Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20240818 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: ImageMagick (7.1.1.35 -> 7.1.1.36) MozillaFirefox (128.0.3 -> 129.0) NetworkManager (1.48.6 -> 1.48.8) PackageKit SDL2 (2.30.4 -> 2.30.6) accountsservice apache-commons-logging (1.2 -> 1.3.3) apache2-mod_php8 (8.3.9 -> 8.3.10) binutils (2.42 -> 2.43) btrfsprogs (6.10 -> 6.10.1) bubblewrap (0.9.0 -> 0.10.0) curl (8.9.0 -> 8.9.1) emacs ethtool (6.9 -> 6.10) ffmpeg-6 gdm gegl gnome-bluetooth (46.0 -> 46.1) gnome-control-center (46.3 -> 46.4) gnome-remote-desktop (46.3 -> 46.4) gnome-shell gnome-software (46.3 -> 46.4) gnome-user-docs (46.1 -> 46.4) gom (0.5.2 -> 0.5.3) gpg2 guestfs-tools (1.53.1 -> 1.53.2) iproute2 (6.9 -> 6.10) kernel-firmware (20240728 -> 20240809) kernel-source (6.10.3 -> 6.10.5) kexec-tools (2.0.28 -> 2.0.29) lib2geom libadwaita (1.5.2 -> 1.5.3) libass (0.17.1 -> 0.17.3) libei (1.2.1 -> 1.3.0) libgphoto2 libheif (1.18.1 -> 1.18.2) liblc3 (1.0.4 -> 1.1.1) libnftnl (1.2.6 -> 1.2.7) libqt5-qtwebengine libshumate (1.2.2 -> 1.2.3) liburing libxml++30 (3.2.4 -> 3.2.5) lvm2 lvm2-device-mapper lz4 makedumpfile mutter ncurses (6.5.20240713 -> 6.5.20240810) openSUSE-release (20240812 -> 20240818) ovmf patterns-base patterns-media pcre2 (10.43 -> 10.44) php8 (8.3.9 -> 8.3.10) polkit protobuf protobuf-c ptools python-M2Crypto (0.40.0 -> 0.42.0) python-anyio (4.3.0 -> 4.4.0) python-argcomplete python-cryptography qt6-webengine rdma-core (52.0 -> 53.0) selinux-policy (20240809 -> 20240814) sensors shadow suse-module-tools (16.0.48 -> 16.0.49) sysvinit (3.08 -> 3.10) texlive totem-pl-parser (3.26.6 -> 3.26.6+30) unbound (1.20.0 -> 1.21.0) virt-v2v (2.5.5 -> 2.5.6) webkit2gtk3 (2.44.2 -> 2.44.3) wtmpdb (0.13.0+git.20240726 -> 0.13.0+git.20240814) xdm xfce4-notifyd (0.9.4 -> 0.9.6) xfwm4 yast2-bootloader (5.0.10 -> 5.0.11) === Details === ==== ImageMagick ==== Version update (7.1.1.35 -> 7.1.1.36) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.1.36 * uhdr.c: default initialize range field for hdr/sdr intent inputs to enc by @aayushsoni111 in #7482 * Fixed typo in documentation of MagickAdaptiveBlurImage by @JonahEMorgan in #7500 * Silence warning when freetype delegate is disabled. by @niclet in #7515 ==== MozillaFirefox ==== Version update (128.0.3 -> 129.0) - Mozilla Firefox 129.0 https://www.mozilla.org/en-US/firefox/129.0/releasenotes MFSA 2024-33 (bsc#1228648)) * CVE-2024-7518 (bmo#1875354) Fullscreen notification dialog can be obscured by document content * CVE-2024-7519 (bmo#1902307) Out of bounds memory access in graphics shared memory handling * CVE-2024-7520 (bmo#1903041) Type confusion in WebAssembly * CVE-2024-7521 (bmo#1904644) Incomplete WebAssembly exception handing * CVE-2024-7522 (bmo#1906727) Out of bounds read in editor component * CVE-2024-7523 (bmo#1908344) Document content could partially obscure security prompts * CVE-2024-7524 (bmo#1909241) CSP strict-dynamic bypass using web-compatibility shims * CVE-2024-7525 (bmo#1909298) Missing permission check when creating a StreamFilter * CVE-2024-7526 (bmo#1910306) Uninitialized memory used by WebGL * CVE-2024-7527 (bmo#1871303) Use-after-free in JavaScript garbage collection * CVE-2024-7528 (bmo#1895951) Use-after-free in IndexedDB * CVE-2024-7529 (bmo#1903187) Document content could partially obscure security prompts * CVE-2024-7530 (bmo#1904011) Use-after-free in JavaScript code coverage collection * CVE-2024-7531 (bmo#1905691) PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines - removed obsolete patches mozilla-bmo1905018.patch mozilla-bmo1504834-part3.patch mozilla-bmo1512162.patch mozilla-bmo1822730.patch mozilla-fix-aarch64-libopus.patch mozilla-partial-revert-1768632.patch - requires NSS 3.102.1 - extended mozilla-silence-no-return-type.patch ==== NetworkManager ==== Version update (1.48.6 -> 1.48.8) Subpackages: NetworkManager-bluetooth NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Update to version 1.48.8: + ovs: fix triggering stage3 activation without DHCP client initialized + config: parse autoconnect-ports value on config + ndisc: preserve router preferences ==== PackageKit ==== Subpackages: PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0 - Add PackageKit-mark-as-compulsory.patch: Prevent PackageKit from user uninstallable for most desktops (bsc#1226269). ==== SDL2 ==== Version update (2.30.4 -> 2.30.6) - Update to release 2.30.6 * Improved detection of Nintendo Switch Pro controller report mode * Fixed a rare crash when a controller is disconnected ==== accountsservice ==== Subpackages: libaccountsservice0 typelib-1_0-AccountsService-1_0 - Drop as-fate318433-prevent-same-account-multi-logins.patch. Gnome-shell now has similar functionality upstream. ==== apache-commons-logging ==== Version update (1.2 -> 1.3.3) - Upgrade to 1.3.3 * Bug Fixes: + * LOGGING-193: Update Log4j 2 OSGi imports #268. + * Fix PMD UnnecessaryFullyQualifiedName in SimpleLog. + * Fix NullPointerException in SimpleLog#write(Object) on null input. + Fix NullPointerException in SimpleLog#write(StringBuffer) on null input. - Includes changes from 1.3.2 * Fixed Bugs + LOGGING-190: Add OSGi metadata to enable Service Loader Mediator #234. + LOGGING-191: Apache commons logging shows 1.4 as latest release instead of 1.3.1. + Deprecate org.apache.commons.logging.LogSource.jdk14IsAvailable. - Includes changes from 1.3.1 * New features + Add Maven property project.build.outputTimestamp for build reproducibility. * Fixed Bugs + Remove references to very old JDK and Commons Logging versions #201. + Update from Logj 1 to the Log4j 2 API compatibility layer [#231]. + Allow Servlet 4 in OSGi environment #191. + Fix generics warnings #213. + LOGGING-189: Fix Import-Package entry for org.slf4j #188. - Includes changes from 1.3.0 * New Features: + Add support for Log4j API and SLF4J #177. + Deprecate org.apache.commons.logging.impl.WeakHashtable without replacement. LOGGING-188: Deprecate and disable `Jdk13LumberjackLogger` and `Log4JLogger`. LOGGING-173: + Deprecate and disable `AvalonLogger` and `LogKitLogger`. + LOGGING-165: Add Automatic-Module-Name Manifest Header for Java 9 compatibility. * Fixed Bugs: + LOGGING-163: BufferedReader is not closed properly. + LOGGING-177: Remove redundant initializer #46 + Use a weak reference for the cached class loader #71. + Add more entries to .gitignore file #25. + Minor Improvements #34. + [StepSecurity] ci: Harden GitHub Actions #145. + LOGGING-185: Replace custom code with `ServiceLoader` call. + Fix possible NPEs in LogFactoryImpl. + LOGGING-185: