 -> 0.16.1) Subpackages: libtevent0 python3-tevent - Update to version 0.16.1 * build with Python 3.12 (bso#15513) * documentation fixes ==== udisks2 ==== Version update (2.10.0 -> 2.10.1) Subpackages: libudisks2-0 libudisks2-0_btrfs udisks2-bash-completion udisks2-zsh-completion - update to version 2.10.1 - Update Ukrainian translation - tests: Wipe used devices for LVM2 RAID tests - tests: Settle down before checking the LVM RAID MissingPhysicalVolumes property - tests: Rescan vdevs after lvm raid tests - Update German translation - tests: Mark UDF fstab filesystem tests as unstable - tests: Add offline and online filesystem grow tests - doc: Clarify the Filesystem.Size property presence - udiskslinuxfilesystem: Force native tools for mounted XFS fs size retrieval - udiskslinuxfilesystem: Refactor internal whitelists - tests: Fix Python class invocation in nvme tests - udisksctl: Add "--no-partition-scan" option for "loop-setup" command - tests: Fix regex escaping - integration-test: Fix invalid escaping - tests: Mark LVM RAID tests as unstable - tests: Fix LSM drive objects crawl - iscsi: Fix login on firmware-discovered nodes - udiskslinuxmanager: Properly handle disabled modules - tests: Replace deprecated unittest assert calls - udisksctl: Guard object lookup - Update ka.po - udiskslinuxloop: Avoid warnings on empty loop devices - Update Polish translation - Limit getting filesystem size only to Ext and XFS - build: Check for gobject-introspection m4 macro presence - tests: start the polkitd mock with the corresponding user if it exists - Drop merged upstream patches: 0001-doc-Clarify-the-Filesystem.Size-property-presence.patch 0001-udiskslinuxfilesystem-Force-native-tools-for-mounted.patch 0001-udiskslinuxfilesystem-Refactor-internal-whitelists.patch 0001-tests-Mark-UDF-fstab-filesystem-tests-as-unstable.patch 0001-tests-Add-offline-and-online-filesystem-grow-tests.patch ==== vlc ==== Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau - Add 770789f2.patch: Fix missing cast in chromaprint (boo#1223909). ==== xen ==== Version update (4.18.2_02 -> 4.18.2_04) Subpackages: xen-libs xen-tools-domU - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) 6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch - Upstream bug fixes (bsc#1027519) 6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch 6627a5fc-x86-MTRR-inverted-WC-check.patch 662a6a4c-x86-spec-reporting-of-BHB-clearing.patch 662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch 663090fd-x86-gen-cpuid-syntax.patch 663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch 663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch 663d05b5-x86-ucode-distinguish-up-to-date.patch 663eaa27-libxl-XenStore-error-handling-in-device-creation.patch ==== zsh ==== - Use %patch -P N instead of deprecated %patchN.