Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240908 -> 20240909)
cairo (1.18.0 -> 1.18.2)
colord
gnome-disk-utility (46.0 -> 46.1)
kf6-kirigami
libevdev (1.13.1 -> 1.13.3)
libgweather4 (4.4.2 -> 4.4.4)
python-idna (3.7 -> 3.8)
webkit2gtk3
webkit2gtk4
=== Details ===
==== MicroOS-release ====
Version update (20240908 -> 20240909)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== cairo ====
Version update (1.18.0 -> 1.18.2)
Subpackages: libcairo-gobject2 libcairo-script-interpreter2 libcairo2
- Update to version 1.18.2:
+ The malloc-stats code has been removed from the tests directory
the canonical location for it is:
https://github.com/behdad/malloc-stats
+ Cairo now requires a version of pixman equal to, or newer than,
0.40.
+ There have been multiple build fixes for newer versions of GCC
for MSVC; for Solaris; and on macOS 10.7.
+ PNG errors caused by loading malformed data are correctly
propagated to callers, so they can handle the case.
+ Both stroke and fill colors are now set when showing glyphs on
a PDF surface.
+ All the font options are copied when creating a fallback font
object.
+ When drawing text on macOS, Cairo now tries harder to select
the appropriate font name.
+ Cairo now prefers the COLRv1 table inside a font, if one is
available.
+ Cairo requires a C11 toolchain when building.
==== colord ====
Subpackages: colord-color-profiles libcolord2 libcolorhug2
- Remove script in %pre to change ownership of /var/lib/colord
(bsc#1208056).
==== gnome-disk-utility ====
Version update (46.0 -> 46.1)
- Update to version 46.1:
+ metainfo:
- fix URLs
- replace screenshots
+ Updated translations.
==== kf6-kirigami ====
Subpackages: kf6-kirigami-imports libKirigamiPlatform6
- Add upstream change (kde#488326, boo#1228876):
* 0001-Disable-cachegen.patch
==== libevdev ====
Version update (1.13.1 -> 1.13.3)
- update to 1.13.3:
* include: sync event codes with kernel 6.10
* CI and build system fixes
==== libgweather4 ====
Version update (4.4.2 -> 4.4.4)
Subpackages: gweather4-data libgweather-4-0 typelib-1_0-GWeather-4_0
- Update to version 4.4.4:
+ Fix deprecation warnings
+ Fix introspection annotation for async functions
+ Plug some memory leaks
+ Updated translations.
==== python-idna ====
Version update (3.7 -> 3.8)
- update to 3.8:
* Fix regression where IDNAError exception was not being
produced for certain inputs.
* Add support for Python 3.13, drop support for Python 3.5 as
it is no longer testable.
* Documentation improvements
* Updates to package testing using Github actions
==== webkit2gtk3 ====
Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles
- Add revert-271175.patch: This reverts commit 279c9d7, it broke
wasm.
==== webkit2gtk4 ====
Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 webkitgtk-6_0-injected-bundles
- Add revert-271175.patch: This reverts commit 279c9d7, it broke
wasm.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240908 -> 20240909)
cairo (1.18.0 -> 1.18.2)
colord
gnome-disk-utility (46.0 -> 46.1)
kf6-kirigami
libevdev (1.13.1 -> 1.13.3)
libgweather4 (4.4.2 -> 4.4.4)
python-idna (3.7 -> 3.8)
webkit2gtk3
webkit2gtk4
=== Details ===
==== MicroOS-release ====
Version update (20240908 -> 20240909)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== cairo ====
Version update (1.18.0 -> 1.18.2)
Subpackages: libcairo-gobject2 libcairo-script-interpreter2 libcairo2
- Update to version 1.18.2:
+ The malloc-stats code has been removed from the tests directory
the canonical location for it is:
https://github.com/behdad/malloc-stats
+ Cairo now requires a version of pixman equal to, or newer than,
0.40.
+ There have been multiple build fixes for newer versions of GCC
for MSVC; for Solaris; and on macOS 10.7.
+ PNG errors caused by loading malformed data are correctly
propagated to callers, so they can handle the case.
+ Both stroke and fill colors are now set when showing glyphs on
a PDF surface.
+ All the font options are copied when creating a fallback font
object.