Fix failing tests #180. + Deprecate LogConfigurationException.cause in favor of getCause(). + Fix SpotBugs [ERROR] High: Found reliance on default encoding in org.apache.commons.logging.LogFactory.initDiagnostics(): new java.io.PrintStream(OutputStream) [org.apache.commons.logging.LogFactory] At LogFactory.java:[line 1205] DM_DEFAULT_ENCODING. + Fix SpotBugs [ERROR] Medium: Class org.apache.commons.logging.impl.WeakHashtable defines non-transient non-serializable instance field queue [org.apache.commons.logging.impl.WeakHashtable] In WeakHashtable.java SE_BAD_FIELD. + Set java.logging as optional module #183. + Fix SpotBugs [ERROR] Medium: Switch statement found in org.apache.commons.logging.impl.SimpleLog.log(int, Object, Throwable) where default case is missing [org.apache.commons.logging.impl.SimpleLog] At SimpleLog.java:[lines 505-522] SF_SWITCH_NO_DEFAULT. + Deprecate org.apache.commons.logging.impl.Jdk13LumberjackLogger.dummyLevel without replacement. - Remove deprecated patch files: * commons-logging-1.1.3-src-junit.diff * commons-logging-1.2-sourcetarget.patch * commons-logging-manifests.patch * no-tests.patch - Reinstate ant build (removed upstream) * add build.xml * add build.properties - Remove unnecessary dependencies * add commons-logging-1.3.3-dependencies.patch - Add upstream dev's public key to apache-commons-logging.keyring ==== apache2-mod_php8 ==== Version update (8.3.9 -> 8.3.10) - version update to 8.3.10 Core: Fixed bug GH-13922 (Fixed support for systems with sysconf(_SC_GETPW_R_SIZE_MAX) == -1). Fixed bug GH-14626 (Fix is_zend_ptr() for huge blocks). Fixed bug GH-14590 (Memory leak in FPM test gh13563-conf-bool-env.phpt. Fixed OSS-Fuzz #69765. Fixed bug GH-14741 (Segmentation fault in Zend/zend_types.h). Fixed bug GH-14969 (Use-after-free in property coercion with __toString()). Dom: Fixed bug GH-14702 (DOMDocument::xinclude() crash). Fileinfo: Fixed bug GH-14888 (README.REDIST.BINS refers to non-existing LICENSE). Gd: ext/gd/tests/gh10614.phpt: skip if no PNG support. restored warning instead of fata error. LibXML: Fixed bug GH-14563 (Build failure with libxml2 v2.13.0). Opcache: Fixed bug GH-14550 (No warning message when Zend DTrace is enabled that opcache.jit is implictly disabled). Output: Fixed bug GH-14808 (Unexpected null pointer in Zend/zend_string.h with empty output buffer). PDO: Fixed bug GH-14712 (Crash with PDORow access to null property). Phar: Fixed bug GH-14603 (null string from zip entry). PHPDBG: Fixed bug GH-14596 (crashes with ASAN and ZEND_RC_DEBUG=1). Fixed bug GH-14553 (echo output trimmed at NULL byte). Shmop: Fixed bug GH-14537 (shmop Windows 11 crashes the process). SPL: Fixed bug GH-14639 (Member access within null pointer in ext/spl/spl_observer.c). Standard: Fixed bug GH-14775 (range function overflow with negative step argument). Fix 32-bit wordwrap test failures. Fixed bug GH-14774 (time_sleep_until overflow). Streams: Fixed bug GH-14930 (Custom stream wrapper dir_readdir output truncated to 255 characters in PHP 8.3). Tidy: Fix memory leak in tidy_repair_file(). Treewide: Fix compatibility with libxml2 2.13.2. XML: Move away from to-be-deprecated libxml fields. Fixed bug GH-14834 (Error installing PHP when --with-pear is used). ==== binutils ==== Version update (2.42 -> 2.43) Subpackages: libctf-nobfd0 libctf0 - Update to version 2.43: * new .base64 pseudo-op, allowing base64 encoded data as strings * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported) * x86 Intel syntax now warns about more mnemonic suffixes * macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed * aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2 * s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust) * riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains) * arm: remove support for some old co-processors: Maverick and FPA * mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that * LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR * readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type * objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv * linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file <FILE> option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently - Removed binutils-2.42.tar.bz2, binutils-2.42-branch.diff.gz. - Added binutils-2.43.tar.bz2, binutils-2.43-branch.diff.gz. - Removed upstream patch riscv-no-relax.patch. - Rebased ld-relro.diff and binutils-revert-rela.diff. ==== btrfsprogs ==== Version update (6.10 -> 6.10.1) Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1 - update to 6.10.1 * mkfs: rework --rootdir traversal, skip hardlinks and create new inodes instead, also warn about them, this did not work as expected and will be fixed in the future * receive: search in older trees for UUIDs when detecting clone sources * libbtrfsutil: bindings available at https://pypi.org/project/btrfsutil * libbtrfs: * patchlevel version update 0.1.4 * cleanup in headers, removed unused definitions, no functional changes * don't ship list.h and rbtree.h * other: documentation updates ==== bubblewrap ==== Version update (0.9.0 -> 0.10.0) Subpackages: bubblewrap-zsh-completion - Update to version v0.10.0: * New features: Add the --[ro-]bind-fd option, which can be used to mount a filesystem represented by a file descriptor without time-of-check/time-of-use attacks. This is needed when resolving CVE-2024-42472 in Flatpak. * Other changes: Fix some confusing syntax in SetupOpFlag (no functional change). ==== curl ==== Version update (8.9.0 -> 8.9.1) Subpackages: curl-zsh-completion libcurl4 - Fix regression introduced in version 8.9.1: * sigpipe: init the struct so that first apply ignores * Add curl-sigpipe.patch - Update to 8.9.1: * Security fixes: - curl: ASN.1 date parser overread [bsc#1228535, CVE-2024-7264] * Bugfixes: - cmake: detect 'libssh' via 'pkg-config' - cmake: detect 'nettle' when building with GnuTLS - connect: fix connection shutdown for event based processing - curl: more defensive socket code for --ip-tos - CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching - CURLSHOPT_SHARE.md: mention sessions/cookies as not thread-safe - ftpserver.pl: make POP3 LIST serve content from the test file - lib: survive some NULL input args - os400: build cli manual. - os400: workaround an IBM ASCII run-time library bug - transfer: speed limiting fix for 32bit systems - vtls: avoid forward declaration in MultiSSL builds - x509asn1: unittests and fixes for gtime2str ==== emacs ==== Subpackages: emacs-el emacs-eln emacs-games emacs-info emacs-nox etags - Set