Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20240825 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa Mesa-drivers MozillaFirefox (129.0 -> 129.0.1) NetworkManager aaa_base (84.87+git20240809.5d13eb4 -> 84.87+git20240821.fbabe1d) apparmor audit-secondary bind (9.20.0 -> 9.20.1) bluez (5.71 -> 5.77) dbus-1 dracut (059+suse.636.g9a22b6b0 -> 059+suse.639.g49307b2a) ffmpeg-7 fwupd (1.9.23 -> 1.9.24) gnome-desktop (44.0 -> 44.1) gstreamer (1.24.6 -> 1.24.7) gstreamer-plugins-bad (1.24.6 -> 1.24.7) gstreamer-plugins-base (1.24.6 -> 1.24.7) gstreamer-plugins-libav (1.24.6 -> 1.24.7) gstreamer-plugins-ugly (1.24.6 -> 1.24.7) inn kmod (32 -> 33) libapparmor libheif liblouis (3.29.0 -> 3.30.0) libreoffice (24.2.5.2 -> 24.8.0.3) libtirpc (1.3.4 -> 1.3.5) nfs-utils openSUSE-release (20240820 -> 20240825) openjpeg2 rpcbind (1.2.6 -> 1.2.7) samba (4.20.2+git.350.4cfcde9cdb -> 4.20.4+git.356.d4a5fa2a818) selinux-policy (20240816 -> 20240823) spacenavd (1.2 -> 1.3) systemd-presets-common-SUSE yast2-storage-ng (5.0.15 -> 5.0.16) yast2-users (5.0.1 -> 5.0.2) === Details === ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - fix build with current rust-bindgen * u_fix_rust_bindgen.patch ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva - fix build with current rust-bindgen * u_fix_rust_bindgen.patch ==== MozillaFirefox ==== Version update (129.0 -> 129.0.1) - Mozilla Firefox 129.0.1 * Fixed playback issues on some websites with copyrighted video served via digital rights management. (bmo#1911283) * Fixed a crash when dragging a video file onto some websites (bmo#1910990) ==== NetworkManager ==== Subpackages: NetworkManager-bluetooth NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Add NetworkManager-dont-enforce-ip-cleanup-on-device-deactivating.patch: device: don't enforce IP cleanup on deactivating state (bsc#1228154, glfd#NetworkManager/NetworkManager!2016). ==== aaa_base ==== Version update (84.87+git20240809.5d13eb4 -> 84.87+git20240821.fbabe1d) Subpackages: aaa_base-extras - Update to version 84.87+git20240821.fbabe1d: * Add helper service for soft-reboot ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== audit-secondary ==== Subpackages: audit python3-audit system-group-audit - Remove rcaudit symlink [jsc#PED-266] ==== bind ==== Version update (9.20.0 -> 9.20.1) Subpackages: bind-doc bind-utils - Update to release 9.20.1 New Features: * Implement rndc retransfer -force. * A new optional argument -force has been added to the command rndc retransfer. When it is specified, named aborts the ongoing zone transfer (if there is one) and starts a new transfer. * dig now reports a missing QUESTION section for messages with opcode QUERY. * Query responses should contain the QUESTION section, with some exceptions. dig was not reporting this. Feature Changes: * Tighten max-recursion-queries and add max-query-restarts configuration statement. * There were cases when the max-recursion-queries quota was ineffective. It was possible to craft zones that would cause a resolver to waste resources by sending excessive queries while attempting to resolve a name. This has been addressed by correcting errors in the implementation of max-recursion-queries and by reducing the default value from 100 to 32. * In addition, a new max-query-restarts configuration statement has been added, which limits the number of times a recursive server will follow CNAME or DNAME records before terminating resolution. This was previously a hard-coded limit of 16 but is now configurable with a default value of 11. * ISC would like to thank Huayi Duan, Marco Bearzi, Jodok Vieli, and Cagin Tanir from NetSec group, ETH Zurich for discovering and notifying us about the issue. * Allow shorter resolver-query-timeout configuration. * The minimum allowed value of resolver-query-timeout was lowered from its previous value of 10 000 milliseconds (which is still the default) to 301 milliseconds. Note however that values of 1 to 300 inclusive are