+ When drawing text on macOS, Cairo now tries harder to select
the appropriate font name.
+ Cairo now prefers the COLRv1 table inside a font, if one is
available.
+ Cairo requires a C11 toolchain when building.
==== colord ====
Subpackages: colord-color-profiles libcolord2 libcolorhug2
- Remove script in %pre to change ownership of /var/lib/colord
(bsc#1208056).
==== gnome-disk-utility ====
Version update (46.0 -> 46.1)
- Update to version 46.1:
+ metainfo:
- fix URLs
- replace screenshots
+ Updated translations.
==== kf6-kirigami ====
Subpackages: kf6-kirigami-imports libKirigamiPlatform6
- Add upstream change (kde#488326, boo#1228876):
* 0001-Disable-cachegen.patch
==== libevdev ====
Version update (1.13.1 -> 1.13.3)
- update to 1.13.3:
* include: sync event codes with kernel 6.10
* CI and build system fixes
==== libgweather4 ====
Version update (4.4.2 -> 4.4.4)
Subpackages: gweather4-data libgweather-4-0 typelib-1_0-GWeather-4_0
- Update to version 4.4.4:
+ Fix deprecation warnings
+ Fix introspection annotation for async functions
+ Plug some memory leaks
+ Updated translations.
==== python-idna ====
Version update (3.7 -> 3.8)
- update to 3.8:
* Fix regression where IDNAError exception was not being
produced for certain inputs.
* Add support for Python 3.13, drop support for Python 3.5 as
it is no longer testable.
* Documentation improvements
* Updates to package testing using Github actions
==== webkit2gtk3 ====
Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles
- Add revert-271175.patch: This reverts commit 279c9d7, it broke
wasm.
==== webkit2gtk4 ====
Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 webkitgtk-6_0-injected-bundles
- Add revert-271175.patch: This reverts commit 279c9d7, it broke
wasm.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240906 -> 20240908)
aaa_base (84.87+git20240821.fbabe1d -> 84.87+git20240906.742565b)
libqt5-qtbase (5.15.14+kde143 -> 5.15.15+kde127)
libqt5-qtdeclarative (5.15.14+kde28 -> 5.15.15+kde25)
libqt5-qtgraphicaleffects (5.15.14+kde0 -> 5.15.15+kde0)
libqt5-qtimageformats (5.15.14+kde7 -> 5.15.15+kde4)
libqt5-qtmultimedia (5.15.14+kde2 -> 5.15.15+kde2)
libqt5-qtquickcontrols (5.15.14+kde0 -> 5.15.15+kde0)
libqt5-qtquickcontrols2 (5.15.14+kde5 -> 5.15.15+kde5)
libqt5-qtspeech (5.15.14+kde1 -> 5.15.15+kde1)
libqt5-qtsvg (5.15.14+kde5 -> 5.15.15+kde5)
libqt5-qtwayland (5.15.14+kde57 -> 5.15.15+kde59)
libqt5-qtx11extras (5.15.14+kde0 -> 5.15.15+kde0)
libzypp (17.35.9 -> 17.35.10)
rsync
zypper (1.14.76 -> 1.14.77)
=== Details ===
==== MicroOS-release ====
Version update (20240906 -> 20240908)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== aaa_base ====
Version update (84.87+git20240821.fbabe1d -> 84.87+git20240906.742565b)
- Update to version 84.87+git20240906.742565b:
* yama-enable-ptrace: enforce changed behavior upon installation (bsc#1221763)
* Avoid unnecessary /bin/bash dependency
* sysctl: Fixup of not setting kernel.pid_max on 32b archs (bsc#1227117)
==== libqt5-qtbase ====
Version update (5.15.14+kde143 -> 5.15.15+kde127)
Subpackages: libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5
- Update to version 5.15.15+kde127, rebased upstream:
* Add LGPL header to qcalendar.cpp
* Move some flaky text tests into Lancelot
* Update Harfbuzz to 7.2.0
* doc: Make docs for ElideNone a bit more precise
* tst_QImageReader: fix missing checks for "newly"-added ImageOptions
* tst_QMainWindow: for UB (use of reserved names)
* Update bundled libjpeg-turbo to version 3.0.0
* Update to Freetype 2.13.1
* [docs] Link from QtConcurent::run() to QThreadPool::start(Callable&&)
* Docs: State that OpenSSL3 is available from 5.15.1