find-function-C-source-directory in site-start so sources provided by the debugsource package can be found user intervention inside Emacs ==== ethtool ==== Version update (6.9 -> 6.10) Subpackages: ethtool-bash-completion - update to upstream release 6.10 * Feature: suport for PoE in PSE (--show-pse and --set-pse) * Feature: add statistics support to tsinfo (-T) * Feature: add JSON output to base command (no option) * Feature: add JSON output to EEE info (--show-eee) * Fix: qsfp: better handling on page 03h read failure (-m) * Fix: handle zero arguments for module eeprom dump (-m) * Fix: check for missing arguments in do_srxfh() (-X) * Misc: more descriptive error when JSON output is not available ==== ffmpeg-6 ==== Subpackages: libavcodec60 libavfilter9 libavformat60 libavutil58 libpostproc57 libswresample4 libswscale7 - Remove ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch and ffmpeg-6-CVE-2024-32228.patch to make the bot happy. - Renumber patches. - Disable ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch and ffmpeg-6-CVE-2024-32228.patch as they brake compilation with BUILD_ORIG enabled, i.e. Packman. ==== gdm ==== Subpackages: gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Add pam_pkcs11 as Recommends for smartcard login (bsc#1223580). - Fix applying patches when sle_version is defined ==== gegl ==== Subpackages: gegl-0_4 libgegl-0_4-0 - Add backported 66de8124.patch: Fix build against ffmpeg-7. ==== gnome-bluetooth ==== Version update (46.0 -> 46.1) Subpackages: libgnome-bluetooth-3_0-13 libgnome-bluetooth-ui-3_0-13 typelib-1_0-GnomeBluetooth-3_0 - Update to version 46.1: + This version contains translation updates and a bug fix for some device icons not appearing correctly. ==== gnome-control-center ==== Version update (46.3 -> 46.4) Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces gnome-control-center-users - Update to version 46.4: + Accessibility: Fix enum value for follow centered + Apps: Fix memory leak for MMManager object in default apps page + Network: Don't set empty ignored hosts + Privacy: Fix visibility issue of Bolt settings when Bolt isn't available + Users: - Avoid accidental mnemonics for user name rows - Show correctly the remaining list of fingerprints to enroll + WWAN: Fix crash on Unlock SIM dialog ==== gnome-remote-desktop ==== Version update (46.3 -> 46.4) - Update to version 46.4: + Gracefully handle invalid x224Crq data + Fix file descriptor leak + Updated translations. ==== gnome-shell ==== Subpackages: gnome-extensions gnome-shell-calendar - Drop gs-fate318433-prevent-same-account-multi-logins.patch. Upstream now does this. ==== gnome-software ==== Version update (46.3 -> 46.4) Subpackages: gnome-software-plugin-packagekit - Update to version 46.4: + Correct broken formatting when using <code> in AppStream metadata + Updated translations. ==== gnome-user-docs ==== Version update (46.1 -> 46.4) - Update to version 46.4: + Updates to GNOME Help. + Updated translations. ==== gom ==== Version update (0.5.2 -> 0.5.3) - Update to version 0.5.3: + Automatically ignore read-only properties + Add support for GParamSpec which are GBytes ==== gpg2 ==== Subpackages: dirmngr - Remove explicit runtime library dependency, pick ease of maintenance in Tumbleweed over mixed project use runtime bugs. ==== guestfs-tools ==== Version update (1.53.1 -> 1.53.2) - Update to version 1.53.2 (jsc#PED-6305) * Implement --inject-blnsvr operation * mlcustomize: firstboot: Use Linux path for Powershell script path * mlcustomize: firstboot: Use powershell.exe instead of path * mlcustomize: firstboot: Use Powershell -NoProfile flag * mlcustomize: Revert delay installation of qemu-ga MSI * mldrivers/linux_kernels.ml: Prefix general information with ^info: * mlcustomize: Use Start-Process -Wait to run qemu-ga installer * mlcustomize: Add Firstboot.firstboot_dir function * mlcustomize: Place powershell scripts into <firstboot_dir>\Temp * mlcustomize: Inject qemu-ga & blnsvr into <firstboot_dir>/Temp * mlcustomize: Write qemu-ga log file name to log.txt ==== iproute2 ==== Version update (6.9 -> 6.10) Subpackages: iproute2-bash-completion - Update to release 6.10 * ip: ipnexthop: Support dumping next hop group stats * ip: Support filter links with no VF info * ip: PFCP device support * ip link: hsr: Add support for passing information about INTERLINK device ==== kernel-firmware ==== Version update (20240728 -> 20240809) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20240809 (git commit 36db650dae03): * qcom: update path for video firmware for vpu-1/2/3.0 * QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00642 * rtw89: 8852c: add fw format-1 v0.27.97.0 * rtw89: 8852bt: add firmware 0.29.91.0 * amdgpu: Update ISP FW for isp v4.1.1 * mediatek: Update mt8195 SOF firmware * amdgpu: DMCUB updates for DCN314 * xe: First GuC release v70.29.2 for BMG * xe: Add GuC v70.29.2 for LNL * i915: Add GuC v70.29.2 for ADL-P, DG1, DG2, MTL, and TGL * i915: Update MTL DMC v2.22 * i915: update MTL GSC to v102.0.10.1878 * xe: Add BMG HuC 8.2.10 * xe: Add GSC 104.0.0.1161 for LNL * xe: Add LNL HuC 9.4.13 * i915: update DG2 HuC to v7.10.16 * amdgpu: Update ISP FW for isp v4.1.1 * QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00641 ==== kernel-source ==== Version update (6.10.3 -> 6.10.5) - Refresh patches.suse/Revert-ata-libata-scsi-Honor-the-D_SENSE-bit-for-CK_.patch. Update upstream status. - commit b7789d6 - netfilter: nfnetlink: Initialise extack before use in ACKs (netlink-crash). See: https://github.com/systemd/systemd/actions/runs/10282472628/job/28454253577?... - commit da1090b - btrfs: fix invalid mapping of extent xarray state (git-fixes). - commit b18d7b9 - Linux 6.10.5 (bsc#1012628). - drm/amd/display: Refactor function dm_dp_mst_is_port_support_mode() (bsc#1012628). - locking/pvqspinlock: Correct the type of "old" variable in pv_kick_node() (bsc#1012628). - perf/x86/intel/cstate: Add Arrowlake support (bsc#1012628). - perf/x86/intel/cstate: Add Lunarlake support (bsc#1012628). - perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra Forest (bsc#1012628). - platform/x86: intel-vbtn: Protect ACPI notify handler against recursion (bsc#1012628). - irqchip/mbigen: Fix mbigen node address layout (bsc#1012628). - platform/x86/intel/ifs: Initialize union ifs_status to zero (bsc#1012628). - jump_label: Fix the fix, brown paper bags galore (bsc#1012628). - perf/x86/amd: Use try_cmpxchg() in events/amd/{un,}core.c (bsc#1012628). - perf/x86/intel: Support the PEBS event mask (bsc#1012628). - perf/x86: Support counter mask (bsc#1012628). - perf/x86: Fix smp_processor_id()-in-preemptible warnings (bsc#1012628). - selftests: ksft: Fix finished() helper exit code on skipped tests (bsc#1012628). - x86/mm: Fix pti_clone_pgtable() alignment assumption (bsc#1012628). - x86/mm: Fix pti_clone_entry_text() for i386 (bsc#1012628). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (bsc#1012628). - power: supply: rt5033: Bring back i2c_set_clientdata (bsc#1012628). - sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1012628). - net: pse-pd: tps23881: Fix the device ID check (bsc#1012628). - gve: Fix use of netif_carrier_ok() (bsc#1012628). - virtio-net: unbreak vq resizing when coalescing is not negotiated (bsc#1012628). - net: usb: qmi_wwan: fix memory leak for not ip packets (bsc#1012628). - net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1012628). - net: linkwatch: use system_unbound_wq (bsc#1012628). - net: dsa: microchip: Fix Wake-on-LAN check to not return an error (bsc#1012628). - ice: Fix reset handler (bsc#1012628). - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (bsc#1012628). - Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv monitor (bsc#1012628). - net/smc: add the max value of fallback reason count (bsc#1012628). - net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1012628). - idpf: fix memory leaks and crashes while performing a soft reset (bsc#1012628). - idpf: fix UAFs when destroying the queues (bsc#1012628). - l2tp: fix lockdep splat (bsc#1012628). - net: bcmgenet: Properly overlay PHY and MAC Wake-on-LAN capabilities (bsc#1012628). - net: fec: Stop PPS on driver remove (bsc#1012628). - net: pse-pd: tps23881: include missing bitfield.h header (bsc#1012628). - net: dsa: microchip: disable EEE for KSZ8567/KSZ9567/KSZ9896/KSZ9897 (bsc#1012628). - regmap: kunit: Fix memory leaks in gen_regmap() and gen_raw_regmap() (bsc#1012628). - gpio: prevent potential speculation leaks in gpio_device_get_desc() (bsc#1012628). - hwmon: corsair-psu: add USB id of HX1200i Series 2023 psu (bsc#1012628). - Revert "rcu-tasks: Fix synchronize_rcu_tasks() VS zap_pid_ns_processes()" (bsc#1012628). - platform/chrome: cros_ec_lpc: Add a new quirk for ACPI id (bsc#1012628). - rcutorture: Fix rcu_torture_fwd_cb_cr() data race (bsc#1012628). - md: do not delete safemode_timer in mddev_suspend (bsc#1012628). - md: change the return value type of md_write_start to void (bsc#1012628). - md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1012628). - debugobjects: Annotate racy debug variables (bsc#1012628). - nvme: apple: fix device reference counting (bsc#1012628). - block: change rq_integrity_vec to respect the iterator (bsc#1012628). - rcu: Fix rcu_barrier() VS post CPUHP_TEARDOWN_CPU invocation (bsc#1012628). - clocksource/drivers/sh_cmt: Address race condition for clock events (bsc#1012628). - ACPI: battery: create alarm sysfs attribute atomically (bsc#1012628). - ACPI: SBS: manage alarm sysfs attribute through psy core ... changelog too long, skipping 636 lines ... - commit b60be3e ==== kexec-tools ==== Version update (2.0.28 -> 2.0.29) - update to 2.0.29: * update man and --help * powerpc/kexec_load: add hotplug support * kexec_load: Use new kexec flag for hotplug support * x86-linux-setup.c: Use POSIX basename API * LoongArch: fix load command line segment error * LoongArch: add multi crash kernel segment support * LoongArch: fix kernel image size error * Arm: Fix add_buffer_phys_virt() align issue * Fix incorrect Free Software Foundation address in the license * util_lib/elf_info.c: fix a warning * kexec_file: add kexec_file flag to support debug printing * workflow: update to use checkout@v4 - drop kexec-dont-use-kexec_file_load-on-xen.patch, upstream - drop fix-building-on-x86_64-with-binutils-2.41.patch, upstream - kexec-tools-riscv-hotplug.patch: Fix build for riscv64. ==== lib2geom ==== - Add skip_failing_tests_gcc14.diff to fix more instable intersection tests. This allows the 32bit version of the package to be built with GCC14. ==== libadwaita ==== Version update (1.5.2 -> 1.5.3) Subpackages: libadwaita-1-0 typelib-1_0-Adw-1 - Update to version 1.5.3: + AdwAlertDialog: Expose body text as a11y description + AdwDialog: - Fix a memory leak - Speed up switching presentation + AdwPreferencesPage: Add an a11y relation to the description + AdwSpinRow: Set accessible role to presentation + AdwSwitchRow: Set accessible role to switch + AdwTabBar/Overview: Fix a use after free when closing tabs + Stylesheet: Fix a specificity issue with scrolled windows in popovers + Docs: - Don't annotate user_data params with closure - Fix typos in migrating to breakpoints page + Updated translations. ==== libass ==== Version update (0.17.1 -> 0.17.3) - Update to 0.17.3: * Fix 0.17.2 regression in the fontconfig fontprovider leading to undesirable widths being chosen from large typographic families * Fix configure generated with slibtool-provided autoconf macros * Fix make check for shared-only builds * Constify some API parameters in a backwards-compatible manner * Add new ass_malloc and ass_free API functions * Tweak default optimization flags * Speed up parsing of events with very long override blocks * Improve handling of HarfBuzz-related failures - reintroduce 'make check' as the issue has been fixed upstream - Update to 0.17.2: * This release brings optimized assembly routines for aarch64, as well as numerous individual improvements and fixes. * Detailed Changes: - Fix rendering of \h in certain cases - Fix a minor memory leak in the CoreText and DirectWrite font provider - Fix wrong ASS_Image dimensions for huge BorderStyle=4 backgrounds potentially leading to out of bound reads by API users - Improve quality of animated rectangular clips - Improve accuracy of cache limits - Full-Unicode cmaps are now always preferred - Improve font selection compatibility in the DirectWrite font provider - Improved documentation - Updating selective overrides now forces a cache clear to avoid issues with outdated caches - Frame and storage resolutions are now limited to what a single ASS_Image can represent - make check now runs checkasm if assembly is enabled - CoreText can now be used on Mac OS X 10.5 - Meson/muon is now offered as a secondary build system bringing back first-party MSVC support - Note however it is not at feature parity with autotools in all cases - aarch64: add optimized assembly routines covering the same set as on x86; they work on both little and big endian systems - x86: add SSSE3 versions of some assembly routines to help CPUs without AVX2 - x86: it is now possible to build binaries with optimized assembly an