interpreted as seconds before applying the limit. A value of zero is interpreted as the default. * Raise the log level of priming failures. * When a priming query is complete, it was previously logged at level DEBUG(1), regardless of success or failure. It is now logged to NOTICE in the case of failure. Bug Fixes: * Fix a crash caused by valid TSIG signatures with invalid time. * An assertion failure was triggered when the TSIG had a valid cryptographic signature but the time was invalid. This could happen when the times between the primary and secondary servers were not synchronised. The crash has now been fixed. * Return SERVFAIL for a too long CNAME chain. * When following long CNAME chains, named was returning NOERROR (along with a partial answer) instead of SERVFAIL, if the chain exceeded the maximum length. This has been fixed. * Reconfigure catz member zones during named reconfiguration. * During a reconfiguration, named wasn’t reconfiguring catalog zones’ member zones. This has been fixed. * Update key lifetime and metadata after dnssec-policy reconfiguration. * Adjust key state and timing metadata if dnssec-policy key lifetime configuration is updated, so that it also affects existing keys. * Fix a crash during zone modification. * Fix an assertion failure that could happen when an authoritative zone was modified while the server was generating an answer from that zone. * Fix assertion failure when executing named-checkconf -v to print its version. * Fix generation of 6to4-self name expansion from IPv4 address. * The period between the most significant nibble of the encoded IPv4 address and the 2.0.0.2.IP6.ARPA suffix was missing, resulting in the wrong name being checked. This has been fixed. * dig +yaml was producing unexpected and/or invalid YAML. output. * SVBC ALPN text parsing failed to reject zero-length ALPN. * Fix false QNAME minimisation error being reported. * Remove the false positive success resolving log message when QNAME minimisation is in effect and the final result is an NXDOMAIN. * Fix --enable-tracing build on systems without dtrace. * A missing util/dtrace.sh file prevented builds on systems without the dtrace utility. This has been corrected. ==== bluez ==== Version update (5.71 -> 5.77) Subpackages: bluez-auto-enable-devices bluez-cups bluez-obexd bluez-zsh-completion libbluetooth3 - add bluez-no-cups-devel-buildreq.patch to avoid cups-devel buildrequires which results in an excessive build loop - update to 5.77: * Fix issue with storing and handling connection parameters. * Fix issue with handling device that are marked as temporary. * Fix issue with HID and special handling for non-keyboards. * Fix issue with BR/EDR not support when discoverable is off. * Add support for initial implementation of ASHA profile. * Fix issue with broadcast channel location and stream capabilities. * Fix issue with handling BIS management and synchronization. * Fix issue with handling Extended Advertising. * Fix issue with UserspaceHID and replay structures. * Add support for providing PPCP characteristic. * Fix issue with build system and header inclusion. * Fix issue with not enabling Wideband Speech when available. * Fix issue with UserspaceHID and Bluetooth Classic devices. * Fix issue with checking for services being connected. * Fix issue with GATT client connection creation. * Fix issue with OBEX and small file transfers. * Fix issue with handling pairing with Apple AirPods. * Fix issue with BAP and setting up broadcast source. * Fix issue with BAP and register all endpoints. * Fix issue with BAP and missing metadata property. * Fix issue with BAP and not handling out of order responses. * Fix issue with BAP and attempting to set device as connectable. * Add support for CCP plugin for call control profile. * Fix issue with BAP and handling stream IO linking. * Fix issue with BAP and setup of multiple streams per endpoint. * Fix issue with AVDTP and potential incorrect transaction label. * Fix