* Simplify (and fix) initialization of a list of time-zones
* ODBC/MySQL: fix compilation with MySQL < 5.7.9
* SQLite: Update SQLite to v3.42.0
* tst_QHostInfo: fix mem-leaks in threadSafetyAsynchronousAPI()
* tst_QSortFilterProxyModel: fix mem-leaks II: sortStable()
* tst_QNetworkDiskCache: fix mem-leak
* tst_QAbstractItemModelTester: fix mem-leak
* tst_QSortFilterProxyModel: fix mem-leaks
* Fix screens not always updating if order changes
* Update the list of CLDR-based files
* Return TZ time-zone backend's tranCache() as a const reference
* tst_QTcpSocket: fix mem-leak
* tst_QNetworkCookieJar: fix memleak
* tst_QParallelAnimationGroup: fix memleak
* tst_QXmlStream::tokenErrorHandling() - register test directory in CMake
* Fix transparency in 16 bit and 24 bit ico files
* QVariant: always compare floating point with double precision
* Doc: Document QMAKE_APPLE_DEVICE_ARCHS
* Update bundled libpng to version 1.6.40
* fbconvenience: use smart pointer for QFbCursor
* Doc: Clarify that the rich text engine has limited support for HTML tags
* autotest: Blacklist tst_QTableView::columnViewportPosition for winrt
* autotest: Blacklist QTimeLine::interpolation for winrt
* QFuture: mention the work-stealing algorithm in the docs
* QtDoc Global: Add macros for Qt Design Studio in qtdoc
* Fix specific overflow in qtextlayout
* Remove QEglFSCursor's inheritance of QOpenGLFunctions
* tst_QPixmapCache: QVERIFY a failed replace()
* tst_QPixmapCache: check insert() reports failure
* QPixmapCache: add a comment on how failed insert() invalidates cacheKey
* tst_QPixmapCache: rewrite QVERIFY(x != 0) to QVERIFY(x)
* QVariant: remove outdated docs about reimplementing clear()
* Bump version to 5.15.15
* Update The-Qt-Company-Commercial
* Fix crash on QLocale::monthName().simplified()
* Android: fix QDir::entryInfoList() with content URIs
* Android: fix content url handling of filenames with spaces
- Commits dropped by the rebase:
* tst_QXmlStream: remove unneeded _ba UDLs
* Fix specific overflow in qtextlayout (CVE-2023-32763)
==== libqt5-qtdeclarative ====
Version update (5.15.14+kde28 -> 5.15.15+kde25)
- Update to version 5.15.15+kde25, rebased upstream:
* QV4::ArrayData: Fix offset calculation for sort()
* Fix pointer delivery to child items of items with clip:true
* doc: Remove Calendar Example link
* PointerHandler: cancel all grabs when item changes scene
* qintrusivelvist_p.h: Silence nullpointer subtraction warning
* Doc: Fix mislabelled diagram for Context2D.arc()
* Bump version to 5.15.15
==== libqt5-qtgraphicaleffects ====
Version update (5.15.14+kde0 -> 5.15.15+kde0)
- Update to version 5.15.15+kde0, rebased upstream:
* Bump version to 5.15.15
==== libqt5-qtimageformats ====
Version update (5.15.14+kde7 -> 5.15.15+kde4)
- Update to version 5.15.15+kde4, rebased upstream:
* Bump version to 5.15.15
==== libqt5-qtmultimedia ====
Version update (5.15.14+kde2 -> 5.15.15+kde2)
- Update to version 5.15.15+kde2, rebased upstream:
* Bump version to 5.15.15
* Blacklist tst_qmediaplayerbackend::playlistobjects on openSUSE 15.4
* Blacklist tst_QAudioDeviceInfo::codecs on openSUSE 15.4
==== libqt5-qtquickcontrols ====
Version update (5.15.14+kde0 -> 5.15.15+kde0)
- Update to version 5.15.15+kde0, rebased upstream:
* Bump version to 5.15.15
==== libqt5-qtquickcontrols2 ====
Version update (5.15.14+kde5 -> 5.15.15+kde5)
Subpackages: libQt5QuickControls2-5 libQt5QuickTemplates2-5
- Update to version 5.15.15+kde5, rebased upstream:
* Bump version to 5.15.15
* RangeSlider: Don't update position only if mouse/touch is grabbed
==== libqt5-qtspeech ====
