Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240927 -> 20240929)
flashrom (1.3.0 -> 1.4.0)
libnetfilter_conntrack (1.0.9 -> 1.1.0)
libopenmpt (0.7.9 -> 0.7.10)
python-greenlet (3.1.0 -> 3.1.1)
python-passlib
toolbox
=== Details ===
==== MicroOS-release ====
Version update (20240927 -> 20240929)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== flashrom ====
Version update (1.3.0 -> 1.4.0)
- Add doc and bash-completion subpackages
- Update to 1.4.0:
- Full changelog: https://www.flashrom.org/release_notes/v_1_4.html
==== libnetfilter_conntrack ====
Version update (1.0.9 -> 1.1.0)
- Update to release 1.1.0
* Enhancements for filtering dump and flush commands, see
struct nfct_filter_dump and nfct_nlmsg_build_filter().
* ctnetlink event BPF fixes (endianness issue, IPv6 matching)
and enhancements (zone matching).
==== libopenmpt ====
Version update (0.7.9 -> 0.7.10)
- Update to 0.7.10:
* [Change] FST was added to the list of supported file extension.
AMP uses this extension for multichannel MODs.
* [Bug] The Android NDK build system did not enable C++20 when
available.
* Fixed inconsistency in length calculation and actual playback
length with tempo commands below 32 BPM in various formats
(MDL, MED among others).
* MED: Command 09 (set speed) was limited to 20 ticks per row
instead of 32 ticks per row.
* MED: Allow tempo parameters < 32 BPM.
* MED: Disallow free panning if hardware mixing is enabled.
* For MOD-style vibrato, a speed parameter of 0 was not treated
as effect memory. Vibrato speed is now correct for both vibrato
commands.
* MED: Fix pattern index exhaustion in modules with multiple
subsongs.
* OKT: Don't drop global commands when setting paired channel
volume, and try to write channel volume on the next row in this
situation.
* PTM: Use square root pan law, like in XM files.
* SFX: Ignore unused data at end of oneshot samples which
sometimes caused clicky noises.
* SFX: More accurate implementation of arpeggio effect.
==== python-greenlet ====
Version update (3.1.0 -> 3.1.1)
- Fix build error under Leap.
- Update to 3.1.1
* Fix crashes on 32-bit PPC Linux. Note that there is no CI for this,
and support is best effort; there may be other issues lurking.
* Remove unnecessary logging sometimes during interpreter shutdown.
* Fix some crashes on 32-bit PPC MacOS. This is a very old platform,
and is only known to be tested on beta versions of an operating
system that was never released, using the GCC 14 only provided by
MacPorts; it may or may not work on the final MacOS X release that
supported 32-bit PowerPC. It has the known issue of leaking memory
when greenlets are used in multiple threads. Help debugging this
would be appreciated.
==== python-passlib ====
- Only run the full testsuite in openSUSE
==== toolbox ====
- Revert last change and update SLE/Leap Micro images to 5.5 (bsc#1227328)
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240924 -> 20240927)
bash (5.2.32 -> 5.2.37)
bluez
cairomm (1.16.1 -> 1.16.2)
chrony (4.5 -> 4.6)
curl (8.10.0 -> 8.10.1)
cyrus-sasl
expat
fwupd (1.9.24 -> 1.9.25)
gcc
gcr
gcr3
gettext-runtime
gstreamer (1.24.7 -> 1.24.8)
gstreamer-plugins-bad (1.24.7 -> 1.24.8)
gstreamer-plugins-base (1.24.7 -> 1.24.8)
gstreamer-plugins-good (1.24.7 -> 1.24.8)
gtk4 (4.16.1 -> 4.16.2)
gupnp (1.6.6 -> 1.6.7)
harfbuzz (9.0.0 -> 10.0.1)
kernel-source (6.10.11 -> 6.11.0)
libeconf (0.7.3 -> 0.7.4)
libmbim (1.28.4 -> 1.30.0)
libostree (2024.7 -> 2024.8)
libpeas
microos-tools (2.21+git13 -> 2.21+git16)
openssh (9.8p1 -> 9.9p1)
openssh-askpass-gnome (9.8p1 -> 9.9p1)
openssl-3
orc (0.4.39 -> 0.4.40)
pinentry
pinentry-gui
podman (5.2.2 -> 5.2.3)
python-Jinja2
python-oauthlib
python-pycurl
python-pyrsistent
python-pyserial
sddm
sddm-qt6
selinux-policy (20240912 -> 20240925)
systemd (256.5 -> 256.6)
timezone (2024a -> 2024b)
toolbox
transactional-update (4.8.2 -> 4.8.3)
xorg-x11-server
xwayland
=== Details ===
==== MicroOS-release ====
Version update (20240924 -> 20240927)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== bash ====
Version update (5.2.32 -> 5.2.37)
Subpackages: bash-sh
- Add upstream patches
* bash52-037
Fix the case where text to be completed from the line buffer (quoted) is
compared to the common prefix of the possible matches (unquoted) and the
quoting makes the former appear to be longer than the latter. Readline
assumes the match doesn't add any characters to the word and doesn't display
multiple matches.
* bash52-036
When readline is accumulating bytes until it reads a complete multibyte
character, reading a byte that makes the multibyte character invalid can
result in discarding the bytes in the partial character.
* bash52-035
There are systems that supply one of select or pselect, but not both.
* bash52-034
If we parse a compound assignment during an alias expansion, it's possible
to have the current input string popped out from underneath the parse. In
this case, we should not restore the input we were using when we began to
parse the compound assignment.
* bash52-033
A typo in the autoconf test for strtold causes false negatives for strtold
being available and working when compiled with gcc-14.
- Port patch bash-3.2-printf.patch to fit change in bash52-033
==== bluez ====
Subpackages: bluez-auto-enable-devices bluez-cups libbluetooth3
- add Fix-crash-after-bt_uhid_unregister_all.patch to fix crashes
when devices disconnect or go to sleep
==== cairomm ====
Version update (1.16.1 -> 1.16.2)
- update to version 1.16.2:
* meson.build: Avoid configuration warnings
* MSVC build: Support VS2022 builds
(Chun-wei Fan) Merge request !20
* Meson build: When mm-common >= 1.0.4 is used, Perl is not required
* Meson build: Specify 'check' option in run_command()
Will be necessary with future versions of Meson.
Require Meson >= 0.55.0
* Meson build: Avoid unnecessary configuration warnings
(Kjell Ahlstedt)
==== chrony ====
Version update (4.5 -> 4.6)
Subpackages: chrony-pool-openSUSE
- Update to version 4.6:
* Add activate option to local directive to set activation threshold
* Add ipv4 and ipv6 options to server/pool/peer directive
* Add kod option to ratelimit directive for server KoD RATE support
* Add leapseclist directive to read NIST/IERS leap-seconds.list file
* Add ptpdomain directive to set PTP domain for NTP over PTP
* Allow disabling pidfile
* Improve copy server option to accept unsynchronised status instantly
* Log one selection failure on start
* Add offset command to modify source offset correction
* Add timestamp sources to ntpdata report
* Fix crash on sources reload during initstepslew or RTC initialisation
* Fix source refreshment to not repeat failed name resolving attempts
* Obsoletes chrony-124-tai.patch
- The project's new home is https://chrony-project.org/ .
==== curl ====
Version update (8.10.0 -> 8.10.1)
Subpackages: libcurl4
- Update to 8.10.1:
* Bugfixes:
- autotools: fix `--with-ca-embed` build rule
- cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync
- cmake: fix MSH3 to appear on the feature list
- connect: store connection info when really done
- FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a
- http2: when uploading data from stdin, fix eos forwarding
- http: make max-filesize check not count ignored bodies
- lib: fix AF_INET6 use outside of USE_IPV6
- multi: check that the multi handle is valid in curl_multi_assign
- QUIC: on connect, keep on trying on draining server
- request: correctly reset the eos_sent flag
- setopt: remove superfluous use of ternary expressions
- singleuse: drop `Curl_memrchr()` for no-HTTP builds
- tool_cb_wrt: use "curl_response" if no file name in URL
- transfer: fix sendrecv() without interim poll
- vtls: fix `Curl_ssl_conn_config_match` doc param
==== cyrus-sasl ====
Subpackages: cyrus-sasl-gssapi libsasl2-3
- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 )
RC4 is legacy provided since openSSL3 and requires explicit loading, dDisable openssl3 depricated API warnings.
* Add cyrus-sasl-make-digestmd5-work-ssl3.patch
==== expat ====
- updated keyring [https://build.suse.de/request/show/345282]
- modified sources
% expat.keyring
==== fwupd ====
Version update (1.9.24 -> 1.9.25)
Subpackages: libfwupd2 typelib-1_0-Fwupd-2_0
- Update to version 1.9.25:
+ This release fixes the following bugs:
- Fix checking new Synaptics MST firmware size
- Make another ModemManager instance ID visible for firmware
matching
- Never set a zero-length device name when matching the vendor
name
- Recalculate the device supported flag when reparenting
devices
- Reduce idle power consumption of paired logitech-hidpp
devices
- Retry the open action to fix BC901 NVMe reload
+ This release adds support for the following hardware:
- Algoltek devices supporting sector erase
- Dell K2 dock
- Intel USB4 hub 5787
- More MediaTek scaler devices
- Nordic HID devices supporting DFUv1
==== gcc ====
- Ensure every -build package conflicts and provides the non-build
counterpart (related to boo#1230628)
- Make gcc-build-fortran provide and conflict gcc-fortran.
==== gcr ====
Subpackages: gcr-ssh-askpass libgck-2-2 libgcr-4-4 typelib-1_0-Gck-2 typelib-1_0-Gcr-4
- BuildRequire gettext-devel instead of gettext: allow OBS to
shortcut through gettext-runtime-mini.
==== gcr3 ====
Subpackages: gcr3-data gcr3-prompter gcr3-ssh-askpass libgck-1-0 libgcr-3-1
- BuildRequire gettext-devel instead of gettext: allow OBS to
shortcut through gettext-runtime-mini.
