Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20240905 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: SDL2 (2.30.6 -> 2.30.7) gnome-autoar (0.4.4 -> 0.4.5) gnutls (3.8.6 -> 3.8.7) kernel-firmware (20240826 -> 20240903) kwalletmanager libjxl libjxl-gtk libvirt (10.6.0 -> 10.7.0) libwebp (1.3.2 -> 1.4.0) mozilla-nss (3.102.1 -> 3.103) openssl-3 osinfo-db power-profiles-daemon (0.21 -> 0.22) procps python-libvirt-python (10.6.0 -> 10.7.0) python-olefile (0.46 -> 0.47) ruby3.3 (3.3.4 -> 3.3.5) salt selinux-policy supermin (5.3.4 -> 5.3.5) xen xfsprogs (6.9.0 -> 6.10.1) xxhash zxing-cpp (2.1.0 -> 2.2.1) === Details === ==== SDL2 ==== Version update (2.30.6 -> 2.30.7) - Update to release 2.30.7 * Added support for the Retro-bit Controller in PS3 mode * Fixed the cursor becoming visible when using relative mode under XWayland * Fixed Direct Rendering Manager initialization failure on some Linux systems * Fixed a crash when the current mouse capture window is destroyed ==== gnome-autoar ==== Version update (0.4.4 -> 0.4.5) Subpackages: libgnome-autoar-0-0 libgnome-autoar-gtk-0-0 - Update to version 0.4.5: + mime-types: Add tar variant of bzip2 + extractor: Fix source string leak ==== gnutls ==== Version update (3.8.6 -> 3.8.7) Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit - Update to 3.8.7: * libgnutls: New configure option to compile out DSA support The --disable-dsa configure option has been added to completely disable DSA algorithm support. * libgnutls: Experimental support for X25519Kyber768Draft00 key exchange in TLS. For testing purposes, the hybrid post-quantum key exchange defined in draft-tls-westerbaan-xyber768d00 has been implemented using liboqs. Since the algorithm is still not finalized, the support of this key exchange is disabled by default and can be enabled with the --with-liboqs configure option. * Rebase patches: - gnutls-FIPS-140-3-references.patch - gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch ==== kernel-firmware ==== Version update (20240826 -> 20240903) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20240903 (git commit 96af55bd3d0b): * amdgpu: Revert sienna cichlid dmcub firmware update (bsc#1230007) * iwlwifi: add Bz FW for core89-58 release * rtl_nic: add firmware rtl8126a-3 * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) - Update to version 20240830 (git commit d6c600d46981): * amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351 * qcom: vpu: restore compatibility with kernels before 6.6 ==== kwalletmanager ==== Subpackages: kwalletmanager-lang - Add upstream fix (kde#492138): * 0001-Fix-service-file-name.patch ==== libjxl ==== Subpackages: libjxl0_10 libjxl0_10-x86-64-v3 - Update libjxl.spec: Add compiler condition to fix SLE-15-SP7 ppc64le build env. (bsc#1229831) ==== libjxl-gtk ==== Subpackages: gdk-pixbuf-loader-jxl gimp-plugin-jxl - Update libjxl.spec: Add compiler condition to fix SLE-15-SP7 ppc64le build env. (bsc#1229831) ==== libvirt ==== Version update (10.6.0 -> 10.7.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - Update to libvirt 10.7.0 - CVE-2024-8235, bsc#1230024 - Unconditionally disable building the interface driver - Remove SysV rc* compatibility symlinks - jsc#PED-8909 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v10-7-0-2024-09-02 ==== libwebp ==== Version update (1.3.2 -> 1.4.0) Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3 - Update to 1.4.0 & fix libwebp.changes header from previous commit: * further security related hardening in libwebp & examples * some minor optimizations in the lossless encoder * added WEBP_NODISCARD to report unused result warnings; enable with - DWEBP_ENABLE_NODISCARD=1 * improvements and corrections in webp-container-spec.txt and webp-lossless-bitstream-spec.txt (#611) * miscellaneous warning, bug & build fixes - Remove 0001-Fix-invalid-incremental-decoding-check.patch ==== mozilla-nss ==== Version update (3.102.1 -> 3.103) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools - update to NSS 3.103 * bmo#1908623 - move list size check after lock acquisition in sftk_PutObjectToList. * bmo#1899542: Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH, * bmo#1909638 - Follow-up to fix test for presence of file nspr.patch. * bmo#1903783: Adjust libFuzzer size limits * bmo#1899542: Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk * bmo#1899542: Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION - Add nss-reproducible-builds.patch to make the rpms reproducible, by using a hardcoded, static key to generate the checksums (*.chk-files) - Updated nss-fips-approved-crypto-non-ec.patch to enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). ==== openssl-3 ==== Subpackages: libopenssl3 libopenssl3-32bit libopenssl3-x86-64-v3 - Security fix: [bsc#1229465, CVE-2024-6119] * possible denial of service in X.509 name checks * openssl-CVE-2024-6119.patch ==== osinfo-db ==== - Add support for openSUSE Leap 15.7 (jsc#PED-8910) add-opensuse-leap-15.7-support.patch - Add support for SLE-15-SP7 (jsc#PED-8910) add-sle15sp7-support.patch ==== power-profiles-daemon ==== Version update (0.21 -> 0.22) Subpackages: powerprofilesctl-bash-completion powerprofilesctl-zsh-completion - Update to version 0.22: * power-profiles-daemon is now battery-level aware: some drivers use this value for better optimizations * AMD p-state improvements: + supports core performance boost when not in power-saver mode + uses minimum frequency to lowest non-linear frequency + more impervious to faulty firmware and kernel bugs * support for changing DPM clocks on amdgpu: explicitly set the DPM clocks down to "low" when in power-saver mode * powerprofilesctl can disable logind and upower integration * fix handling of turbo_pct, now assumed as not present by default * power-profiles-daemon.service further lockdown restrictions * start power-profiles-daemon.service after multi-user.target AND display-manager.target to avoid conflicts with module loading ==== procps ==== Subpackages: libproc2-0 procps-lang - procps-ng-4.0.4-idletime-no-tty.patch: don't print idle time without tty - procps-ng-4.0.4-w-array-bounds.patch: fix array bounds violation ==== python-libvirt-python ==== Version update (10.6.0 -> 10.7.0) - Update to 10.7.0 - Add all new APIs and constants in libvirt 10.7.0 - jsc#PED-8909 ==== python-olefile ==== Version update (0.46 -> 0.47) - Update to 0.47 * Now distributed as wheel package * Added VT_VECTOR support for properties * Added get_userdefined_properties * Fixed bugs in isOleFile and write_sect * Improved file closure - Drop README.html from %doc section - Drop README.rst from %doc section - Drop support for older Python versions - Limit Python files matched in %files section - Remove obsolete sed invocation to fix line endings - Switch build system from setuptools to pyproject.toml * Add python-pip and python-wheel to BuildRequires * Replace %python_build with %pyproject_wheel * Replace %python_install with %pyproject_install ==== ruby3.3 ==== Version update (3.3.4 -> 3.3.5) Subpackages: libruby3_3-3_3 - Added 7939.diff Cleanup binstub lock files https://github.com/rubygems/rubygems/issues/7997 https://github.com/rubygems/rubygems/pull/7939 - Update to 3.3.5 This is a routine update that includes minor bug fixes. We recommend upgrading your Ruby version at your earliest convenience. https://github.com/ruby/ruby/releases/tag/v3_3_5 ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-transactional-update - Set contextvars as a build requirement for package - Increase warn_until_date date for code we still support - The test_debian test now uses port 80 for ubuntu keyserver - Fix too frequent systemd service restart in test_system test - Added: * fix-test_debian-to-work-in-our-infrastructure-676.patch * fix-test_system-flaky-setup_teardown-fn.patch * fix-deprecated-code-677.patch ==== selinux-policy ==== Subpackages: selinux-policy-targeted - Fix macros.selinux-policy (bsc#1229132) - %selinux_modules_install and %selinux_modules_uninstall will now only execute load_policy if $TRANSACTIONAL_UPDATE is not set (aka only if they are not in a transactional system) - $TRANSACTIONAL_UPDATE is set here: https://github.com/openSUSE/transactional-update/blob/bd524d3ddfcd9aeebb7b90... ==== supermin ==== Version update (5.3.4 -> 5.3.5) - Update to version 5.3.5 (jsc#PED-8910) * Fix qemu-kvm example command ==== xen ==== Subpackages: xen-libs xen-tools xen-tools-domU - Fix build on aarch64 with gcc14 (bsc#1225953) 66d02b69-Arm64-adjust-irq_to_desc-to-fix-build-with-gcc14.patch ==== xfsprogs ==== Version update (6.9.0 -> 6.10.1) Subpackages: libhandle1 - update to 6.10.1 - fix C++ compilation errors in xfs_fs.h - ------------------------------------------------------------------ - update to 6.10.0 - debian: enable xfs_scrub_all systemd timer services by default - mkfs: set autofsck filesystem property - xfs_scrub: use the autofsck fsproperty to select mode - xfs_scrub: allow sysadmin to control background scrubs - xfs_property: add a new tool to administer fs properties - xfs_db: add a command to list xattrs - xfs_db: improve getting and setting extended attributes - xfs_io: edit filesystem properties - xfs_scrub: defer phase5 file scans if dirloop fails - xfs_repair: wipe ondisk parent pointers when there are none - xfs_scrub: detect and repair directory tree