Version update (5.15.14+kde1 -> 5.15.15+kde1)
- Update to version 5.15.15+kde1, rebased upstream:
* Bump version to 5.15.15
==== libqt5-qtsvg ====
Version update (5.15.14+kde5 -> 5.15.15+kde5)
- Update to version 5.15.15+kde5, rebased upstream:
* Bump version to 5.15.15
==== libqt5-qtwayland ====
Version update (5.15.14+kde57 -> 5.15.15+kde59)
Subpackages: libQt5WaylandClient5 libQt5WaylandCompositor5
- Update to version 5.15.15+kde59, rebased upstream:
* Revert "Client: Send release button event on pointer leave"
* Fix race condition in drag and drop
* client: don't cache one type in QWaylandMimeData
* DefaultCompositor: use explcit lambda captures
* Fix C++20 deprecated capture of *this in [=]
* compositor: Unbind display on close in linux-dmabuf and eglstream
* Client: Send release button event on pointer leave
* Bump version to 5.15.15
==== libqt5-qtx11extras ====
Version update (5.15.14+kde0 -> 5.15.15+kde0)
- Update to version 5.15.15+kde0, rebased upstream:
* Bump version to 5.15.15
==== libzypp ====
Version update (17.35.9 -> 17.35.10)
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- Conflicts: zypper <= 1.14.76
- version 17.35.10 (35)
==== rsync ====
- rsync-gcc14.patch: fixed the ipv6 configure check (bsc#1230156)
==== zypper ====
Version update (1.14.76 -> 1.14.77)
Subpackages: zypper-needs-restarting
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- BuildRequires: libzypp-devel >= 17.35.10.
- Fix wrong numbers used in CommitSummary skipped/failed messages.
- version 1.14.77
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240904 -> 20240908)
SDL2 (2.30.6 -> 2.30.7)
aaa_base (84.87+git20240821.fbabe1d -> 84.87+git20240906.742565b)
aardvark-dns (1.12.1 -> 1.12.2)
containerd (1.7.17 -> 1.7.21)
crun (1.15 -> 1.16.1)
expat (2.6.2 -> 2.6.3)
gnome-autoar (0.4.4 -> 0.4.5)
gnutls (3.8.6 -> 3.8.7)
iputils (20240117 -> 20240905)
kernel-firmware (20240826 -> 20240903)
kernel-source (6.10.7 -> 6.10.8)
kwalletmanager
libXi (1.8.1 -> 1.8.2)
libjxl
libqt5-qtbase (5.15.14+kde143 -> 5.15.15+kde127)
libqt5-qtdeclarative (5.15.14+kde28 -> 5.15.15+kde25)
libqt5-qtgraphicaleffects (5.15.14+kde0 -> 5.15.15+kde0)
libqt5-qtimageformats (5.15.14+kde7 -> 5.15.15+kde4)
libqt5-qtmultimedia (5.15.14+kde2 -> 5.15.15+kde2)
libqt5-qtquickcontrols (5.15.14+kde0 -> 5.15.15+kde0)
libqt5-qtquickcontrols2 (5.15.14+kde5 -> 5.15.15+kde5)
libqt5-qtspeech (5.15.14+kde1 -> 5.15.15+kde1)
libqt5-qtsvg (5.15.14+kde5 -> 5.15.15+kde5)
libqt5-qtwayland (5.15.14+kde57 -> 5.15.15+kde59)
libqt5-qtx11extras (5.15.14+kde0 -> 5.15.15+kde0)
libwebp (1.3.2 -> 1.4.0)
libzypp (17.35.9 -> 17.35.10)
llvm18
mozilla-nss (3.102.1 -> 3.103)
openssl-3
osinfo-db
pam-config (2.11+git.20240620 -> 2.11+git.20240906)
power-profiles-daemon (0.21 -> 0.22)
procps
rsync
selinux-policy
timezone
u-boot-rpiarm64
vim (9.1.0636 -> 9.1.0718)
xfsprogs (6.9.0 -> 6.10.1)
xxhash
zxing-cpp (2.1.0 -> 2.2.1)
zypper (1.14.76 -> 1.14.77)
=== Details ===
==== MicroOS-release ====
Version update (20240904 -> 20240908)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== SDL2 ====
Version update (2.30.6 -> 2.30.7)
- Update to release 2.30.7
* Added support for the Retro-bit Controller in PS3 mode
* Fixed the cursor becoming visible when using relative mode
under XWayland
* Fixed Direct Rendering Manager initialization failure on some
Linux systems
* Fixed a crash when the current mouse capture window is
destroyed
==== aaa_base ====
Version update (84.87+git20240821.fbabe1d -> 84.87+git20240906.742565b)
- Update to version 84.87+git20240906.742565b:
* yama-enable-ptrace: enforce changed behavior upon installation (bsc#1221763)