==== gettext-runtime ====
Subpackages: libtextstyle0
- Move envsubst requires into main package, gettext.sh is not part of
gettext-tools, but gettext-runtime (fixes boo#1227070)
==== gstreamer ====
Version update (1.24.7 -> 1.24.8)
Subpackages: libgstreamer-1_0-0 typelib-1_0-Gst-1_0
- Update to version 1.24.8:
+ Highlighted bugfixes:
- decodebin3: collection handling fixes
- encodebin: Fix pad removal (and smart rendering in
gst-editing-services)
- glimagesink: Fix cannot resize viewport when video size
changed in caps
- matroskamux, webmmux: fix firefox compatibility issue with
Opus audio streams
- mpegtsmux: Wait for data on all pads before deciding on a
best pad unless timing out
- splitmuxsink: Override LATENCY query to pretend to downstream
that we're not live
- video: QoS event handling improvements
- voamrwbenc: fix list of bitrates
- vtenc: Restart encoding session when certain errors are
detected
- wayland: Fix ABI break in WL context type name
- webrtcbin: Prevent crash when attempting to set answer on
invalid SDP
- cerbero: ship vp8/vp9 software encoders again, which went
missing in 1.24.7; ship transcode plugin
- Various bug fixes, memory leak fixes, and other stability and
reliability improvements
+ gstreamer:
- clock: Fix unchecked overflows in linear regression code
- meta: Add missing include of gststructure.h
- pad: Check data NULL-ness when probes are stopped
- aggregator: Immediately return NONE from
simple_get_next_time() on non-TIME segments
==== gstreamer-plugins-bad ====
Version update (1.24.7 -> 1.24.8)
Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0
- Update to version 1.24.8:
+ GstPlay: Name the different bus
+ GstPlay: check whether stream is seekable before seeking when
state change
+ GstPlayer: Check GstPlayerSignalDispatcher type
+ mpegtsmux: Wait for data on all pads before deciding on a best
pad unless timing out
+ mpegtsmux: Fix refcounting issue when selecting the best pad
+ uvcsink: fix caps event handling
+ v4l2codecs: h265: Minimize memory allocation
+ voamrwbenc: fix list of bitrates
+ vtenc: Restart encoding session when certain errors are
detected
+ wayland: Fix ABI break in WL context type name
+ webrtcbin: Prevent crash when attempting to set answer on
invalid SDP
+ wpe: fix gst-launch example
==== gstreamer-plugins-base ====
Version update (1.24.7 -> 1.24.8)
Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0
- Update to version 1.24.8:
+ decodebin3: Fix collection identity check
+ encodebin: Fix pad removal
+ glimagesink: Fix cannot resize viewport when video size changed
in caps
+ video: Don't overshoot QoS earliest time by a factor of 2
+ meson: gst-play: link to libm
- Drop gst-plugins-base-decodebin3-collection-identity-check.patch:
Fixed upstream.
- Rebase add_wayland_dep_to_tests.patch with quilt.
==== gstreamer-plugins-good ====
Version update (1.24.7 -> 1.24.8)
- Update to version 1.24.8:
+ jackaudiosrc: actually use the queried ports from JACK
+ matroskamux: Include end padding in the block duration for Opus
streams, fixing firefox compatibility
+ osxaudio: Avoid dangling pointer on shutdown
+ splitmuxsink: Override LATENCY query to pretend to downstream
that we're not live
+ v4l2bufferpool: actually queue back the empty buffer flagged
LAST
+ v4l2videoenc: unref buffer pool after usage properly
+ v4l2: encoder: Add dynamic framerate support
==== gtk4 ====
Version update (4.16.1 -> 4.16.2)
Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0
- Update to version 4.16.2:
+ GtkLabel: Fix centered text in RTL
+ Gsk:
- Speed up some Vulkan operations
- Improve startup speed by avoiding initialization of GL and
Vulkan in most cases
- Reduce critials at startup to warnings
- Fix a crash on startup with some Vulkan drivers
- Fix a big texture leak in NGL
+ Gdk: Speed up memory format conversions
+ Wayland: Be more careful with mimetypes during DND or
copy-paste
+ Tools: builder-tool: Improve conversion of boxes
+ Updated translations.
==== gupnp ====
Version update (1.6.6 -> 1.6.7)
- Update to version 1.6.7:
+ Fix compatiblity with libxml2 2.12.x
+ Improve reproducability
+ ControlPoint: Fix re-scan
+ ContextManager: Fix boot-id update
+ Context: Fix crash if served URI is not an IP address
- Drop 00514fb6.patch: Fixed upstream.
==== harfbuzz ====
Version update (9.0.0 -> 10.0.1)
Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0
- Update to version 10.0.1:
+ Relax sanitization checks for âmorxâ subtables to fix broken
AAT shaping of macOS 15.0 version of GeezaPro.
- Switch to source service for tarball.
- Update to version 10.0.0:
+ Unicode 16.0.0 support.
+ Various documentation fixes.
+ Various build fixes.
+ Add API to allow HarfBuzz client to set what glyph to use when
a Unicode Variation Selector is not supported by the font,
which would allow the client to customize what happens in this
case, by using a different font for example.
+ Add a callback to for âhb_face_tâ for getting the list of table
tags. This is now used to make calling
âhb_face_get_table_tags()â work on a faces created by
âhb_face_create_for_tables()â (e.g. faces returned by
âhb_subset_or_fail()â).
+ CGJ and Mongolian Variation Selectors are now ignored during
glyph positioning, previously they would block both glyph
substitution and positioning across them.
+ Support cairo script as an output format for âhb-viewâ command
line tool.
+ Drop an optimization that would cause HarfBuzz not apply pair
positioning lookup subtables under certain circumstances, for
compatibility with other implementations that do apply these
subtables.
+ Subsetting will now fail if source font has no glyphs, so
feeding the subsetter invalid data will not silently return an
empty face.
+ If after partially instancing a font no variation data is left
(the instance is fully static), donât consider this a failure.
+ Workaround a Firefox bug in displaying SVGs generated be
âhb-viewâ command line tool under certain circumstances.
+ Fix bug in macroman mapping for âcmapâ table.
+ Fix difference shaping output when HarfBuzz is built with with
âHB_NO_OT_RULESETS_FAST_PATHâ enabled.
+ Various subsetting and instancing fixes.
+ Various fuzzing fixes.
+ Add âwith_libstdcxxâ meson build option.
==== kernel-source ====
Version update (6.10.11 -> 6.11.0)
Subpackages: kernel-64kb kernel-default
- Revert "PCI: Extend ACS configurability" (bsc#1229019).
- commit 4b97d57
- block: Fix elv_iosched_local_module handling of "none" scheduler
(bsc#1230925).
- commit d8cfa46
- drm/amdgpu/display: Fix a mistake in revert commit (bsc#1228093
- commit 39574a1
- Refresh patches.suse/ALSA-hda-Enhance-pm_blacklist-option.patch.
- Refresh
patches.suse/ALSA-hda-Keep-PM-disablement-for-deny-listed-instanc.patch.
Update upstream status.
- commit 2244c0f
==== libeconf ====
Version update (0.7.3 -> 0.7.4)
- Update to version 0.7.4:
* Fixed memory leaks (#219)
* Fixed: econf_readDirs crashes if one of the paths is NULL (#211)
* Added links to man page. E.g. "man econf_readConfig" is working now.
* Handle groups correctly which do not have any key entry.
==== libmbim ====
Version update (1.28.4 -> 1.30.0)
- Update to version 1.30.0:
+ New Intel Mutual Authentication service
+ New Intel Tools service
+ New Google service
+ Extended the Microsoft-defined Basic Connect Extensions service
- Drop patches included upstream:
+ 0001-intel-mutual-authentication-new-service-fcc-lock.patch
+ 0002-intel-tools-new-service-trace-config.patch
==== libostree ====
Version update (2024.7 -> 2024.8)
Subpackages: libostree-1-1
- Update to version 2024.8:
+ Adapt to a change in libcurl 8.10.1 that caused ostree to start
crashing.
+ switchroot: Stop making /sysroot mount private.
==== libpeas ====
- BuildRequire gettext-devel instead of gettext: allow OBS to
shortcut through gettext-runtime-mini.
==== microos-tools ====
Version update (2.21+git13 -> 2.21+git16)
- Update to version 2.21+git16:
* selinux: Avoid parameter duplication
* 98selinux-microos: Use a single thread for relabelling /etc
* Use all cores for SELinux restorecon (related to jsc#SMO-382)
- _service: Omit +git0 suffix in versions
==== openssh ====
Version update (9.8p1 -> 9.9p1)
Subpackages: openssh-clients openssh-common openssh-server
- Add a const to the openssl 1.1/RSA section of sshkey_is_private
to keep it similar to what it used before the 9.9 rebase:
* openssh-8.1p1-audit.patch
- Add a openssl11 bcond to the spec file for the SLE12 case
instead of checking suse_version in different parts.
- Move conditional patches to a number >= 1000.
- Update to openssh 9.9p1:
= Future deprecation notice
* OpenSSH plans to remove support for the DSA signature algorithm
in early 2025. This release disables DSA by default at compile
time. DSA, as specified in the SSHv2 protocol, is inherently
weak - being limited to a 160 bit private key and use of the
SHA1 digest. Its estimated security level is only 80 bits
symmetric equivalent.
OpenSSH has disabled DSA keys by default since 2015 but has
retained run-time optional support for them. DSA was the only
mandatory-to-implement algorithm in the SSHv2 RFCs, mostly
because alternative algorithms were encumbered by patents when
the SSHv2 protocol was specified.
This has not been the case for decades at this point and better
algorithms are well supported by all actively-maintained SSH
implementations. We do not consider the costs of maintaining
DSA in OpenSSH to be justified and hope that removing it from
OpenSSH can accelerate its wider deprecation in supporting
cryptography libraries.
= Potentially-incompatible changes
* ssh(1): remove support for pre-authentication compression.
OpenSSH has only supported post-authentication compression in
the server for some years. Compression before authentication
significantly increases the attack surface of SSH servers and
risks creating oracles that reveal information about
information sent during authentication.
* ssh(1), sshd(8): processing of the arguments to the "Match"
configuration directive now follows more shell-like rules for
quoted strings, including allowing nested quotes and \-escaped
characters. If configurations contained workarounds for the
previous simplistic quote handling then they may need to be
adjusted. If this is the case, it's most likely to be in the
arguments to a "Match exec" confition. In this case, moving the
command to be evaluated from the Match line to an external
shell script is easiest way to preserve compatibility with both
the old and new versions.
= New features
* ssh(1), sshd(8): add support for a new hybrid post-quantum key
exchange based on the FIPS 203 Module-Lattice Key Enapsulation
mechanism (ML-KEM) combined with X25519 ECDH as described by
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
This algorithm "mlkem768x25519-sha256" is available by default.
* ssh(1): the ssh_config "Include" directive can now expand
environment as well as the same set of %-tokens "Match Exec"
supports.
* sshd(8): add a sshd_config "RefuseConnection" option that, if
set will terminate the connection at the first authentication
request.
* sshd(8): add a "refuseconnection" penalty class to sshd_config
PerSourcePenalties that is applied when a connection is dropped
by the new RefuseConnection keyword.
* sshd(8): add a "Match invalid-user" predicate to sshd_config
Match options that matches when the target username is not
valid on the server.
* ssh(1), sshd(8): update the Streamlined NTRUPrime code to a
substantially faster implementation.
* ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key
exchange algorithm now has an IANA-assigned name in addition to
the "@openssh.com" vendor extension name. This algorithm is now
also available under this name "sntrup761x25519-sha512"
* ssh(1), sshd(8), ssh-agent(1): prevent private keys from being
included in core dump files for most of their lifespans. This
is in addition to pre-existing controls in ssh-agent(1) and
sshd(8) that prevented coredumps. This feature is supported on
OpenBSD, Linux and FreeBSD.
* All: convert key handling to use the libcrypto EVP_PKEY API,
with the exception of DSA.
* sshd(8): add a random amount of jitter (up to 4 seconds) to the
grace login time to make its expiry unpredictable.
= Bugfixes
* sshd(8): relax absolute path requirement back to what it was
prior to OpenSSH 9.8, which incorrectly required that sshd was
started with an absolute path in inetd mode. bz3717
* sshd(8): fix regression introduced in openssh-9.8 that swapped
the order of source and destination addresses in some sshd log
messages.
* sshd(8): do not apply authorized_keys options when signature
verification fails. Prevents more restrictive key options being
incorrectly applied to subsequent keys in authorized_keys.
bz3733
* ssh-keygen(1): include pathname in some of ssh-keygen's
passphrase prompts. Helps the user know what's going on when
ssh-keygen is invoked via other tools. Requested in GHPR503
* ssh(1), ssh-add(1): make parsing user@host consistently look
for the last '@' in the string rather than the first. This
makes it possible to more consistently use usernames that
contain '@' characters.
* ssh(1), sshd(8): be more strict in parsing key type names. Only
allow short names (e.g "rsa") in user-interface code and
require full SSH protocol names (e.g. "ssh-rsa") everywhere
else. bz3725
* regress: many performance and correctness improvements to the
re-keying regression test.
... changelog too long, skipping 41 lines ...
- Use gcc11 when building in SLE12 and SLE15.
==== openssh-askpass-gnome ====
Version update (9.8p1 -> 9.9p1)
- Update to openssh 9.9p1:
* No changes for askpass, see main package changelog for
details.
==== openssl-3 ====
Subpackages: libopenssl3
- Security fix: [bsc#1230698, CVE-2024-41996]
* Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used
* Added openssl-CVE-2024-41996.patch
==== orc ====
Version update (0.4.39 -> 0.4.40)
- Update to version 0.4.40:
+ Security: Minor follow-up fixes for CVE-2024-40897
+ Fix include header use from C++
+ orccodemem: Assorted memory mapping fixes
+ powerpc: fix div255w which still used the inexact substitution
+ powerpc: Disable VSX and ISA 2.07 for Apple targets
+ powerpc: Allow detection of ppc64 in Mac OS
+ x86: work around old GCC versions (pre 9.0) having broken
xgetbv implementationsv
+ x86: consider MSYS2/Cygwin as Windows for ABI purposes only
+ x86: handle unnatural and misaligned array pointers
+ x86: Fix non-C11 typedefs
+ x86: try fixing AVX detection again by adding check for XSAVE
+ Some compatibility fixes for Musl
+ meson: Fix detecting XSAVE on older AppleClangv
+ Check return values of malloc() and realloc()
==== pinentry ====
- Make pinentry-efl optional
==== pinentry-gui ====
Subpackages: pinentry-gnome3 pinentry-qt6
- Make pinentry-efl optional
==== podman ====
Version update (5.2.2 -> 5.2.3)
- Update to version 5.2.3:
* Bugfixes
- Fixed a bug that could cause network namespaces to fail to
unmount, resulting in Podman commands hanging.
- Fixed a bug where Podman could not run images which included
SCTP exposed ports.
- Fixed a bug where containers run by the root user, but inside
a user namespace (including inside a container), could not
use the pasta network mode.
- Fixed a bug where volume copy-up did not properly chown empty
volumes when the :idmap mount option was used.
* Misc
- Updated Buildah to v1.37.3
==== python-Jinja2 ====
- Fix build error under Leap.
==== python-oauthlib ====
- Fix build error under Leap.
==== python-pycurl ====
- Add upstream patch test-bottle-flask.patch to use Flask instead of
bottle for tests.
gh#pycurl/pycurl#838
==== python-pyrsistent ====
- Fix build error under Leap.
==== python-pyserial ====
- Fix build error under Leap.
==== sddm ====
- Move default value for [Autologin] Session
0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch
to 00-general.conf
- Add patches to make autologin with wayland more reliable (boo#1221507):
* 0001-Remove-unused-Display-m_relogin-variable.patch
* 0002-Set-Display-m_started-early.patch
* 0003-Load-autologin-configuration-in-Display-Display.patch
* 0004-Reset-daemonApp-first-in-the-Display-constructor.patch
* 0005-If-autologin-is-used-avoid-starting-a-display-server.patch
- Rebase 0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch
==== sddm-qt6 ====
Subpackages: sddm-greeter-qt6
- Move default value for [Autologin] Session
0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch
to 00-general.conf
- Add patches to make autologin with wayland more reliable (boo#1221507):
* 0001-Remove-unused-Display-m_relogin-variable.patch
* 0002-Set-Display-m_started-early.patch
* 0003-Load-autologin-configuration-in-Display-Display.patch
* 0004-Reset-daemonApp-first-in-the-Display-constructor.patch
* 0005-If-autologin-is-used-avoid-starting-a-display-server.patch
- Rebase 0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch
==== selinux-policy ====
Version update (20240912 -> 20240925)
Subpackages: selinux-policy-targeted
- Update to version 20240925:
* Allow snapperd to manage unlabeled_t files (bsc#1230966)
- Update to version 20240924:
* Revert "Allow virtstoraged to manage images (bsc#1228742)"
* Label /etc/mdevctl.d with mdevctl_conf_t
* Sync users with Fedora targeted users
* Update policy for rpc-virtstorage
* Allow virtstoraged get attributes of configfs dirs
* Fix SELinux policy for sandbox X server to fix 'sandbox -X' command
* Update bootupd policy when ESP is not mounted
* Allow thumb_t map dri devices
* Allow samba use the io_uring API
* Allow the sysadm user use the secretmem API
* Allow nut-upsmon read systemd-logind session files
* Allow sysadm_t to create PF_KEY sockets
* Update bootupd policy for the removing-state-file test
- Fix macros.selinux-policy (bsc#1230897)
- %selinux_relabel_post should not relabel files in
transactional systems in %post as the policy is not loaded
into the kernel directly after install, instead the relabelling
will happen on the next boot
==== systemd ====
Version update (256.5 -> 256.6)
Subpackages: libsystemd0 libudev1 systemd-boot systemd-experimental udev
- Import commit 8a0ae4d90aff1d067a125ff9366eafc7dd5d4701 (merge of v256.6)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/bef0958f4db1b774c23505e93537ffe…
- Don't try to restart the udev socket units anymore (bsc#1228809)
There's currently no way to restart a socket activable service and its socket
units "atomically" and safely.
- Move 80-container-host0.network back to the network sub-package (bsc#1229098)
Rev 428 mistakenly moved it to the container sub-package.
==== timezone ====
Version update (2024a -> 2024b)
- Update to 2024b:
* Improve historical data for Mexico, Mongolia, and Portugal.
* System V names are now obsolescent.
* The main data form now uses %z.
* The code now conforms to RFC 8536 for early timestamps.
* Support POSIX.1-2024, which removes asctime_r and ctime_r.
* Assume POSIX.2-1992 or later for shell scripts.
* SUPPORT_C89 now defaults to 1.
==== toolbox ====
- Update SLE/Leap Micro images from 5.4 to 6.0 (bsc#1227328)
==== transactional-update ====
Version update (4.8.2 -> 4.8.3)
Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit tukitd
- Version 4.8.3
- Check return value of register command [bsc#1230901]
==== xorg-x11-server ====
Subpackages: xorg-x11-server-Xvfb
- added conflicts to patterns-wsl-tmpfiles to Xserver packages
as this patterns package creates a symlink from /tmp/.X11-unix to
/mnt/wslg/.X11-unix and therefore prevents Xservers from creating
this needed directory (bsc#1230755)
==== xwayland ====
- added conflicts to patterns-wsl-tmpfiles as this patterns package
creates a symlink from /tmp/.X11-unix to /mnt/wslg/.X11-unix and
therefore prevents Xwayland from creating this needed directory
(bsc#1230755)
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240926 -> 20240927)
expat
libeconf (0.7.3 -> 0.7.4)
timezone (2024a -> 2024b)
=== Details ===
==== MicroOS-release ====
Version update (20240926 -> 20240927)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== expat ====
- updated keyring [https://build.suse.de/request/show/345282]
- modified sources
% expat.keyring
==== libeconf ====
Version update (0.7.3 -> 0.7.4)
- Update to version 0.7.4:
* Fixed memory leaks (#219)
* Fixed: econf_readDirs crashes if one of the paths is NULL (#211)
* Added links to man page. E.g. "man econf_readConfig" is working now.
* Handle groups correctly which do not have any key entry.
==== timezone ====
Version update (2024a -> 2024b)
- Update to 2024b:
* Improve historical data for Mexico, Mongolia, and Portugal.
* System V names are now obsolescent.
* The main data form now uses %z.
* The code now conforms to RFC 8536 for early timestamps.
* Support POSIX.1-2024, which removes asctime_r and ctime_r.
* Assume POSIX.2-1992 or later for shell scripts.
* SUPPORT_C89 now defaults to 1.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240924 -> 20240926)
bash (5.2.32 -> 5.2.37)
bluez
cairomm (1.16.1 -> 1.16.2)
chrony (4.5 -> 4.6)
curl (8.10.0 -> 8.10.1)
cyrus-sasl
fwupd (1.9.24 -> 1.9.25)
gcc
gcr
gcr3
gettext-runtime
gstreamer (1.24.7 -> 1.24.8)
gstreamer-plugins-bad (1.24.7 -> 1.24.8)
gstreamer-plugins-base (1.24.7 -> 1.24.8)
gstreamer-plugins-good (1.24.7 -> 1.24.8)
gtk4 (4.16.1 -> 4.16.2)
gupnp (1.6.6 -> 1.6.7)
harfbuzz (9.0.0 -> 10.0.1)
kernel-source (6.10.11 -> 6.11.0)
libmbim (1.28.4 -> 1.30.0)
libostree (2024.7 -> 2024.8)
libpeas
microos-tools (2.21+git13 -> 2.21+git16)
openssh (9.8p1 -> 9.9p1)
openssh-askpass-gnome (9.8p1 -> 9.9p1)
openssl-3
orc (0.4.39 -> 0.4.40)
pinentry
pinentry-gui
podman (5.2.2 -> 5.2.3)
python-Jinja2
python-oauthlib
python-pycurl
python-pyrsistent
python-pyserial
sddm
sddm-qt6
selinux-policy (20240912 -> 20240925)
systemd (256.5 -> 256.6)
toolbox
transactional-update (4.8.2 -> 4.8.3)
xorg-x11-server
xwayland
=== Details ===
==== MicroOS-release ====
Version update (20240924 -> 20240926)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== bash ====
Version update (5.2.32 -> 5.2.37)
Subpackages: bash-sh
- Add upstream patches
* bash52-037
Fix the case where text to be completed from the line buffer (quoted) is
compared to the common prefix of the possible matches (unquoted) and the
quoting makes the former appear to be longer than the latter. Readline
assumes the match doesn't add any characters to the word and doesn't display
multiple matches.