SHSTK support - Improve VSFilter compatibility - 'make check' is broken for --disable-static builds because checkasm needs to access symbols that aren't part of the public API, so just disable it. - Require libunibreak during build for better linebreaking of unicode text. ==== libei ==== Version update (1.2.1 -> 1.3.0) - Update to release 1.3.0 * Devices without regions or with multiple regions previously failed region checks for touch events and absolute pointer events (now fixed). * liboeffis's ConnectToEIS dbus call is now async to avoid stalling the client. * many clarifications for ambiguity in the protocol documentation. ==== libgphoto2 ==== Subpackages: libgphoto2-6 libgphoto2_port12 - Adding libgphoto2-c99.patch so that the package builds for 32bit with GCC 14. - Using %autosetup -p1 because this is the prefered way to apply patches. ==== libheif ==== Version update (1.18.1 -> 1.18.2) Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openjpeg libheif-rav1e libheif-svtenc libheif1 - update to 1.18.2: * fix regression that Exif orientation was not correctly reset when converting rotated HEIF (heif-dec) * swap Exif width/height when rotating image by 90 degrees * fix memory leak in OpenJPEG decoding plugin * pay attention to DESTDIR variable when installing heif-convert symlink ==== liblc3 ==== Version update (1.0.4 -> 1.1.1) - Update to version 1.1.1: + Wasm Compilation cleanup + build: fix rpath issue + Add build-macos-meson job + Bluetooth Conformance test updated for LC3 - Changes from version 1.1.0: + LC3 Plus features + Python library wrapper + Add WASM compilation target ==== libnftnl ==== Version update (1.2.6 -> 1.2.7) - Update to release 1.2.7 * Avoid potential use-after-free when clearing set's expression list * Avoid misc buffer overflows in attribute setters * Implement nftnl_obj_unset symbol already exported in libnftnl.map * Remove unimplemented symbols from libnftnl.map * Validate per-expression and per-object attribute value and data length * Fix synproxy object setter with unaligned data ==== libqt5-qtwebengine ==== - Add ffmpeg 7 compatibility patch (Picked from Arch): * qt5-webengine-ffmpeg7.patch ==== libshumate ==== Version update (1.2.2 -> 1.2.3) Subpackages: libshumate-1_0-1 typelib-1_0-Shumate-1_0 - Update to version 1.2.3: + Fix build with -Dvector_renderer=false ==== liburing ==== - Skip test buf-ring-nommap.t if ENOMEM appears (happens in ppc64le arch). * test-buf-ring-nommap-skip-the-test-on-queue-init-ENO.patch ==== libxml++30 ==== Version update (3.2.4 -> 3.2.5) - Update to version 3.2.5: + Documentation: - Update Visual Studio build docs - Parser docs: Add a link to parser options + Meson build: - Detect if we build from a git subtree - Don't copy files with configure_file() - Fix the evaluation of is_git_build on Windows - Backport libxml2 CMake support from libxml++-5.0 - Don't fail if warning_level=everything - Don't require the 'dot' command to build the documentation - Add the build-manual option - Add bcrypt dependency when libxml2 is a subproject + Build: Make it compatible with libxml2 >= 2.12.0 by modifying [#]include directives - Add check section and run meson_test macro. ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - lvm2-monitor.service fails to start (boo#1228854) + bug-1228854_lvm2-monitor-service-start-after-system-fully-booted.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - lvm2-monitor.service fails to start (boo#1228854) + bug-1228854_lvm2-monitor-service-start-after-system-fully-booted.patch ==== lz4 ==== - Switch to cmake build system: Creates extra cmake modules for consuming projects ==== makedumpfile ==== - add (bsc#1226183) * make-reserve_diskspace-do-nothing-for-flattened-form.patch ==== mutter ==== - Fix build if sle_version is defined: Patch3 no longer exists, and add back Patch4 for SLE builds that was mistakenly removed in last change. ==== ncurses ==== Version update (6.5.20240713 -> 6.5.20240810) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add patch fix-20240810.patch * Workaround for changes in last patch 20240810 that is provide GLOB_FULLPATH_POSIX and GLOB_FULLPATH_OTHER in status script - Add ncurses patch 20240810 + modify misc/Makefile.in and misc/run_tic.in so that $DESTDIR is set and used only in the makefile. + modify CF_WITH_PKG_CONFIG_LIBDIR to allow for pkg-config using DOS/Windows pathname syntax (report by Eli Zaretskii). + improve glob-expressions in configure script + remove unused Get_Menu_Screen() macro from menu.priv.h + update config.guess, config.sub - Add ncurses patch 20240727 + improve formatting/style of manpages (patches by Branden Robinson). + fixes for compiler warnings/cppcheck. + modify wattron/wattroff calls in form/m_post.c to call wattr_on and wattr_off to omit cast used in the former for X/Open compatibility (patch by Bill Gray). + modify wezterm, omitting its broken left/right margin feature (report by Thayne McCombs) -TD - Modify patch ncurses-6.4.dif to get offsets correct - Add ncurses patch 20240720 + improve formatting/style of manpages (patches by Branden Robinson). + modify configure script and misc/Makefile to accept glob expressions that include Windows/DOS drive-letters (report by Eli Zaretskii). + fix misspelled ifdef and correct return-value of _nc_mingw_tcflush in win_driver.c (report/patch by Eli Zaretskii). ==== openSUSE-release ==== Version update (20240812 -> 20240818) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== ovmf ==== Subpackages: qemu-uefi-aarch64 - Add ovmf-x86_64-sev flavor to X64 against AMD SEV. - Moved "-D SECURE_BOOT_ENABLE" from OVMF_FLAGS to EXTRA_FLAGS_X64, , BUILD_OPTIONS_X86, BUILD_OPTIONS_AA64 and BUILD_OPTIONS_RV64 because SEV can NOT work with secure boot. - Removed ovmf-Revert-OvmfPkg-PlatformPei-Update-ReserveEmuVariable.patch because the SEV ovmf be separated from X64 ovmf as an independent flavor. - The original patch reverts "58eb8517ad OvmfPkg/PlatformPei: Update ReserveEmuVariableNvStore" which affects all ovmf flavor. - The secure boot be disabled in SEV flavor, so we do not need revert 58eb8517ad anymore. (bsc#1209266) - Add 50-ovmf-x86_64-sev.json to descriptors.tar.xz for SEV flavor - Removed features tag: "acpi-s3", "requires-smm", "secure-boot", "enrolled-keys" - Add features tag: "amd-sev", "amd-sev-es", "amd-sev-snp" ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - Remove nfsidmap, package got dropped - Remove nfs-client and autofs: in most scenarios, especially desktops, no longer used, but pull in many "deprecated" packages ==== patterns-media ==== Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd - Ensure autofs is on the DVD: it is tested by openQA in staging. ==== pcre2 ==== Version update (10.43 -> 10.44) Subpackages: libpcre2-16-0 libpcre2-32-0 libpcre2-8-0 - Fix GitHub issue #415: Test suite fails when targeting i686. The fix is taken straight from PR #418, also on GitHub. - Add patch file: * pcre2-10.44-github-issue-415.patch - update to 10.44: * This is mostly a bug-fix and tidying release. There is one new function, to set a maximum size for a compiled pattern. The maximum name length for groups is increased to 128. * Some auxiliary files for building under VMS are added. ==== php8 ==== Version update (8.3.9 -> 8.3.10) Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - version update to 8.3.10 Core: Fixed bug GH-13922 (Fixed support for systems with sysconf(_SC_GETPW_R_SIZE_MAX) == -1). Fixed bug GH-14626 (Fix is_zend_ptr() for huge blocks). Fixed bug GH-14590 (Memory leak in FPM test gh13563-conf-bool-env.phpt. Fixed OSS-Fuzz #69765. Fixed bug GH-14741 (Segmentation fault in Zend/zend_types.h). Fixed bug GH-14969 (Use-after-free in property coercion with __toString()). Dom: Fixed bug GH-14702 (DOMDocument::xinclude() crash). Fileinfo: Fixed bug GH-14888 (README.REDIST.BINS refers to non-existing LICENSE). Gd: ext/gd/tests/gh10614.phpt: skip if no PNG support. restored warning instead of fata error. LibXML: Fixed bug GH-14563 (Build failure with libxml2 v2.13.0). Opcache: Fixed bug GH-14550 (No warning message when Zend DTrace is enabled that opcache.jit is implictly disabled). Output: Fixed bug GH-14808 (Unexpected null pointer in Zend/zend_string.h with empty output buffer). PDO: Fixed bug GH-14712 (Crash with PDORow access to null property). Phar: Fixed bug GH-14603 (null string from zip entry). PHPDBG: Fixed bug GH-14596 (crashes with ASAN and ZEND_RC_DEBUG=1). Fixed bug GH-14553 (echo output trimmed at NULL byte). Shmop: Fixed bug GH-14537 (shmop Windows 11 crashes the process). SPL: Fixed bug GH-14639 (Member access within null pointer in ext/spl/spl_observer.c). Standard: Fixed bug GH-14775 (range function overflow with negative step argument). Fix 32-bit wordwrap test failures. Fixed bug GH-14774 (time_sleep_until overflow). Streams: Fixed bug GH-14930 (Custom stream wrapper dir_readdir output truncated to 255 characters in PHP 8.3). Tidy: Fix memory leak in tidy_repair_file(). Treewide: Fix compatibility with libxml2 2.13.2. XML: Move away from to-be-deprecated libxml fields. Fixed bug GH-14834 (Error installing PHP when --with-pear is used). ==== polkit ==== Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 pkexec typelib-1_0-Polkit-1_0 - BuildRequire gettext-devel instead of gettext: Allows OBS to shortcut throught gettext-runtime-mini. ==== protobuf ==== Subpackages: libprotobuf-lite25_4_0 libprotobuf25_4_0 - tweak and correct how minimum version of abseil is specified (20230125 to 20230125.3) - Remove explicit requirements of the protobuf-devel package, as the they are autogenerated when needed ==== protobuf-c ==== - BuildRequire a C++ compiler, previously pulled in via protobuf ==== ptools ==== - Added fix-32bit-cast.diff which replaces a cast which is OK for 64bit targets but not for 32 bit targets to make the package buildable with GCC 14 on i586. ==== python-M2Crypto ==== Version update (0.40.0 -> 0.42.0) - Update 0.42.0: - allow ASN1_{Integer,String} be initialized directly - minimal infrastructure for type hints for a C extension and some type hints for some basic modules - time_t on 32bit Linux is 32bit (integer) not 64bit (long) - EOS for CentOS 7 - correct checking for OpenSSL version number on Windows - make compatible with Python 3.13 (replace PyEval_CallObject with PyObject_CallObject) - fix typo in extern function signature (and proper type of engine_ctrl_cmd_string()) - move the package to Sorucehut - setup CI to use Sourcehut CI - setup CI on GitLab for Windows as well (remove Appveyor) - initial draft of documentation for migration to pyca/cryptography - fix Read the Docs configuration (contributed kindly by Facundo Tuesca) - Remove upstreamed 32bit_ASN1_Time.patch - Remove python-M2Crypto.keyring, because PyPI broke GPG support ==== python-anyio ==== Version update (4.3.0 -> 4.4.0) - update to 4.4.0: * Added the BlockingPortalProvider class to aid with constructing synchronous counterparts to asynchronous interfaces that would otherwise require multiple blocking portals * Added __slots__ to AsyncResource so that child classes can use __slots__ * Added the TaskInfo.has_pending_cancellation() method * Fixed erroneous RuntimeError: called 'started' twice on the same task status when cancelling a task in a TaskGroup created with the start() method before the first checkpoint is reached after calling task_status.started() * Fixed two bugs with TaskGroup.start() on asyncio: Fixed erroneous RuntimeError: called 'started' twice on the same task status when cancelling a task in a TaskGroup created with the start() method before the first checkpoint is reached after calling task_status.started() (#706; PR by Dominik Schwabe) Fixed the entire task group being cancelled if a TaskGroup.start() call gets cancelled (#685, #710) * Fixed erroneous RuntimeError: called 'started' twice on the same task status when cancelling a task in a TaskGroup created with the start() method before the first checkpoint is reached after calling task_status.started() * Fixed the entire task group being cancelled if a TaskGroup.start() call gets cancelled * Fixed a race condition that caused crashes when multiple event loops of the same backend were running in separate threads and simultaneously attempted to use AnyIO for their first time * Fixed cancellation delivery on asyncio incrementing the wrong cancel scope's cancellation counter when cascading a cancel operation to a child scope, thus failing to uncancel the host task * Fixed erroneous TypedAttributeLookupError if a typed attribute getter raises KeyError * Fixed the asyncio backend not respecting the PYTHONASYNCIODEBUG environment variable when setting the debug flag in anyio.run() * Fixed SocketStream.receive() not detecting EOF on asyncio if there is also data in the read buffer * Fixed MemoryObjectStream dropping an item if the item is delivered to a recipient that is waiting to receive an item but has a cancellation pending * Emit a ResourceWarning for MemoryObjectReceiveStream and MemoryObjectSendStream that were garbage collected without being closed (PR by Andrey Kazantcev) * Fixed MemoryObjectSendStream.send() not raising BrokenResourceError when the last