* Avoid unnecessary /bin/bash dependency
* sysctl: Fixup of not setting kernel.pid_max on 32b archs (bsc#1227117)
==== aardvark-dns ====
Version update (1.12.1 -> 1.12.2)
- Update to version 1.12.2:
* Release v1.12.2
* Update release notes for 1.12.2
* coredns: work on tcp requests concurrently
* tcp: add timeout to connection (fixes bsc#1230153 / CVE-2024-8418)
* cirrus: update branch names
==== containerd ====
Version update (1.7.17 -> 1.7.21)
- Update to containerd v1.7.21. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.21>
Fixes CVE-2023-47108. bsc#1217070
Fixes CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
==== crun ====
Version update (1.15 -> 1.16.1)
- new upstream release 1.16.1
1.16.1:
- fix a regression introduced by 1.16 where using 'rshared' rootfs mount propagation and the rootfs itself is a mountpoint.
- inherit user from original process on exec, if not overridden.
1.16:
- build: fix build for s390x.
- linux: fix mount of special files with rro. Open the mount target with O_PATH to prevent open(2) failures with special files like FIFOs or UNIX sockets.
- Fix sd-bus error handling for cpu quota and period props update.
- container: use relative path for rootfs if possible. If the rootfs cannot be resolved and it is below the current working directory, only use its relative path.
- wasmedge: access container environment variables for the WasmEdge configuration.
- cgroup, systemd: use MemoryMax instead of MemoryLimit. Fixes a warning for using an old configuration name.
- cgroup, systemd: improve checks for sd_bus_message_append errors
==== expat ====
Version update (2.6.2 -> 2.6.3)
- Update to 2.6.3:
* Security fixes:
- CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with
len < 0 without noticing and then calling XML_GetBuffer
will have XML_ParseBuffer fail to recognize the problem
and XML_GetBuffer corrupt memory.
With the fix, XML_ParseBuffer now complains with error
XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
has been doing since Expat 2.2.1, and now documented.
Impact is denial of service to potentially artitrary code
execution.
- CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an
integer overflow for nDefaultAtts on 32-bit platforms
(where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
- CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can
have an integer overflow for m_groupSize on 32-bit
platforms (where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
* Other changes:
- Autotools: Sync CMake templates with CMake 3.28
- Autotools: Always provide path to find(1) for portability
- Autotools: Ensure that the m4 directory always exists.
- Autotools: Simplify handling of SIZEOF_VOID_P
- Autotools: Support non-GNU sed
- Autotools|CMake: Fix main() to main(void)
- Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM
- Autotools|CMake: Stop requiring dos2unix
- CMake: Fix check for symbols size_t and off_t
- docs|tests: Convert README to Markdown and update
- Windows: Drop support for Visual Studio <=15.0/2017
- Drop needless XML_DTD guards around is_param access
- Fix typo in a code comment
- Version info bumped from 10:2:9 (libexpat*.so.1.9.2)
to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/
for what these numbers do
==== gnome-autoar ====
Version update (0.4.4 -> 0.4.5)
- Update to version 0.4.5:
+ mime-types: Add tar variant of bzip2
+ extractor: Fix source string leak
==== gnutls ====
Version update (3.8.6 -> 3.8.7)
- Update to 3.8.7:
* libgnutls: New configure option to compile out DSA support
The --disable-dsa configure option has been added to completely
disable DSA algorithm support.