* bash52-036
When readline is accumulating bytes until it reads a complete multibyte
character, reading a byte that makes the multibyte character invalid can
result in discarding the bytes in the partial character.
* bash52-035
There are systems that supply one of select or pselect, but not both.
* bash52-034
If we parse a compound assignment during an alias expansion, it's possible
to have the current input string popped out from underneath the parse. In
this case, we should not restore the input we were using when we began to
parse the compound assignment.
* bash52-033
A typo in the autoconf test for strtold causes false negatives for strtold
being available and working when compiled with gcc-14.
- Port patch bash-3.2-printf.patch to fit change in bash52-033
==== bluez ====
Subpackages: bluez-auto-enable-devices bluez-cups libbluetooth3
- add Fix-crash-after-bt_uhid_unregister_all.patch to fix crashes
when devices disconnect or go to sleep
==== cairomm ====
Version update (1.16.1 -> 1.16.2)
- update to version 1.16.2:
* meson.build: Avoid configuration warnings
* MSVC build: Support VS2022 builds
(Chun-wei Fan) Merge request !20
* Meson build: When mm-common >= 1.0.4 is used, Perl is not required
* Meson build: Specify 'check' option in run_command()
Will be necessary with future versions of Meson.
Require Meson >= 0.55.0
* Meson build: Avoid unnecessary configuration warnings
(Kjell Ahlstedt)
==== chrony ====
Version update (4.5 -> 4.6)
Subpackages: chrony-pool-openSUSE
- Update to version 4.6:
* Add activate option to local directive to set activation threshold
* Add ipv4 and ipv6 options to server/pool/peer directive
* Add kod option to ratelimit directive for server KoD RATE support
* Add leapseclist directive to read NIST/IERS leap-seconds.list file
* Add ptpdomain directive to set PTP domain for NTP over PTP
* Allow disabling pidfile
* Improve copy server option to accept unsynchronised status instantly
* Log one selection failure on start
* Add offset command to modify source offset correction
* Add timestamp sources to ntpdata report
* Fix crash on sources reload during initstepslew or RTC initialisation
* Fix source refreshment to not repeat failed name resolving attempts
* Obsoletes chrony-124-tai.patch
- The project's new home is https://chrony-project.org/ .
==== curl ====
Version update (8.10.0 -> 8.10.1)
Subpackages: libcurl4
- Update to 8.10.1:
* Bugfixes:
- autotools: fix `--with-ca-embed` build rule
- cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync
- cmake: fix MSH3 to appear on the feature list
- connect: store connection info when really done
- FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a
- http2: when uploading data from stdin, fix eos forwarding
- http: make max-filesize check not count ignored bodies
- lib: fix AF_INET6 use outside of USE_IPV6
- multi: check that the multi handle is valid in curl_multi_assign
- QUIC: on connect, keep on trying on draining server
- request: correctly reset the eos_sent flag
- setopt: remove superfluous use of ternary expressions
- singleuse: drop `Curl_memrchr()` for no-HTTP builds
- tool_cb_wrt: use "curl_response" if no file name in URL
- transfer: fix sendrecv() without interim poll
- vtls: fix `Curl_ssl_conn_config_match` doc param
==== cyrus-sasl ====
Subpackages: cyrus-sasl-gssapi libsasl2-3
- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 )
RC4 is legacy provided since openSSL3 and requires explicit loading, dDisable openssl3 depricated API warnings.
* Add cyrus-sasl-make-digestmd5-work-ssl3.patch
==== fwupd ====
Version update (1.9.24 -> 1.9.25)
Subpackages: libfwupd2 typelib-1_0-Fwupd-2_0
- Update to version 1.9.25:
+ This release fixes the following bugs:
- Fix checking new Synaptics MST firmware size
- Make another ModemManager instance ID visible for firmware
matching
- Never set a zero-length device name when matching the vendor
name
- Recalculate the device supported flag when reparenting
devices
- Reduce idle power consumption of paired logitech-hidpp
devices
- Retry the open action to fix BC901 NVMe reload
+ This release adds support for the following hardware:
- Algoltek devices supporting sector erase
- Dell K2 dock
- Intel USB4 hub 5787
- More MediaTek scaler devices
- Nordic HID devices supporting DFUv1
==== gcc ====
- Ensure every -build package conflicts and provides the non-build
counterpart (related to boo#1230628)
- Make gcc-build-fortran provide and conflict gcc-fortran.
==== gcr ====
Subpackages: gcr-ssh-askpass libgck-2-2 libgcr-4-4 typelib-1_0-Gck-2 typelib-1_0-Gcr-4
- BuildRequire gettext-devel instead of gettext: allow OBS to
shortcut through gettext-runtime-mini.
==== gcr3 ====
Subpackages: gcr3-data gcr3-prompter gcr3-ssh-askpass libgck-1-0 libgcr-3-1
- BuildRequire gettext-devel instead of gettext: allow OBS to
shortcut through gettext-runtime-mini.
==== gettext-runtime ====
Subpackages: libtextstyle0
- Move envsubst requires into main package, gettext.sh is not part of
gettext-tools, but gettext-runtime (fixes boo#1227070)
==== gstreamer ====
Version update (1.24.7 -> 1.24.8)
Subpackages: libgstreamer-1_0-0 typelib-1_0-Gst-1_0
- Update to version 1.24.8:
+ Highlighted bugfixes:
- decodebin3: collection handling fixes
- encodebin: Fix pad removal (and smart rendering in
gst-editing-services)
- glimagesink: Fix cannot resize viewport when video size
changed in caps
- matroskamux, webmmux: fix firefox compatibility issue with
Opus audio streams
- mpegtsmux: Wait for data on all pads before deciding on a
best pad unless timing out
- splitmuxsink: Override LATENCY query to pretend to downstream
that we're not live
- video: QoS event handling improvements
- voamrwbenc: fix list of bitrates
- vtenc: Restart encoding session when certain errors are
detected
- wayland: Fix ABI break in WL context type name
- webrtcbin: Prevent crash when attempting to set answer on
invalid SDP
- cerbero: ship vp8/vp9 software encoders again, which went
missing in 1.24.7; ship transcode plugin
- Various bug fixes, memory leak fixes, and other stability and
reliability improvements
+ gstreamer:
- clock: Fix unchecked overflows in linear regression code
- meta: Add missing include of gststructure.h
- pad: Check data NULL-ness when probes are stopped
- aggregator: Immediately return NONE from
simple_get_next_time() on non-TIME segments
==== gstreamer-plugins-bad ====
Version update (1.24.7 -> 1.24.8)
Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0
- Update to version 1.24.8:
+ GstPlay: Name the different bus
+ GstPlay: check whether stream is seekable before seeking when
state change
+ GstPlayer: Check GstPlayerSignalDispatcher type
+ mpegtsmux: Wait for data on all pads before deciding on a best
pad unless timing out
+ mpegtsmux: Fix refcounting issue when selecting the best pad
+ uvcsink: fix caps event handling
+ v4l2codecs: h265: Minimize memory allocation
+ voamrwbenc: fix list of bitrates
+ vtenc: Restart encoding session when certain errors are
detected
+ wayland: Fix ABI break in WL context type name
+ webrtcbin: Prevent crash when attempting to set answer on
invalid SDP
+ wpe: fix gst-launch example
==== gstreamer-plugins-base ====
Version update (1.24.7 -> 1.24.8)
Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0
- Update to version 1.24.8:
+ decodebin3: Fix collection identity check
+ encodebin: Fix pad removal
+ glimagesink: Fix cannot resize viewport when video size changed
in caps
+ video: Don't overshoot QoS earliest time by a factor of 2
+ meson: gst-play: link to libm
- Drop gst-plugins-base-decodebin3-collection-identity-check.patch:
Fixed upstream.
- Rebase add_wayland_dep_to_tests.patch with quilt.
==== gstreamer-plugins-good ====
Version update (1.24.7 -> 1.24.8)
- Update to version 1.24.8:
+ jackaudiosrc: actually use the queried ports from JACK
+ matroskamux: Include end padding in the block duration for Opus
streams, fixing firefox compatibility
+ osxaudio: Avoid dangling pointer on shutdown
+ splitmuxsink: Override LATENCY query to pretend to downstream
that we're not live
+ v4l2bufferpool: actually queue back the empty buffer flagged
LAST
+ v4l2videoenc: unref buffer pool after usage properly
+ v4l2: encoder: Add dynamic framerate support
==== gtk4 ====
Version update (4.16.1 -> 4.16.2)
Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0
- Update to version 4.16.2:
+ GtkLabel: Fix centered text in RTL
+ Gsk:
- Speed up some Vulkan operations
- Improve startup speed by avoiding initialization of GL and
Vulkan in most cases
- Reduce critials at startup to warnings
- Fix a crash on startup with some Vulkan drivers
- Fix a big texture leak in NGL
+ Gdk: Speed up memory format conversions
+ Wayland: Be more careful with mimetypes during DND or
copy-paste
+ Tools: builder-tool: Improve conversion of boxes
+ Updated translations.
==== gupnp ====
Version update (1.6.6 -> 1.6.7)
- Update to version 1.6.7:
+ Fix compatiblity with libxml2 2.12.x
+ Improve reproducability
+ ControlPoint: Fix re-scan
+ ContextManager: Fix boot-id update
+ Context: Fix crash if served URI is not an IP address
- Drop 00514fb6.patch: Fixed upstream.
==== harfbuzz ====
Version update (9.0.0 -> 10.0.1)
Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0
- Update to version 10.0.1:
+ Relax sanitization checks for âmorxâ subtables to fix broken
AAT shaping of macOS 15.0 version of GeezaPro.
- Switch to source service for tarball.
- Update to version 10.0.0:
+ Unicode 16.0.0 support.
+ Various documentation fixes.
+ Various build fixes.
+ Add API to allow HarfBuzz client to set what glyph to use when
a Unicode Variation Selector is not supported by the font,
which would allow the client to customize what happens in this
case, by using a different font for example.
+ Add a callback to for âhb_face_tâ for getting the list of table
tags. This is now used to make calling
âhb_face_get_table_tags()â work on a faces created by
âhb_face_create_for_tables()â (e.g. faces returned by
âhb_subset_or_fail()â).
+ CGJ and Mongolian Variation Selectors are now ignored during
glyph positioning, previously they would block both glyph
substitution and positioning across them.
+ Support cairo script as an output format for âhb-viewâ command
line tool.