issue with A2DP and handling crash on suspend. * Fix issue with GATT database and an invalid pointer. * Add support for AICS service. - drop bluez-test-2to3.diff, bluez-cups-libexec.patch: upstream has different solutions for ages, use those instead - drop fix-link-key-address-type.patch, fix-a2dp-suspend-crash.patch: upstream - add fix-a2dp-suspend-crash.patch (Issue #701 in upstream) ==== dbus-1 ==== Subpackages: dbus-1-common dbus-1-daemon dbus-1-tools libdbus-1-3 - Drop feature-suse-auto-socket-target-wants.patch and use the filesystem instead, this works more consistenly with dbus-broker - Add RH/Fedora compat provides dbus-libs to library package needed by Mullvad - Add feature-suse-auto-socket-target-wants.patch: move from static enable symlinks to systemd created symlinks otherwise it can't be enabled by systemd-presets-common-SUSE - Update feature-suse-refuse-manual-start-stop.patch: prevent killing the socket or user service aswell - common: dbus.socket still gets used after migration to dbus-broker so keep pre/post/postun scriptlets - Explicitly require /usr/bin/cmp for the post scripts instead of diffutils: allow other implementations like busybox-diffutils to be acceptable. - No longer start or offer starting dbus as a system service dbus-broker will be the only supported system dbus. Although the existing daemon will stay as some things (gdm) require dbus-run-session ==== dracut ==== Version update (059+suse.636.g9a22b6b0 -> 059+suse.639.g49307b2a) - Update to version 059+suse.639.g49307b2a: * feat(systemd*): include systemd config files from /usr/lib/systemd (bsc#1228398) ==== ffmpeg-7 ==== Subpackages: libavcodec61 libavfilter10 libavformat61 libavutil59 libpostproc58 libswresample5 libswscale8 - Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch to resolve build failure on armv7 [boo#1229338] ==== fwupd ==== Version update (1.9.23 -> 1.9.24) Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.9.24: + This release fixes the following bugs: - Add support for capsule on disk for Dell systems - Do not re-use the connection cache to fix Redfish BMC restart - Exclude known recovery partitions when choosing an ESP volume - Fix the VLI usb3 private flag registration + This release adds support for the following hardware: - More Mediatek scaler devices - Parade USB hubs ==== gnome-desktop ==== Version update (44.0 -> 44.1) Subpackages: libgnome-desktop-3-20 libgnome-desktop-3_0-common libgnome-desktop-4-2 typelib-1_0-GnomeBG-4_0 typelib-1_0-GnomeDesktop-4_0 - Update to version 44.1: + Fix compatibility with muslc + Fix GNOME_DESKTOP_IS_THUMBNAIL_FACTORY + Update default Indic input methods + Use ibus-chewing as the default input source for zh_TW + Updated translations. - Rebase gnome-desktop-switch-Japanese-default-input-to-mozc.patch ==== gstreamer ==== Version update (1.24.6 -> 1.24.7) Subpackages: gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.24.7: + Highlighted bugfixes: - Fix APE and Musepack audio file and GIF playback with FFmpeg 7.0 - playbin3: Fix potential deadlock with multiple playbin3s with glimagesink used in parallel - qt6: various qmlgl6src and qmlgl6sink fixes and improvements - rtspsrc: expose property to force usage of non-compliant setup URLs for RTSP servers where the automatic fallback doesn't work - urisourcebin: gapless playback and program switching fixes - v4l2: various fixes - va: Fix potential deadlock with multiple va elements used in parallel - meson: option to disable gst-full for static-library build configurations that do not need this - Various bug fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - bin: Don't keep the object lock while setting a GstContext when handling NEED_CONTEXT - core: Log pad name, not just the pointer ==== gstreamer-plugins-bad ==== Version update (1.24.6 -> 1.24.7) Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.24.7: + aom: av1enc: restrict allowed input width and height + h264parse: - bypass check for length_size_minus_one - Reject FD received before SPS + msdk: replace strcmp with g_strcmp0 + msdkvc1dec crashes (segfault) + rsvgoverlay: add debug category + va: - don't use GST_ELEMENT_WARNING in set_context() vmethod to fix potential deadlock - deadlock when playing two videos at once + webrtc: Add missing G_BEGIN/END_DECLS in header for C++ + wpe: initialize threading.ready before reading it - Drop 85b4fbf40b1d53a4141941abf70d2d4d83eb140e.patch: Fixed upstream. ==== gstreamer-plugins-base ==== Version update (1.24.6 -> 1.24.7) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.24.7: + pbutils: descriptions: use subsampling factor to get YUV subsampling + rtspconnection: Handle invalid argument properly + urisourcebin: - Actually drop EOS on old-school pad switch - Don't hold lock when emitting about-to-finish + gst-launch deadlock with two playbin3s + xvimagesink: Fix crash in pool on error - Add gst-plugins-base-decodebin3-collection-identity-check.patch: - Fixes a assertion causing crash on track change. Upstream bug: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3742 ==== gstreamer-plugins-libav ==== Version update (1.24.6 -> 1.24.7) - Update to version 1.24.7: + avdemux: Fix deadlock with FFmpeg 7.x when serialized events are received from upstream while opening, such as e.g. APE files with tags + libav: return EOF when stream is out of data + avdemux: Never return 0 from read function, which would lead to infinite loops ==== gstreamer-plugins-ugly ==== Version update (1.24.6 -> 1.24.7) - Update to version 1.24.7: + No changes, stable version bump only. ==== inn ==== - replace /var/run/news with /run/news in /usr/lib/tmpfiles.d/inn.conf * avoid warning: Line references path below legacy directory /var/run ==== kmod ==== Version update (32 -> 33) Subpackages: kmod-bash-completion libkmod2 - Update to release 33 * Add weak dependencies * Stop parsing .alias files from modprobe.d directories - Delete no-stylesheet-download.patch (merged) - Add 0001-testsuite-fix-path-for-test-user.patch ==== libapparmor ==== - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== libheif ==== Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openjpeg libheif-rav1e libheif-svtenc libheif1 - Add heif-convert to the files list of the heif-examples sub-package ==== liblouis ==== Version update (3.29.0 -> 3.30.0) Subpackages: liblouis-data liblouis20 python3-louis - Update to version 3.30.0: + Many changes. See NEWS. - Drop s390x-support.patch: fixed upstream. - Add m4 to BuildRequires. It is needed to build some of the translation tables. ==== libreoffice ==== Version update (24.2.5.2 -> 24.8.0.3) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-en libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-qt6 libreoffice-writer libreofficekit - Make the libassuan requirement more generic (bsc#1229103) - Update to 24.8.0.3 (24.8.0 final) https://wiki.documentfoundation.org/Releases/24.8.0/Beta1, https://wiki.documentfoundation.org/Releases/24.8.0/RC1, https://wiki.documentfoundation.org/Releases/24.8.0/RC2 and https://wiki.documentfoundation.org/Releases/24.8.0/RC3 - Removed patches: * cve-2024-5261.patch * icu-74-compatibility.patch * pdfium-optional.patch * use-fixmath-shared-library.patch + not needed with this version ==== libtirpc ==== Version update (1.3.4 -> 1.3.5) Subpackages: libtirpc-netconfig libtirpc3 - update to 1.3.5: * Try using a new abstract address when connecting to rpcbind * Change local_rpcb() to take a targaddr pointer. * Allow working with abstract AF_UNIX addresses. * rpcb_clnt.c: memory leak in destroy_addr * _rpc_dtablesize: Decrease the value of size. * netconfig: remove tcp6, udp6 on --disable-ipv6 * gssapi: fix rpc_gss_seccreate passed in cred * Revert commit f5b6e6fdb1e6 "gss-api: expose gss major/minor error in authgss_refresh()". ==== nfs-utils ==== Subpackages: libnfsidmap1 nfs-client nfs-kernel-server - add 0001-gssd-revert-commit-a5f3b7ccb01c.patch, 0002-gssd-revert-commit-513630d720bd.patch, 