corruptions - xfs_repair: update ondisk parent pointer records - xfs_spaceman: report directory tree corruption in the health information - xfsprogs: support vectored scrub - man: document vectored scrub mode - man2: update ioctl_xfs_scrub_metadata.2 for parent pointers - mkfs: enable formatting with parent pointers - mkfs: Add parent pointers during protofile creation - xfs_repair: check parent pointers - xfs_db: compute hashes of parent pointers - xfs_db: add link and unlink expert commands - xfs_repair: build a parent pointer index - xfs_db: add a parents command to list the parents of a file - xfs_db: obfuscate dirent and parent pointer names consistently - xfs_db: report parent pointers embedded in xattrs - xfs_db: report parent bit on xattrs - xfs_db: report parent pointers in version command - xfs_scrub: use parent pointers to report lost file data - xfs_scrub: use parent pointers when possible to report file operations - xfs_logprint: decode parent pointers in ATTRI items fully - xfs_io: Add i, n and f flags to parent command - xfs_io: adapt parent command to new parent pointer ioctls - libfrog: report parent pointers to userspace - libfrog: add parent pointer support code - man: document the XFS_IOC_GETPARENTS ioctl - xfs_logprint: dump new attr log item fields - xfs_scrub_all: failure reporting for the xfs_scrub_all job - xfs_repair: check free space requirements before allowing upgrades - xfs_scrub_all: convert systemctl calls to dbus - xfs_scrub_all: trigger automatic media scans once per month - xfs_scrub: add an optimization-only mode - xfs_scrub_all: add CLI option for easier debugging - xfs_scrub_all: enable periodic file data scrubs automatically - xfs_scrub: automatic downgrades to dry-run mode in service mode - xfs_scrub_all: support metadata+media scans of all filesystems - xfs_scrub_all: fail fast on masked units - xfs_scrub_all: remove journalctl background process - xfs_scrub_all: only use the xfs_scrub@ systemd services in service mode - xfs_scrub: tune fstrim minlen parameter based on free space histograms - xfs_scrub: improve responsiveness while trimming the filesystem - xfs_scrub: tighten up the security on the background systemd service - xfs_scrub: don't call FITRIM after runtime errors - xfs_scrub: use dynamic users when running as a systemd service - xfs_scrub: report FITRIM errors properly - xfs_scrub.service: reduce background CPU usage to less than one core if possible - xfs_scrub: don't close stdout when closing the progress bar - xfs_scrub: fix the work estimation for phase 8 - libfrog: print cdf of free space buckets - libfrog: print wider columns for free space histogram - xfs_scrub: ignore phase 8 if the user disabled fstrim - xfs_scrub: move FITRIM to phase 8 - xfs_scrub: improve thread scheduling repair items during phase 4 - xfs_scrub: avoid potential UAF after freeing a duplicate name entry - xfs_scrub: enable users to bump information messages to warnings - xfs_scrub: retry incomplete repairs - xfs_scrub: warn about difficult repairs to rt and quota metadata - xfs_scrub: any inconsistency in metadata should trigger difficulty warnings - mkfs: add a formatting option for exchange-range - xfs_repair: add exchange-range to file systems - xfs_scrub: fix missing scrub coverage for broken inodes - xfs_scrub: log when a repair was unnecessary - libfrog: advertise exchange-range support - xfs_io: create exchangerange command to test file range exchange ioctl - xfs_fsr: skip the xattr/forkoff levering with the newer swapext implementations - xfs_fsr: convert to bulkstat v5 ioctls - xfs_logprint: support dumping exchmaps log items - xfs_db: advertise exchange-range in the version command - libfrog: add support for exchange range ioctl family - libhandle: add support for bulkstat v5 - man: document XFS_FSOP_GEOM_FLAGS_EXCHRANGE - man: document the exchange-range ioctl - xfs_repair: don't crash on -vv - xfsprogs: Remove support for split-/usr installs - libxfs: kernel sync - ------------------------------------------------------------------ ==== xxhash ==== - Add inline.patch to resolve FTBFS on gcc-14 + -Og. ==== zxing-cpp ==== Version update (2.1.0 -> 2.2.1) - Update to 2.2.1. Changes: * Fix ABI breakage from 2.2.0. - Changes from 2.2.0: * Rename DecodeHints to ReaderOptions. The old name is still available for backward API compatibility but deprecated. Since the C-API and the Qt wrapper code are not officially part of the library, they changed without backward compatibility. * WASM: bytes in ReadResult. * DataMatrix: use charset for encoding. * QRCode: Support QR Code Model1. * rMQR Code: Support Rectangular Micro QR Code. - Refresh patch: * cmake.patch