* libgnutls: Experimental support for X25519Kyber768Draft00 key
exchange in TLS. For testing purposes, the hybrid post-quantum
key exchange defined in draft-tls-westerbaan-xyber768d00 has been
implemented using liboqs. Since the algorithm is still not finalized,
the support of this key exchange is disabled by default and can be
enabled with the --with-liboqs configure option.
* Rebase patches:
- gnutls-FIPS-140-3-references.patch
- gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
==== iputils ====
Version update (20240117 -> 20240905)
- Update to version 20240905 (mostly ping fixes release)
https://github.com/iputils/iputils/releases/tag/20240905
- Fix tarball url
==== kernel-firmware ====
Version update (20240826 -> 20240903)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network
- Update to version 20240903 (git commit 96af55bd3d0b):
* amdgpu: Revert sienna cichlid dmcub firmware update (bsc#1230007)
* iwlwifi: add Bz FW for core89-58 release
* rtl_nic: add firmware rtl8126a-3
* linux-firmware: update firmware for MT7921 WiFi device
* linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
- Update to version 20240830 (git commit d6c600d46981):
* amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351
* qcom: vpu: restore compatibility with kernels before 6.6
==== kernel-source ====
Version update (6.10.7 -> 6.10.8)
Subpackages: kernel-64kb kernel-default
- Linux 6.10.8 (bsc#1012628).
- drm/amdgpu/mes: fix mes ring buffer overflow (bsc#1012628).
- erofs: fix out-of-bound access when z_erofs_gbuf_growsize()
partially fails (bsc#1012628).
- ALSA: seq: Skip event type filtering for UMP events
(bsc#1012628).
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop
14-ey0xxx (bsc#1012628).
- ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED
(bsc#1012628).
- LoongArch: Remove the unused dma-direct.h (bsc#1012628).
- LoongArch: Add ifdefs to fix LSX and LASX related warnings
(bsc#1012628).
- tpm: ibmvtpm: Call tpm2_sessions_init() to initialize session
support (bsc#1012628).
- btrfs: fix a use-after-free when hitting errors inside
btrfs_submit_chunk() (bsc#1012628).
- btrfs: run delayed iputs when flushing delalloc (bsc#1012628).
- smb/client: avoid dereferencing rdata=NULL in
smb2_new_read_req() (bsc#1012628).
- pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B
pins (bsc#1012628).
- pinctrl: single: fix potential NULL dereference in
pcs_get_function() (bsc#1012628).
- netfs, ceph: Partially revert "netfs: Replace PG_fscache by
setting folio->private and marking dirty" (bsc#1012628).
- wifi: wfx: repair open network AP mode (bsc#1012628).
- wifi: mwifiex: duplicate static structs used in driver instances
(bsc#1012628).
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response
(bsc#1012628).
- mptcp: close subflow when receiving TCP+FIN (bsc#1012628).
- mptcp: sched: check both backup in retrans (bsc#1012628).
- mptcp: pr_debug: add missing \n at the end (bsc#1012628).
- mptcp: pm: reuse ID 0 after delete and re-add (bsc#1012628).
- mptcp: pm: skip connecting to already established sf
(bsc#1012628).
- mptcp: pm: reset MPC endp ID when re-added (bsc#1012628).
- mptcp: pm: send ACK on an active subflow (bsc#1012628).
- mptcp: pm: fix RM_ADDR ID for the initial subflow (bsc#1012628).
- mptcp: pm: do not remove already closed subflows (bsc#1012628).
- mptcp: pm: fix ID 0 endp usage after multiple re-creations
(bsc#1012628).
- mptcp: avoid duplicated SUB_CLOSED events (bsc#1012628).
- mptcp: pm: ADD_ADDR 0 is not a new address (bsc#1012628).
- selftests: mptcp: join: cannot rm sf if closed (bsc#1012628).
- selftests: mptcp: join: check removing ID 0 endpoint
(bsc#1012628).
- selftests: mptcp: join: no extra msg if no counter
(bsc#1012628).
- selftests: mptcp: join: check re-re-adding ID 0 endp
(bsc#1012628).
- binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2
is defined (bsc#1012628).
- drm/v3d: Disable preemption while updating GPU stats
(bsc#1012628).
- drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict
(bsc#1012628).