corresponding MemoryObjectReceiveStream is closed while waiting to send a falsey item ==== python-argcomplete ==== - require ca-certificates-mozilla for the pip >= 24.2 ==== python-cryptography ==== - Fix building optimized binaries with debuginfo. - Update building of Rust modules to use modern cargo_vendor service - Remove unneeded use-offline-build.patch ==== qt6-webengine ==== Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports - Add patch to build qtwebengine with ffmpeg 7 (picked from Arch) * qtwebengine-ffmpeg-7.patch ==== rdma-core ==== Version update (52.0 -> 53.0) Subpackages: libefa1 libhns1 libibverbs libibverbs1 libmana1 libmlx4-1 libmlx5-1 librdmacm1 rdma-ndd - Update to rdma-core v53.0 - No release notes available - Remove Added-suffix-libdrm-to-CMakeLists.txt-for-drm.patch as it was merged upstream. ==== selinux-policy ==== Version update (20240809 -> 20240814) Subpackages: selinux-policy-targeted - Update to version 20240814: * Dontaudit dac_override of fstab generator (bsc#1229127) - Drop varrun-convert.sh script as it causes issues with container-selinux update (bsc#1228951) - Update to version 20240812: * Update libvirt policy * Add port 80/udp and 443/udp to http_port_t definition * Additional updates stalld policy for bpf usage * Label systemd-pcrextend and systemd-pcrlock properly * Allow coreos_installer_t work with partitions * Revert "Allow coreos-installer-generator work with partitions" * Add policy for systemd-pcrextend * Update policy for systemd-getty-generator * Allow ip command write to ipsec's logs * Allow virt_driver_domain read virtd-lxc files in /proc * Revert "Allow svirt read virtqemud fifo files" * Update virtqemud policy for libguestfs usage * Allow virtproxyd create and use its private tmp files * Allow virtproxyd read network state * Allow virt_driver_domain create and use log files in /var/log * Allow samba-dcerpcd work with ctdb cluster * Allow NetworkManager_dispatcher_t send SIGKILL to plugins * Allow setroubleshootd execute sendmail with a domain transition * Allow key.dns_resolve set attributes on the kernel key ring * Update qatlib policy for v24.02 with new features * Label /var/lib/systemd/sleep with systemd_sleep_var_lib_t * Allow tlp status power services * Allow virtqemud domain transition on passt execution * Allow virt_driver_domain connect to systemd-userdbd over a unix socket * Allow boothd connect to systemd-userdbd over a unix socket * Update policy for awstats scripts * Allow bitlbee execute generic programs in system bin directories * Allow login_userdomain read aliases file * Allow login_userdomain read ipsec config files * Allow login_userdomain read all pid files * Allow rsyslog read systemd-logind session files * Allow libvirt-dbus stream connect to virtlxcd ==== sensors ==== Subpackages: libsensors4 - Drop lm_sensors-revert-6b5a19b708.patch because the previously incompatible types have been changed in the callee in package rrdtool too, which means that there is a type incompatibility again. Because the other change reportedly makes more sense, I'm dropping this one. ==== shadow ==== Subpackages: libsubid5 login_defs - Disable flushing sssd caches. The sssd's files provider is no longer available. ==== suse-module-tools ==== Version update (16.0.48 -> 16.0.49) Subpackages: suse-module-tools-scriptlets - Update to version 16.0.49: * Require sdbootutil if already installed ==== sysvinit ==== Version update (3.08 -> 3.10) - Add patch killproc-2.23.dif * Fix shell command in Makefile to get detection statx declaration correct - Update to sysvinit 3.10 * When the user executes "machinectl stop", systemd sends SIGRTMIN+4 to PID 1 in the container, and expects that to initiate a graceful shutdown (power-off). SysV init now catches this signal and initiates a shutdown (shutdown -hP now). - floppym provided patch to accomplish this. * Fix issue in bootlogd which could cause the service to enter an endless loop (and use too much CPU) when it is able to open a device for writing, but not actually able to write to it. This resulted in bootlogd closing and re-opening the device over and over. Now bootlogd should simply fail gracefully when it cannot write to an open file/device. * Fix formatting in shutdown.8 manual page. Cleaned up whitespace and special characters. * Patch for man/Makefile to fix the clean recipe. Provided by Lucas Nussabaum and Mark Hindley * On Linux systems, allow reboot command to pass a message to the system firmware during the restart. This is accomplished with the -m flag. * Patch from kraj which allows hddown to compile when musl is the C library. ==== texlive ==== - Add patch source-pdftex-gcc14.patch * Add fix in change file pdftex.ch to really fix boo#1228342 (Thanks goes to Andreas Scherer) - Remove former work around - Added -Wno-error=incompatible-pointer-types to optflags to work around boo#1228342 and enable build with GCC 14 on 32bit architectures. ==== totem-pl-parser ==== Version update (3.26.6 -> 3.26.6+30) Subpackages: libtotem-plparser-mini18 libtotem-plparser18 typelib-1_0-TotemPlParser-1_0 - Update to version 3.26.6+30: + plparser: - Fix guard return type. - Fix TotemPlParserMetadata in bindings. - Fix return value from cancelled calls. - Fix retval when guard are triggered. + Various test fixes. + Updated translations. - Add pkgconfig(uchardet) BuildRequires and pass enable-uchardet=yes to meson, build ucharded support. - Use ldconfig_scriptlets macro for post(un) handling. ==== unbound ==== Version update (1.20.0 -> 1.21.0) Subpackages: libunbound8 unbound-anchor - Update to 1.21.0: Security Fixes: * Merge #1073: fix null pointer dereference issue in function ub_ctx_set_fwd. [CVE-2024-43167, bsc#1229068] Features: * Fix #1071: [FR] Clear both in-memory and cachedb module cache with `unbound-control flush*` commands. * Fix #144: Port ipset to BSD pf tables. * Add dnstap-sample-rate that logs only 1/N messages, for high volume server environments. Thanks Dan Luther. * Add root key 38696 from 2024 for DNSSEC validation. It is added to the default root keys in unbound-anchor. The content can be inspected with `unbound-anchor -l`. * Merge #1090: Cookie secret file. Adds `cookie-secret-file: "unbound_cookiesecrets.txt"` option to store cookie secrets for EDNS COOKIE secret rollover. The remote control add_cookie_secret, activate_cookie_secret and drop_cookie_secret commands can be used for rollover, the command print_cookie_secrets shows the values in use. Bug Fixes: * Fix CAMP issues with global quota. Thanks to Huayi Duan, Marco Bearzi, Jodok Vieli, and Cagin Tanir from