+ Drop an optimization that would cause HarfBuzz not apply pair
positioning lookup subtables under certain circumstances, for
compatibility with other implementations that do apply these
subtables.
+ Subsetting will now fail if source font has no glyphs, so
feeding the subsetter invalid data will not silently return an
empty face.
+ If after partially instancing a font no variation data is left
(the instance is fully static), donât consider this a failure.
+ Workaround a Firefox bug in displaying SVGs generated be
âhb-viewâ command line tool under certain circumstances.
+ Fix bug in macroman mapping for âcmapâ table.
+ Fix difference shaping output when HarfBuzz is built with with
âHB_NO_OT_RULESETS_FAST_PATHâ enabled.
+ Various subsetting and instancing fixes.
+ Various fuzzing fixes.
+ Add âwith_libstdcxxâ meson build option.
==== kernel-source ====
Version update (6.10.11 -> 6.11.0)
- Revert "PCI: Extend ACS configurability" (bsc#1229019).
- commit 4b97d57
- block: Fix elv_iosched_local_module handling of "none" scheduler
(bsc#1230925).
- commit d8cfa46
- drm/amdgpu/display: Fix a mistake in revert commit (bsc#1228093
- commit 39574a1
- Refresh patches.suse/ALSA-hda-Enhance-pm_blacklist-option.patch.
- Refresh
patches.suse/ALSA-hda-Keep-PM-disablement-for-deny-listed-instanc.patch.
Update upstream status.
- commit 2244c0f
==== libmbim ====
Version update (1.28.4 -> 1.30.0)
- Update to version 1.30.0:
+ New Intel Mutual Authentication service
+ New Intel Tools service
+ New Google service
+ Extended the Microsoft-defined Basic Connect Extensions service
- Drop patches included upstream:
+ 0001-intel-mutual-authentication-new-service-fcc-lock.patch
+ 0002-intel-tools-new-service-trace-config.patch
==== libostree ====
Version update (2024.7 -> 2024.8)
Subpackages: libostree-1-1
- Update to version 2024.8:
+ Adapt to a change in libcurl 8.10.1 that caused ostree to start
crashing.
+ switchroot: Stop making /sysroot mount private.
==== libpeas ====
- BuildRequire gettext-devel instead of gettext: allow OBS to
shortcut through gettext-runtime-mini.
==== microos-tools ====
Version update (2.21+git13 -> 2.21+git16)
- Update to version 2.21+git16:
* selinux: Avoid parameter duplication
* 98selinux-microos: Use a single thread for relabelling /etc
* Use all cores for SELinux restorecon (related to jsc#SMO-382)
- _service: Omit +git0 suffix in versions
==== openssh ====
Version update (9.8p1 -> 9.9p1)
Subpackages: openssh-clients openssh-common openssh-server
- Add a const to the openssl 1.1/RSA section of sshkey_is_private
to keep it similar to what it used before the 9.9 rebase:
* openssh-8.1p1-audit.patch
- Add a openssl11 bcond to the spec file for the SLE12 case
instead of checking suse_version in different parts.
- Move conditional patches to a number >= 1000.
- Update to openssh 9.9p1:
= Future deprecation notice
* OpenSSH plans to remove support for the DSA signature algorithm
in early 2025. This release disables DSA by default at compile
time. DSA, as specified in the SSHv2 protocol, is inherently
weak - being limited to a 160 bit private key and use of the
SHA1 digest. Its estimated security level is only 80 bits
symmetric equivalent.
OpenSSH has disabled DSA keys by default since 2015 but has
retained run-time optional support for them. DSA was the only
mandatory-to-implement algorithm in the SSHv2 RFCs, mostly
because alternative algorithms were encumbered by patents when
the SSHv2 protocol was specified.
This has not been the case for decades at this point and better
algorithms are well supported by all actively-maintained SSH
implementations. We do not consider the costs of maintaining
DSA in OpenSSH to be justified and hope that removing it from
OpenSSH can accelerate its wider deprecation in supporting
cryptography libraries.
= Potentially-incompatible changes
* ssh(1): remove support for pre-authentication compression.
OpenSSH has only supported post-authentication compression in
the server for some years. Compression before authentication
significantly increases the attack surface of SSH servers and
risks creating oracles that reveal information about
information sent during authentication.
* ssh(1), sshd(8): processing of the arguments to the "Match"
configuration directive now follows more shell-like rules for
quoted strings, including allowing nested quotes and \-escaped
characters. If configurations contained workarounds for the
previous simplistic quote handling then they may need to be
adjusted. If this is the case, it's most likely to be in the
arguments to a "Match exec" confition. In this case, moving the
command to be evaluated from the Match line to an external
shell script is easiest way to preserve compatibility with both
the old and new versions.
= New features
* ssh(1), sshd(8): add support for a new hybrid post-quantum key
exchange based on the FIPS 203 Module-Lattice Key Enapsulation
mechanism (ML-KEM) combined with X25519 ECDH as described by
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
This algorithm "mlkem768x25519-sha256" is available by default.
* ssh(1): the ssh_config "Include" directive can now expand
environment as well as the same set of %-tokens "Match Exec"
supports.
* sshd(8): add a sshd_config "RefuseConnection" option that, if
set will terminate the connection at the first authentication
request.
* sshd(8): add a "refuseconnection" penalty class to sshd_config
PerSourcePenalties that is applied when a connection is dropped
by the new RefuseConnection keyword.
* sshd(8): add a "Match invalid-user" predicate to sshd_config
Match options that matches when the target username is not
valid on the server.
* ssh(1), sshd(8): update the Streamlined NTRUPrime code to a
substantially faster implementation.
* ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key
exchange algorithm now has an IANA-assigned name in addition to
the "@openssh.com" vendor extension name. This algorithm is now
also available under this name "sntrup761x25519-sha512"
* ssh(1), sshd(8), ssh-agent(1): prevent private keys from being
included in core dump files for most of their lifespans. This
is in addition to pre-existing controls in ssh-agent(1) and
sshd(8) that prevented coredumps. This feature is supported on
OpenBSD, Linux and FreeBSD.
* All: convert key handling to use the libcrypto EVP_PKEY API,
with the exception of DSA.
* sshd(8): add a random amount of jitter (up to 4 seconds) to the
grace login time to make its expiry unpredictable.
= Bugfixes
* sshd(8): relax absolute path requirement back to what it was
prior to OpenSSH 9.8, which incorrectly required that sshd was
started with an absolute path in inetd mode. bz3717
* sshd(8): fix regression introduced in openssh-9.8 that swapped
the order of source and destination addresses in some sshd log
messages.
* sshd(8): do not apply authorized_keys options when signature
verification fails. Prevents more restrictive key options being
incorrectly applied to subsequent keys in authorized_keys.
bz3733
* ssh-keygen(1): include pathname in some of ssh-keygen's
passphrase prompts. Helps the user know what's going on when
ssh-keygen is invoked via other tools. Requested in GHPR503
* ssh(1), ssh-add(1): make parsing user@host consistently look
for the last '@' in the string rather than the first. This
makes it possible to more consistently use usernames that
contain '@' characters.
* ssh(1), sshd(8): be more strict in parsing key type names. Only
allow short names (e.g "rsa") in user-interface code and
require full SSH protocol names (e.g. "ssh-rsa") everywhere
else. bz3725
* regress: many performance and correctness improvements to the
re-keying regression test.
... changelog too long, skipping 41 lines ...
- Use gcc11 when building in SLE12 and SLE15.
==== openssh-askpass-gnome ====
Version update (9.8p1 -> 9.9p1)
- Update to openssh 9.9p1:
* No changes for askpass, see main package changelog for
details.
==== openssl-3 ====
Subpackages: libopenssl3
- Security fix: [bsc#1230698, CVE-2024-41996]
* Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used
* Added openssl-CVE-2024-41996.patch
==== orc ====
Version update (0.4.39 -> 0.4.40)
- Update to version 0.4.40:
+ Security: Minor follow-up fixes for CVE-2024-40897
+ Fix include header use from C++
+ orccodemem: Assorted memory mapping fixes
+ powerpc: fix div255w which still used the inexact substitution
+ powerpc: Disable VSX and ISA 2.07 for Apple targets
+ powerpc: Allow detection of ppc64 in Mac OS
+ x86: work around old GCC versions (pre 9.0) having broken
xgetbv implementationsv
+ x86: consider MSYS2/Cygwin as Windows for ABI purposes only
+ x86: handle unnatural and misaligned array pointers
+ x86: Fix non-C11 typedefs
+ x86: try fixing AVX detection again by adding check for XSAVE
+ Some compatibility fixes for Musl
+ meson: Fix detecting XSAVE on older AppleClangv
+ Check return values of malloc() and realloc()
==== pinentry ====
- Make pinentry-efl optional
==== pinentry-gui ====
Subpackages: pinentry-gnome3 pinentry-qt6
- Make pinentry-efl optional
==== podman ====
Version update (5.2.2 -> 5.2.3)
- Update to version 5.2.3:
* Bugfixes
- Fixed a bug that could cause network namespaces to fail to
unmount, resulting in Podman commands hanging.
- Fixed a bug where Podman could not run images which included
SCTP exposed ports.
- Fixed a bug where containers run by the root user, but inside
a user namespace (including inside a container), could not
use the pasta network mode.
- Fixed a bug where volume copy-up did not properly chown empty
volumes when the :idmap mount option was used.
* Misc
- Updated Buildah to v1.37.3
==== python-Jinja2 ====
- Fix build error under Leap.
==== python-oauthlib ====
- Fix build error under Leap.
==== python-pycurl ====
- Add upstream patch test-bottle-flask.patch to use Flask instead of
bottle for tests.
gh#pycurl/pycurl#838
==== python-pyrsistent ====
- Fix build error under Leap.
==== python-pyserial ====
- Fix build error under Leap.