0003-gssd-switch-to-using-rpc_gss_seccreate.patch, 0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch, 0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch, 0006-configure-check-for-rpc_gss_seccreate.patch: fixes for libtirpc 1.3.5 ==== openSUSE-release ==== Version update (20240820 -> 20240825) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openjpeg2 ==== - Make version check for the work around reliable to not silently match Factory/Tumbleweed. - Work around a bug by cmake installing docs into the wrong directory when building for openSUSE Leap 15.5 ==== rpcbind ==== Version update (1.2.6 -> 1.2.7) - Update to rpcbind 1.2.7 https://sourceforge.net/projects/rpcbind/files/rpcbind/1.2.7/1.2.7-ChangeLog... * rpcinfo: try connecting using abstract address * Listen on an AF_UNIX abstract address if supported * autotools/systemd: call rpcbind with -w only on enabled warm starts * rpcbind: fix double free in init_transport - Refresh and rename patches (while turning them into git patches) * 0001-systemd-unit-files.patch -> 0001-systemd-rpcbind.service-Fix-ordering-add-etc-sysconf.patch * harden_rpcbind.service.patch -> 0001-systemd-rpcbind.service-Add-hardening-bsc-1181400.patch ==== samba ==== Version update (4.20.2+git.350.4cfcde9cdb -> 4.20.4+git.356.d4a5fa2a818) Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-libs samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs - Fix a crash when joining offline and 'kerberos method' includes keytab; (bsc#1228732). - Update to 4.20.4 * --version-* options are still not ergonomic, and they reject tilde characters; (bso#15673). - Update to 4.20.3 * Running samba-bgqd a a standalone systemd service does not work; (bso#15683). * When claims enabled with heimdal kerberos, unable to log on to a Windows computer when user account need to change their own password; (bso#15655). * Invalid client warning about command line passwords; (bso#15671). * Version string is truncated in manpages; (bso#15672). * cmdline_burn does not always burn secrets; (bso#15674). * Samba does not parse SDDL found in defaultSecurityDescriptor in AD_DS_Classes_Windows_Server_v1903.ldf; (bso#15685). * The images don\'t build after the git security release and CentOS 8 Stream is EOL; (bso#15660). * Fix clock skew error message and memory cache clock skew recovery; (bso#15676). * Heimdal ignores _gsskrb5_decapsulate errors in init_sec_context/repl_mutual; (bso#15603). * s4:ldap_server: does not support tls channel bindings for sasl binds; (bso#15621). * CTDB socket output queues may suffer unbounded delays under some special conditions; (bso#15678). ==== selinux-policy ==== Version update (20240816 -> 20240823) Subpackages: selinux-policy-targeted - Update to version 20240823: * Allow rasdaemon write access to sysfs (bsc#1229587) ==== spacenavd ==== Version update (1.2 -> 1.3) - Version 1.3 * Support for dominant axis mode. Dominant axis toggle can be bound as a button action. * Fixed device detection for some serial Spaceballs which were misdetected due to spurious data arriving before the "@reset". * Normalized default axis mapping/sign for CadMan USB and Spaceball 5000 USB. * Linux: stop using the evdev time field, which was dropped in 32bit linux for year 2038 compatibility. * Protocol: added missing set/get requests for the repeat interval. * Updated device blacklists to ignore 3Dconnexion keyboards/mice. * Build improvements and fixes for various platforms. - Add libXext as a build requires ==== systemd-presets-common-SUSE ==== - Add presets to enable dbus-broker.service for both system and user due to naming socket activation doesn't work directly. - Order .presets file alphabetically via service. ==== yast2-storage-ng ==== Version update (5.0.15 -> 5.0.16) - Tiny internal code reorganization to ease Agama development at gh#openSUSE/agama#1448. - 5.0.16 ==== yast2-users ==== Version update (5.0.1 -> 5.0.2) - Relax check in GECOS field (bsc#1228149): Allow any data except colons - 5.0.2