NetSec group, ETH Zurich. * Fix CacheFlush issues with limit on NS RRs. Thanks to Yehuda Afek, Anat Bremler-Barr, Shoham Danino and Yuval Shavitt (Tel-Aviv University and Reichman University). * Merge #1062: Fix potential overflow bug while parsing port in function cfg_mark_ports. * Fix for #1062: declaration before statement, avoid print of null, and redundant check for array size. * Fix to squelch udp connect errors in the log at low verbosity about invalid argument for IPv6 link local addresses. * Fix when the mesh jostle is exceeded that nameserver targets are marked as resolved, so that the lookup is not stuck on the requestlist. * Add missing common functions to tdir tests. * Merge #1070: Fix rtt assignement for low values of infra-cache-max-rtt. * Merge #1069: Fix unbound-control stdin commands for multi-process Unbounds. * Fix unbound-control commands that read stdin in multi-process operation (local_zones_remove, local_zones, local_datas_remove, local_datas, view_local_datas_remove, view_local_datas). They will be properly distributed to all processes. dump_cache and load_cache are no longer supported in multi-process operation. * Remove testdata/remote-threaded.tdir. testdata/09-unbound-control.tdir now checks both single and multi process/thread operation. * Fix to print a parse error when config is read with no name for a forward-zone, stub-zone or view. * Fix for parse end of forward-zone, stub-zone and view. * Fix for #1064: Fix that cachedb expired messages are considered insecure, and thus can be served to clients when dnssec is enabled. * Fix #1059: Intermittent DNS blocking failure with local-zone and always_nxdomain. Addition of local_zones dynamically via unbound-control was not finding the zone's parent correctly. * Fix #1064: Unbound 1.20 Cachedb broken? * Fix unused variable warning on compilation with no thread support. * unbound-control-setup: check openssl availability before doing anything, patch from Michael Tokarev. * Update patch to remove 'command' shell builtin and update error text. * Fix to enable that SERVFAIL is cached, for a short period, for more cases. In the cases where limits are exceeded. * Fix spelling of tcp-idle-timeout docs, from Michael Tokarev. * Merge #1078: Only check old pid if no username. * Fix #1079: tags from tagged rpz zones are no longer honored after upgrade from 1.19.3 to 1.20.0. * Fix for #1079: fix RPZ taglist in iterator callback that no client info is like no taglist intersection. * Fix to squelch connection reset by peer errors from log. And fix that the tcp read errors are labeled as initial for the first calls. * Merge #1080: AddressSanitizer detection in tdir tests and memory leak fixes. * Fix memory leak when reload_keep_cache is used and num-threads changes. * Fix memory leak on exit for unbound-dnstap-socket; creates false negatives during testing. * Fix memory leak in setup of dsa sig. * Fix typos for 'the the' in text. * Fix validation for repeated use of a DNAME record. * Add unit test for validation of repeated use of a DNAME record. * Fix #1091: Build fails with OpenSSL >= 3.0 built with OPENSSL_NO_DEPRECATED. * Fix #1092: Ubuntu 22.04 Jammy fails to compile unbound 1.20.0; by adding helpful text for the Python interpreter version and allowing the default pkg-config unavailability error message to be shown. * Fix pkg-config availability check in dnstap/dnstap.m4 and systemd.m4. * Explicitly set the RD bit for the mesh query flags when prefetching. These queries have no waiting client but they need to be treated as recursive. * Fix ip-ratelimit-cookie setting, it was not applied. * Fix to remove unused include from the readzone test program. ... changelog too long, skipping 91 lines ... example.conf. ==== virt-v2v ==== Version update (2.5.5 -> 2.5.6) Subpackages: virt-v2v-bash-completion - Update to virt-v2v 2.5.6 (jsc#PED-6305) * -i ova: Ignore dot-underscore-files in OVA files * mlcustomize: firstboot: Use Linux path for Powershell script path * mlcustomize: firstboot: Use powershell.exe instead of path * mlcustomize: firstboot: Use Powershell -NoProfile flag * mlcustomize: Revert delay installation of qemu-ga MSI * --mac: Allow gw and len fields to be empty * Debugging enhancements ==== webkit2gtk3 ==== Version update (2.44.2 -> 2.44.3) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.44.3: + Fix web process cache suspend/resume when sandbox is enabled. + Fix accelerated images dissapearing after scrolling. + Fix video flickering with DMA-BUF sink. + Fix pointer lock on X11. + Fix movement delta on mouse events in GTK3. + Undeprecate console message API and make it available in 2022 API. + Fix several crashes and rendering issues. - Drop patches now upstream: 9d5844679af8f84036f1b800307e799bd7ab73ba.patch webkit2gtk3-CVE-2024-40776.patch webkit2gtk3-CVE-2024-40779.patch webkit2gtk3-CVE-2024-40780.patch webkit2gtk3-CVE-2024-40782.patch ==== wtmpdb ==== Version update (0.13.0+git.20240726 -> 0.13.0+git.20240814) Subpackages: libwtmpdb0 - Update to version 0.13.0+git.20240814: * wtmpdb-update-boot service requires dbus ==== xdm ==== - sysconfig/windowmanager is deprecated since 7 years, don't read it if it does not exist. ==== xfce4-notifyd ==== Version update (0.9.4 -> 0.9.6) Subpackages: xfce4-notifyd-lang - update to 0.9.6: * Use shared_module() for panel plugin meson build * Fix menu being destroyed before item activation handlers running * Translation Updates - update to 0.9.5: * Add an option to set the minimum width of notification windows * Fix include issue with meson build * Only emblem the panel plugin icon when theme lacks the 'new' variant * Destroy and recreate the panel menu every time it's popped up * Add meson build files * Fix uninitialized field warning * Move NOTIFICATIONS_SPEC_VERSION out of the build system * Remove redundant positioning code from Wayland path * Use different layer-shell anchors on Wayland * build: clang: Silence -Wcast-align * common: Explicitly depend on gio-unix-2.0 * Fix positioning on Wayland in multi-monitor setups * Set output on layer-shell surface on Wayland * Fix active-monitor notification positioning on Wayland * Translation Updates - Rebase xfce4-notifyd-relax-x11-version.patch ==== xfwm4 ==== Subpackages: xfwm4-lang - Fix user-after-free in tabwinRemoveClient with ce9f6e1187867c4fbb7935e08a9ab4d9d8dea8c3.patch (bsc#1228524) ==== yast2-bootloader ==== Version update (5.0.10 -> 5.0.11) - add arm and riscv64 as not supported for secure boot (bsc#1229070) - 5.0.11 - Rename menue_timeout (menü) to menu_timeout - Reference in text messages to menu