==== sddm ====
- Move default value for [Autologin] Session
0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch
to 00-general.conf
- Add patches to make autologin with wayland more reliable (boo#1221507):
* 0001-Remove-unused-Display-m_relogin-variable.patch
* 0002-Set-Display-m_started-early.patch
* 0003-Load-autologin-configuration-in-Display-Display.patch
* 0004-Reset-daemonApp-first-in-the-Display-constructor.patch
* 0005-If-autologin-is-used-avoid-starting-a-display-server.patch
- Rebase 0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch
==== sddm-qt6 ====
Subpackages: sddm-greeter-qt6
- Move default value for [Autologin] Session
0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch
to 00-general.conf
- Add patches to make autologin with wayland more reliable (boo#1221507):
* 0001-Remove-unused-Display-m_relogin-variable.patch
* 0002-Set-Display-m_started-early.patch
* 0003-Load-autologin-configuration-in-Display-Display.patch
* 0004-Reset-daemonApp-first-in-the-Display-constructor.patch
* 0005-If-autologin-is-used-avoid-starting-a-display-server.patch
- Rebase 0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch
==== selinux-policy ====
Version update (20240912 -> 20240925)
Subpackages: selinux-policy-targeted
- Update to version 20240925:
* Allow snapperd to manage unlabeled_t files (bsc#1230966)
- Update to version 20240924:
* Revert "Allow virtstoraged to manage images (bsc#1228742)"
* Label /etc/mdevctl.d with mdevctl_conf_t
* Sync users with Fedora targeted users
* Update policy for rpc-virtstorage
* Allow virtstoraged get attributes of configfs dirs
* Fix SELinux policy for sandbox X server to fix 'sandbox -X' command
* Update bootupd policy when ESP is not mounted
* Allow thumb_t map dri devices
* Allow samba use the io_uring API
* Allow the sysadm user use the secretmem API
* Allow nut-upsmon read systemd-logind session files
* Allow sysadm_t to create PF_KEY sockets
* Update bootupd policy for the removing-state-file test
- Fix macros.selinux-policy (bsc#1230897)
- %selinux_relabel_post should not relabel files in
transactional systems in %post as the policy is not loaded
into the kernel directly after install, instead the relabelling
will happen on the next boot
==== systemd ====
Version update (256.5 -> 256.6)
Subpackages: libsystemd0 libudev1 systemd-boot systemd-experimental udev
- Import commit 8a0ae4d90aff1d067a125ff9366eafc7dd5d4701 (merge of v256.6)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/bef0958f4db1b774c23505e93537ffe…
- Don't try to restart the udev socket units anymore (bsc#1228809)
There's currently no way to restart a socket activable service and its socket
units "atomically" and safely.
- Move 80-container-host0.network back to the network sub-package (bsc#1229098)
Rev 428 mistakenly moved it to the container sub-package.
==== toolbox ====
- Update SLE/Leap Micro images from 5.4 to 6.0 (bsc#1227328)
==== transactional-update ====
Version update (4.8.2 -> 4.8.3)
Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit tukitd
- Version 4.8.3
- Check return value of register command [bsc#1230901]
==== xorg-x11-server ====
Subpackages: xorg-x11-server-Xvfb
- added conflicts to patterns-wsl-tmpfiles to Xserver packages
as this patterns package creates a symlink from /tmp/.X11-unix to
/mnt/wslg/.X11-unix and therefore prevents Xservers from creating
this needed directory (bsc#1230755)
==== xwayland ====
- added conflicts to patterns-wsl-tmpfiles as this patterns package
creates a symlink from /tmp/.X11-unix to /mnt/wslg/.X11-unix and
therefore prevents Xwayland from creating this needed directory
(bsc#1230755)
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240923 -> 20240924)
ncurses (6.5.20240824 -> 6.5.20240922)
pipewire (1.2.3 -> 1.2.4)
tiff (4.6.0 -> 4.7.0)
=== Details ===
==== MicroOS-release ====
Version update (20240923 -> 20240924)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== ncurses ====
Version update (6.5.20240824 -> 6.5.20240922)
Subpackages: libncurses6 ncurses-utils terminfo-base
- Add ncurses patch 20240922
+ add a few null-pointer checks in ncurses
+ improve test-driver in ncurses/link_test.c
+ restore background character in manpages as described in X/Open
Curses section 3.3.6, and add option "-c" to test programs to
illustrate a non-blank character in the window background property.
+ improve formatting/style of manpages (patches by Branden Robinson).
+ modify ncurses*-config to add -I option in --cflag where needed for
- -disable-overwrite to match ".pc" files.
+ disallow directories and block/character devices in safe-open.
+ amend scr_restore() and scr_init() to remove the target window only
after validating the source window which will replace the target
(report by Zixi Liu).
- Add ncurses patch 20240914
+ modify _nc_flush() to also flush stderr to help the flash capability
to work in bash (patch by Harm te Hennepe, cf: 20201128)
+ omit -g and -fXXX flags from CFLAGS in misc/ncurses-config.in
+ improve formatting/style of manpages (patches by Branden Robinson).
+ improve examples in NCURSES-Programming-HOWTO.html
+ update comments in terminfo.src -TD
- Add ncurses patch 20240831
+ build-fix for a case in msys2 where gettimeofday() was available but
the fallback was partly configured.
> patch by Rafael Kitover:
+ separate the _NC_WINDOWS platform macro into _NC_WINDOWS_NATIVE,
for MinGW and other native Win32 support, and _NC_WINDOWS, to make
some Win32 features available under the Cygwin runtime, in this case
the term-driver.
+ make some minor adjustments to allow
./configure --enable-term-driver
to also work on Cygwin platforms such as Cygwin and MSYS2.
==== pipewire ====
Version update (1.2.3 -> 1.2.4)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Update to version 1.2.4:
+ Highlights:
- Avoid a crash in cleanup of globals.
- Use systemd-logind to scan for new devices in v4l2.
- Some more bugfixes and improvements.
+ PipeWire:
- Avoid a crash in cleanup of globals.
- Improve RequestProcess dispatch.
+ Tools:
- Improve float parsing.
+ SPA:
- Clear the ringbuffer when stopping in libcamera.
- Use systemd-logind to scan for new devices in v4l2.
- Queue dropped first buffer in v4l2.
- Unlink pcm devices when moving drivers to avoid broken pipe.
+ JACK:
- Emit buffer_size callback in jack_activate() to improve
compatibility with GStreamer.
==== tiff ====
Version update (4.6.0 -> 4.7.0)
- Update to 4.7.0:
* This version restores in the default build the availability of
the tools that had been dropped in v4.6.0
See https://libtiff.gitlab.io/libtiff/rfcs/rfc2_restoring_needed_tools.html#rfc…
* Software configuration changes:
+ autoconf build: configure.ac: avoid -Werror passed to CFLAGS to interfere with feature detection
+ autoconf build: fix error when running make clean (fixes issue #630)
+ autoconf build: back off the minimum required automake version to 1.11
+ autoconf.ac: fix detection of windows.h for mingw (fixes issue #605)
+ libtiff-4.pc: Fix Requires.private missing Lerc. It provides a .pc file
starting from version 4 (in autoconf builds, we assume that liblerc is at least version 4)
+ CMake: Fix TIFF_INCLUDE_DIRS
+ CMake: MinGW compilers don't need a .def file for shared library
+ CMake: move libdeflate and Lerc to Requires.private
+ CMake: enable resource compilation on all Windows.
* Library changes:
+ Add TIFFOpenOptionsSetMaxCumulatedMemAlloc(). This function complements
TIFFOpenOptionsSetMaxSingleMemAlloc() to define the maximum cumulated memory
allocations in byte, for a given TIFF handle, that libtiff internal memory
allocation functions are allowed.
+ TIFFWriteDirectory(): Avoid overwriting following data if an IFD is enlarged.
+ TIFFXYZToRGB: avoid integer overflow (fixes issue #644)
+ uv_decode() and uv_encode(): avoid potential out-of-bounds array index (fixes issue #645)
+ Fix cases where tif_curdir is set incorrectly. Fix cases where the current directory number (tif_curdir)
is set inconsistently or incorrectly, depending on the previous history.
+ TIFFRead[Scanline/EncodedStrip/EncodeTile]: 0-initialize output buffer if setupdecode fails ;
most codecs: zero-initialize (not-yet-written parts of) output buffer if failure (fixes issue #375)
+ OJPEG: reset subsampling_convert_state=0 in OJPEGPreDecode (fixes issue #183)
+ ThunderRLE: fix failure when decoding last run. Bug seen with GhostPDL
+ LERC codec: deal with issues with multi-band PlanarConfig=Contig and NaN values
+ tif_fax3.c: error out after a number of times end-of-file has been reached (fixes issue #583)
+ LZW: avoid warning about misaligned address with UBSAN (fixes issue #616)
+ TIFFReadRGBAStrip/TIFFReadRGBATile: add more validation of col/row (fixes issue #622, CVE-2023-52356)
+ tif_dirread.c: only issue TIFFGetFileSize() for large enough RAM requests
+ Avoid FPEs (division by zero) in tif_getimage.c.
+ Avoiding FPE (division by zero) for TIFFhowmany_32() and TIFFhowmany_64() macros by checking for
denominator not zero before macros are executed. (fixes issue #628)
+ Add non-zero check before division in TIFFComputeStrip()
+ Fix wrong return of TIFFIsBigTIFF() in case byte-swapping is active
+ Setting the TIFFFieldInfo field set_field_type should consider field_writecount not field_readcount
+ Avoid memory leaks when using TIFFCreateDirectory() by releasing the allocated memory in the tif-structure.
+ For non-terminated ASCII arrays, the buffer is first enlarged before a NULL is set at the end to
avoid deleting the last character. (fixes issue #579)
+ Check return value of _TIFFCreateAnonField(). (fixes issue #624, CVE-2024-7006)
+ Prevent some out-of-memory attacks (https://gitlab.com/libtiff/libtiff/-/issues/614#note_1602683857)
+ Ensure absolute seeking is forced independent of TIFFReadDirectory success. (fixes issue #618)
+ tif_dirinfo.c: re-enable TIFFTAG_EP_CFAREPEATPATTERNDIM and TIFFTAG_EP_CFAPATTERN tags (fixes issue #608)
+ Fix warnings with GCC 14
+ tif_dir.c: Log source file, line number, and input tif for directory count error (fixes issue #627)
+ Last usage of get_field_type of TIFFField structure at TIFFWriteDirectorySec() changed to using set_field_type.
+ tif_jpeg.c/tif_ojpeg.c: remove likely ifdef tricks related to old compilers or unusual setups
+ Remove _TIFFUInt64ToFloat() and _TIFFUInt64ToDouble()
+ Remove support for _MSC_VER < 1500.
+ Use #ifdef _WIN32 to test for Windows, and tiffio.h: remove definition of __WIN32__
* Documentation:
+ Amend manpages for changes in current directory index behaviour
+ Note on using TIFFFlush() before TIFFClose() to check that the data has been successfully written to the file. (fixes issue #506)
+ Update TIFF documentation about TIFFOpenOptions.rst and TIFFOpenOptionsSetMaxSingleMemAlloc() usage and some other small fixes (relates to CVE-2024-7006)
* Re-added tools:
+ fax2ps
+ fax2tiff
+ pal2rgb
+ ppm2tiff
+ raw2tiff
+ rgb2ycbcr (not installed)
+ thumbnail (not installed)
+ tiff2bw
+ tiff2rgba
+ tiffcmp
+ tiffcrop
+ tiffdither
+ tiffgt
+ tiffmedian
+ tiff2ps
+ tiff2pdf
* New/improved functionality:
+ tiff2rgba: Add background gradient option for alpha compositing
+ tiffcp: -i flag restored
* Bug fixes for tools:
+ tiffcrop: address Coverity scan issues 1605444, 1605445, and 16054
+ tiffcrop: Apply "Fix heap-buffer-overflow in function extractImageSection"
+ tiffcrop: fix buffer overflows, use after free (fixes issue #542, issue #550, issue #552)
+ tiff2pdf: address Coverity scan issues
+ tiff2pdf: fix inconsistent PLANARCONFIG value for the input and output TIFF
+ tiff2pdf: fix issue with JPEG restart-interval marker when converting from JPEG-compressed files (fixes issue #539)
+ tiff2pdf: red and blue were being swapped for RGBA decoding (fixes issue #253)
+ tiff2pdf: fixes issue #596
+ thumbnail: address Coverity scan issues
+ tiffcp: Add check for limitMalloc return to fix Coverity 1603334
+ tiffcp: preserve TIFFTAG_REFERENCEBLACKWHITE when doing YCbCr JPEG -> YCbCr JPEG
+ tiffcp: replace PHOTOMETRIC_YCBCR with PHOTOMETRIC_RGB when outputing to compression != JPEG (refs issue #571)
+ tiffcp: do not copy tags YCBCRCOEFFICIENTS, YCBCRSUBSAMPLING, YCBCRPOSITIONING, REFERENCEBLACKWHITE. Only set YCBCRSUBSAMPLING when generating YCbCr JPEG
+ tiffcp: Check also codec of input image, not only from output image (fixes issue #606)
+ Add some basic sanity checks for tiffcp and tiffcrop RGB->YCbCr JPEG conversions.
+ fax2ps and fax2tiff: memory leak fixes (fixes issue #476)
+ tiffmedian: memory leak fixes (fixes issue #599)
+ fax2tiff: fix EOFB interpretation (fixes issue #191)
+ fax2tiff: fix issue with unreasonable width input (fixes issue #249)
+ tiffcp and tiffcrop: fixes issue #228
... changelog too long, skipping 10 lines ...
- Tools are not built for now due to test failure: `FAIL: tiffcp-32bpp-None-jpeg.sh`
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240923 -> 20240924)
ncurses (6.5.20240824 -> 6.5.20240922)
pipewire (1.2.3 -> 1.2.4)
=== Details ===
==== MicroOS-release ====
Version update (20240923 -> 20240924)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== ncurses ====
Version update (6.5.20240824 -> 6.5.20240922)
Subpackages: libncurses6 ncurses-utils terminfo-base
- Add ncurses patch 20240922
+ add a few null-pointer checks in ncurses
+ improve test-driver in ncurses/link_test.c
+ restore background character in manpages as described in X/Open
Curses section 3.3.6, and add option "-c" to test programs to
illustrate a non-blank character in the window background property.
+ improve formatting/style of manpages (patches by Branden Robinson).
+ modify ncurses*-config to add -I option in --cflag where needed for
- -disable-overwrite to match ".pc" files.
+ disallow directories and block/character devices in safe-open.
+ amend scr_restore() and scr_init() to remove the target window only
after validating the source window which will replace the target
(report by Zixi Liu).
- Add ncurses patch 20240914
+ modify _nc_flush() to also flush stderr to help the flash capability
to work in bash (patch by Harm te Hennepe, cf: 20201128)
+ omit -g and -fXXX flags from CFLAGS in misc/ncurses-config.in
+ improve formatting/style of manpages (patches by Branden Robinson).
+ improve examples in NCURSES-Programming-HOWTO.html
+ update comments in terminfo.src -TD
- Add ncurses patch 20240831
+ build-fix for a case in msys2 where gettimeofday() was available but
the fallback was partly configured.
> patch by Rafael Kitover:
+ separate the _NC_WINDOWS platform macro into _NC_WINDOWS_NATIVE,
for MinGW and other native Win32 support, and _NC_WINDOWS, to make
some Win32 features available under the Cygwin runtime, in this case
the term-driver.
+ make some minor adjustments to allow
./configure --enable-term-driver
to also work on Cygwin platforms such as Cygwin and MSYS2.
==== pipewire ====
Version update (1.2.3 -> 1.2.4)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Update to version 1.2.4:
+ Highlights:
- Avoid a crash in cleanup of globals.
- Use systemd-logind to scan for new devices in v4l2.
- Some more bugfixes and improvements.
+ PipeWire:
- Avoid a crash in cleanup of globals.
- Improve RequestProcess dispatch.
+ Tools:
- Improve float parsing.
+ SPA:
- Clear the ringbuffer when stopping in libcamera.
- Use systemd-logind to scan for new devices in v4l2.
- Queue dropped first buffer in v4l2.
- Unlink pcm devices when moving drivers to avoid broken pipe.
+ JACK:
- Emit buffer_size callback in jack_activate() to improve
compatibility with GStreamer.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240922 -> 20240923)
cairo
mdadm
setools
vte (0.76.3 -> 0.76.4)
=== Details ===
==== MicroOS-release ====
Version update (20240922 -> 20240923)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== cairo ====
Subpackages: libcairo-gobject2 libcairo-script-interpreter2 libcairo2
- Add b9eed915f9a67380e7ef9d8746656455c43f67e2.patch: cff: Don't
fail if no local subs. Fix regression when writing PDFs with
fonts.
==== mdadm ====
- Detail: remove duplicated code (bsc#1226413)
0008-Detail-remove-duplicated-code.patch
- mdadm: Fix native --detail --export (bsc#1226413)
0009-mdadm-Fix-native-detail-export.patch
==== setools ====
- Add upstream tarball signature
- Add key 85649089C9F385B35F40568D21698FD29D4355A4 to setools.keyring
==== vte ====
Version update (0.76.3 -> 0.76.4)
- Update to version 0.76.4:
* fonts: ensure ref of font from glyph item analysis
* build: Post release version bump
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240918 -> 20240923)
cairo
kernel-source (6.10.9 -> 6.10.11)
libbacktrace (1.0+git20240718 -> 1.0+git20240805)
libdovi (3.2.0 -> 3.3.1)
libeconf (0.7.2 -> 0.7.3)
libsamplerate
mdadm
osinfo-db
setools
shim-leap
vte (0.76.3 -> 0.76.4)
wpa_supplicant
=== Details ===
==== MicroOS-release ====
Version update (20240918 -> 20240923)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== cairo ====
Subpackages: libcairo-gobject2 libcairo-script-interpreter2 libcairo2
- Add b9eed915f9a67380e7ef9d8746656455c43f67e2.patch: cff: Don't
fail if no local subs. Fix regression when writing PDFs with
fonts.
==== kernel-source ====
Version update (6.10.9 -> 6.10.11)
Subpackages: kernel-64kb kernel-default
- Linux 6.10.11 (bsc#1012628).
- usb: typec: ucsi: Always set number of alternate modes
(bsc#1012628).
- usb: typec: ucsi: Fix cable registration (bsc#1012628).
- drm/mediatek: Set sensible cursor width/height values to fix
crash (bsc#1012628).
- ksmbd: override fsids for share path check (bsc#1012628).
- ksmbd: override fsids for smb2_query_info() (bsc#1012628).
- usbnet: ipheth: remove extraneous rx URB length check
(bsc#1012628).
- usbnet: ipheth: drop RX URBs with no payload (bsc#1012628).
- usbnet: ipheth: do not stop RX on failing RX callback
(bsc#1012628).
- usbnet: ipheth: fix carrier detection in modes 1 and 4
(bsc#1012628).
- net: ethernet: use ip_hdrlen() instead of bit shift
(bsc#1012628).
- drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero
(bsc#1012628).
- drm: panel-orientation-quirks: Add quirk for Ayn Loki Max
(bsc#1012628).
- net: phy: vitesse: repair vsc73xx autonegotiation (bsc#1012628).
- powerpc/mm: Fix boot warning with hugepages and
CONFIG_DEBUG_VIRTUAL (bsc#1012628).
- wifi: mt76: mt7921: fix NULL pointer access in
mt7921_ipv6_addr_change (bsc#1012628).
- drm/amdgpu: Update kmd_fw_shared for VCN5 (bsc#1012628).
- net: hns3: use correct release function during uninitialization
(bsc#1012628).
- btrfs: update target inode's ctime on unlink (bsc#1012628).
- Input: ads7846 - ratelimit the spi_sync error message
(bsc#1012628).
- Input: synaptics - enable SMBus for HP Elitebook 840 G2
(bsc#1012628).
- hid-asus: add ROG Ally X prod ID to quirk list (bsc#1012628).
- HID: multitouch: Add support for GT7868Q (bsc#1012628).
- Input: edt-ft5x06 - add support for FocalTech FT8201
(bsc#1012628).
- cgroup/cpuset: Eliminate unncessary sched domains rebuilds in
hotplug (bsc#1012628).
- scripts: kconfig: merge_config: config files: add a trailing
newline (bsc#1012628).
- platform/x86: asus-wmi: Add quirk for ROG Ally X (bsc#1012628).
- platform/surface: aggregator_registry: Add Support for Surface
Pro 10 (bsc#1012628).
- platform/surface: aggregator_registry: Add support for Surface
Laptop Go 3 (bsc#1012628).
- platform/surface: aggregator_registry: Add support for Surface
Laptop Studio 2 (bsc#1012628).
- platform/surface: aggregator_registry: Add fan and thermal
sensor support for Surface Laptop 5 (bsc#1012628).
- platform/surface: aggregator_registry: Add support for Surface
Laptop 6 (bsc#1012628).
- spi: zynqmp-gqspi: Scale timeout by data size (bsc#1012628).
- drm/msm/adreno: Fix error return if missing firmware-name
(bsc#1012628).
- Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
(bsc#1012628).
- drm/xe/xe2lpm: Extend Wa_16021639441 (bsc#1012628).
- drm/xe: fix WA 14018094691 (bsc#1012628).
- drm/xe: use devm instead of drmm for managed bo (bsc#1012628).
- s390/mm: Pin identity mapping base to zero (bsc#1012628).
- smb/server: fix return value of smb2_open() (bsc#1012628).
- NFSv4: Fix clearing of layout segments in layoutreturn
(bsc#1012628).
- NFS: Avoid unnecessary rescanning of the per-server delegation
list (bsc#1012628).
- platform/x86: panasonic-laptop: Fix SINF array out of bounds
accesses (bsc#1012628).
- platform/x86: panasonic-laptop: Allocate 1 entry extra in the
sinf array (bsc#1012628).
- mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1012628).
- selftests: mptcp: join: restrict fullmesh endp on 1st sf
(bsc#1012628).
- arm64: dts: rockchip: fix eMMC/SPI corruption when audio has
been used on RK3399 Puma (bsc#1012628).
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO
hog on RK3399 Puma (bsc#1012628).
- minmax: reduce min/max macro expansion in atomisp driver
(bsc#1012628).
- net: tighten bad gso csum offset check in virtio_net_hdr
(bsc#1012628).
- net: libwx: fix number of Rx and Tx descriptors (bsc#1012628).
- dm-integrity: fix a race condition when accessing recalc_sector
(bsc#1012628).
- clocksource: hyper-v: Use lapic timer in a TDX VM without
paravisor (bsc#1012628).
- x86/hyperv: fix kexec crash due to VP assist page corruption
(bsc#1012628).
- mm: avoid leaving partial pfn mappings around in error case
(bsc#1012628).
- bcachefs: Fix bch2_extents_match() false positive (bsc#1012628).
- bcachefs: Revert lockless buffered IO path (bsc#1012628).
- bcachefs: Don't delete open files in online fsck (bsc#1012628).
- arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for
ROCK Pi E (bsc#1012628).
- firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()
(bsc#1012628).
- riscv: dts: starfive: jh7110-common: Fix lower rate of CPUfreq
... changelog too long, skipping 766 lines ...
- commit e9c5fe9
==== libbacktrace ====
Version update (1.0+git20240718 -> 1.0+git20240805)
- Update to version 1.0+git20240805:
* libbacktrace: update xcoff.c for base_address changes
* libbacktrace: avoid -Wpointer-arith errors
* libbacktrace: fix syntax of Windows registration functions
==== libdovi ====
Version update (3.2.0 -> 3.3.1)
- Update to 3.3.1:
* Changed AV1 function signatures to take slices as input and
return a Vec.
* Added write_av1_rpu_metadata_obu_t35_complete function to encode
RPUs in complete metadata OBU payloads.
* XML parser: support decimals when parsing Level6 MaxCLL/MaxFALL
values.
* Added DoviRpu::parse_itu_t35_dovi_metadata_obu and deprecated
av1::parse_itu_t35_dovi_metadata_obu.
* Fixed encoding AV1 payloads with trailing bytes. They are now
discarded.
* Added dovi_write_av1_rpu_metadata_obu_t35_{payload,complete}
functions.
* Added dovi_parse_itu_t35_dovi_metadata_obu function.
* Added support for parsing ext_mapping_idc in RpuDataHeader.
==== libeconf ====
Version update (0.7.2 -> 0.7.3)
- Update to version 0.7.3:
* Groups handled in an own list (#218)
* Add econftool as dependency of its tests
* Simplify snprintf call
* Remove unused functions and reduce variable visibility (#213)
* Fix typos (#212)
==== libsamplerate ====
- Use a constant profile dir for reproducible builds (boo#1062303)
==== mdadm ====
- Detail: remove duplicated code (bsc#1226413)
0008-Detail-remove-duplicated-code.patch
- mdadm: Fix native --detail --export (bsc#1226413)
0009-mdadm-Fix-native-detail-export.patch
==== osinfo-db ====
- Add support for SLE Micro 6.1 (jsc#PED-8910)
add-slem6.1-support.patch
- Drop support for Leap 15.7. Next major version is Leap 16
add-opensuse-leap-15.7-support.patch
- Adjust place holder release-date for sle15sp7
add-sle15sp7-support.patch
==== setools ====
- Add upstream tarball signature
- Add key 85649089C9F385B35F40568D21698FD29D4355A4 to setools.keyring
==== shim-leap ====
- RelEng emergency fix: fux source number to install shim-install.
==== vte ====
Version update (0.76.3 -> 0.76.4)
- Update to version 0.76.4:
* fonts: ensure ref of font from glyph item analysis
* build: Post release version bump
==== wpa_supplicant ====
- Revert "Mark authorization completed on driver indication
during 4-way HS offload" because of WPA2-PSK/WPA-SAE connection
problems with brcmfmac wifi hardware. (bsc#1230797)
[+ Revert-Mark-authorization-completed-on-driver-indica.patch]
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240920 -> 20240922)
libsamplerate
wpa_supplicant
=== Details ===
==== MicroOS-release ====
Version update (20240920 -> 20240922)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== libsamplerate ====
- Use a constant profile dir for reproducible builds (boo#1062303)
==== wpa_supplicant ====
- Revert "Mark authorization completed on driver indication
during 4-way HS offload" because of WPA2-PSK/WPA-SAE connection
problems with brcmfmac wifi hardware. (bsc#1230797)
[+ Revert-Mark-authorization-completed-on-driver-indica.patch]
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240919 -> 20240920)
kernel-source (6.10.9 -> 6.10.11)
libdovi (3.2.0 -> 3.3.1)
osinfo-db
=== Details ===
==== MicroOS-release ====
Version update (20240919 -> 20240920)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== kernel-source ====
Version update (6.10.9 -> 6.10.11)
- Linux 6.10.11 (bsc#1012628).
- usb: typec: ucsi: Always set number of alternate modes
(bsc#1012628).
- usb: typec: ucsi: Fix cable registration (bsc#1012628).
- drm/mediatek: Set sensible cursor width/height values to fix
crash (bsc#1012628).
- ksmbd: override fsids for share path check (bsc#1012628).
- ksmbd: override fsids for smb2_query_info() (bsc#1012628).
- usbnet: ipheth: remove extraneous rx URB length check
(bsc#1012628).
- usbnet: ipheth: drop RX URBs with no payload (bsc#1012628).
- usbnet: ipheth: do not stop RX on failing RX callback
(bsc#1012628).
- usbnet: ipheth: fix carrier detection in modes 1 and 4
(bsc#1012628).
- net: ethernet: use ip_hdrlen() instead of bit shift
(bsc#1012628).
- drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero
(bsc#1012628).
- drm: panel-orientation-quirks: Add quirk for Ayn Loki Max
(bsc#1012628).
- net: phy: vitesse: repair vsc73xx autonegotiation (bsc#1012628).
- powerpc/mm: Fix boot warning with hugepages and
CONFIG_DEBUG_VIRTUAL (bsc#1012628).
- wifi: mt76: mt7921: fix NULL pointer access in
mt7921_ipv6_addr_change (bsc#1012628).
- drm/amdgpu: Update kmd_fw_shared for VCN5 (bsc#1012628).
- net: hns3: use correct release function during uninitialization
(bsc#1012628).
- btrfs: update target inode's ctime on unlink (bsc#1012628).
- Input: ads7846 - ratelimit the spi_sync error message
(bsc#1012628).
- Input: synaptics - enable SMBus for HP Elitebook 840 G2
(bsc#1012628).
- hid-asus: add ROG Ally X prod ID to quirk list (bsc#1012628).
- HID: multitouch: Add support for GT7868Q (bsc#1012628).
- Input: edt-ft5x06 - add support for FocalTech FT8201
(bsc#1012628).
- cgroup/cpuset: Eliminate unncessary sched domains rebuilds in
hotplug (bsc#1012628).
- scripts: kconfig: merge_config: config files: add a trailing
newline (bsc#1012628).
- platform/x86: asus-wmi: Add quirk for ROG Ally X (bsc#1012628).
- platform/surface: aggregator_registry: Add Support for Surface
Pro 10 (bsc#1012628).
- platform/surface: aggregator_registry: Add support for Surface
Laptop Go 3 (bsc#1012628).
- platform/surface: aggregator_registry: Add support for Surface
Laptop Studio 2 (bsc#1012628).
- platform/surface: aggregator_registry: Add fan and thermal
sensor support for Surface Laptop 5 (bsc#1012628).
- platform/surface: aggregator_registry: Add support for Surface
Laptop 6 (bsc#1012628).
- spi: zynqmp-gqspi: Scale timeout by data size (bsc#1012628).
- drm/msm/adreno: Fix error return if missing firmware-name
(bsc#1012628).
- Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
(bsc#1012628).
- drm/xe/xe2lpm: Extend Wa_16021639441 (bsc#1012628).
- drm/xe: fix WA 14018094691 (bsc#1012628).
- drm/xe: use devm instead of drmm for managed bo (bsc#1012628).
- s390/mm: Pin identity mapping base to zero (bsc#1012628).
- smb/server: fix return value of smb2_open() (bsc#1012628).
- NFSv4: Fix clearing of layout segments in layoutreturn
(bsc#1012628).
- NFS: Avoid unnecessary rescanning of the per-server delegation
list (bsc#1012628).
- platform/x86: panasonic-laptop: Fix SINF array out of bounds
accesses (bsc#1012628).
- platform/x86: panasonic-laptop: Allocate 1 entry extra in the
sinf array (bsc#1012628).
- mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1012628).
- selftests: mptcp: join: restrict fullmesh endp on 1st sf
(bsc#1012628).
- arm64: dts: rockchip: fix eMMC/SPI corruption when audio has
been used on RK3399 Puma (bsc#1012628).
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO
hog on RK3399 Puma (bsc#1012628).
- minmax: reduce min/max macro expansion in atomisp driver
(bsc#1012628).
- net: tighten bad gso csum offset check in virtio_net_hdr
(bsc#1012628).
- net: libwx: fix number of Rx and Tx descriptors (bsc#1012628).
- dm-integrity: fix a race condition when accessing recalc_sector
(bsc#1012628).
- clocksource: hyper-v: Use lapic timer in a TDX VM without
paravisor (bsc#1012628).
- x86/hyperv: fix kexec crash due to VP assist page corruption
(bsc#1012628).
- mm: avoid leaving partial pfn mappings around in error case
(bsc#1012628).
- bcachefs: Fix bch2_extents_match() false positive (bsc#1012628).
- bcachefs: Revert lockless buffered IO path (bsc#1012628).
- bcachefs: Don't delete open files in online fsck (bsc#1012628).
- arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for
ROCK Pi E (bsc#1012628).
- firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()
(bsc#1012628).
- riscv: dts: starfive: jh7110-common: Fix lower rate of CPUfreq
... changelog too long, skipping 766 lines ...
- commit e9c5fe9
==== libdovi ====
Version update (3.2.0 -> 3.3.1)
- Update to 3.3.1:
* Changed AV1 function signatures to take slices as input and
return a Vec.
* Added write_av1_rpu_metadata_obu_t35_complete function to encode
RPUs in complete metadata OBU payloads.
* XML parser: support decimals when parsing Level6 MaxCLL/MaxFALL
values.
* Added DoviRpu::parse_itu_t35_dovi_metadata_obu and deprecated
av1::parse_itu_t35_dovi_metadata_obu.
* Fixed encoding AV1 payloads with trailing bytes. They are now
discarded.
* Added dovi_write_av1_rpu_metadata_obu_t35_{payload,complete}
functions.
* Added dovi_parse_itu_t35_dovi_metadata_obu function.
* Added support for parsing ext_mapping_idc in RpuDataHeader.
==== osinfo-db ====
- Add support for SLE Micro 6.1 (jsc#PED-8910)
add-slem6.1-support.patch
- Drop support for Leap 15.7. Next major version is Leap 16
add-opensuse-leap-15.7-support.patch
- Adjust place holder release-date for sle15sp7
add-sle15sp7-support.patch
1
0