- drm/i915/dp_mst: Fix MST state after a sink reset (bsc#1012628).
- drm/amdgpu: align pp_power_profile_mode with kernel docs
(bsc#1012628).
- drm/amdgpu/swsmu: always force a state reprogram on init
(bsc#1012628).
- drm/vmwgfx: Prevent unmapping active read buffers (bsc#1012628).
- drm/vmwgfx: Fix prime with external buffers (bsc#1012628).
- video/aperture: optionally match the device in sysfb_disable()
(bsc#1012628).
- drm/xe: Prepare display for D3Cold (bsc#1012628).
- drm/xe/display: Make display suspend/resume work on discrete
(bsc#1012628).
- drm/xe/vm: Simplify if condition (bsc#1012628).
- drm/xe/exec_queue: Rename xe_exec_queue::compute to
xe_exec_queue::lr (bsc#1012628).
- drm/xe: prevent UAF around preempt fence (bsc#1012628).
- drm/amdgpu: Do not wait for MP0_C2PMSG_33 IFWI init in SRIOV
(bsc#1012628).
- drm/amdgpu: fix eGPU hotplug regression (bsc#1012628).
- pinctrl: qcom: x1e80100: Update PDC hwirq map (bsc#1012628).
- ASoC: SOF: amd: move iram-dram fence register programming
sequence (bsc#1012628).
- ASoC: SOF: amd: Fix for incorrect acp error register offsets
(bsc#1012628).
- ASoC: amd: acp: fix module autoloading (bsc#1012628).
- ASoC: SOF: amd: Fix for acp init sequence (bsc#1012628).
- ALSA: hda: cs35l56: Don't use the device index as a calibration
index (bsc#1012628).
- ASoC: cs-amp-lib-test: Force test calibration blob entries to
be valid (bsc#1012628).
- ASoC: cs-amp-lib: Ignore empty UEFI calibration entries
(bsc#1012628).
- backing-file: convert to using fops->splice_write (bsc#1012628).
- pinctrl: mediatek: common-v2: Fix broken bias-disable for
PULL_PU_PD_RSEL_TYPE (bsc#1012628).
- pinctrl: qcom: x1e80100: Fix special pin offsets (bsc#1012628).
- pinctrl: starfive: jh7110: Correct the level trigger
configuration of iev register (bsc#1012628).
- nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open
(bsc#1012628).
- mm: Fix missing folio invalidation calls during truncation
... changelog too long, skipping 178 lines ...
- commit 64dc967
==== kwalletmanager ====
- Add upstream fix (kde#492138):
* 0001-Fix-service-file-name.patch
==== libXi ====
Version update (1.8.1 -> 1.8.2)
- Update to version 1.8.2
* This release includes fixes for malloc failures and a double
alignment issue on some machines. XFreeDeviceInfo can now be
called with NULL and XGetFeedbackControl is more robust in
the face of a malicious X server sending random data. Plus a
typo fix in the man page.
==== libjxl ====
- Update libjxl.spec:
Add compiler condition to fix SLE-15-SP7 ppc64le build env.
(bsc#1229831)
==== libqt5-qtbase ====
Version update (5.15.14+kde143 -> 5.15.15+kde127)
Subpackages: libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5
- Update to version 5.15.15+kde127, rebased upstream:
* Add LGPL header to qcalendar.cpp
* Move some flaky text tests into Lancelot
* Update Harfbuzz to 7.2.0
* doc: Make docs for ElideNone a bit more precise
* tst_QImageReader: fix missing checks for "newly"-added ImageOptions
* tst_QMainWindow: for UB (use of reserved names)
* Update bundled libjpeg-turbo to version 3.0.0
* Update to Freetype 2.13.1
* [docs] Link from QtConcurent::run() to QThreadPool::start(Callable&&)
* Docs: State that OpenSSL3 is available from 5.15.1
* Simplify (and fix) initialization of a list of time-zones
* ODBC/MySQL: fix compilation with MySQL < 5.7.9
* SQLite: Update SQLite to v3.42.0
* tst_QHostInfo: fix mem-leaks in threadSafetyAsynchronousAPI()
* tst_QSortFilterProxyModel: fix mem-leaks II: sortStable()
* tst_QNetworkDiskCache: fix mem-leak
* tst_QAbstractItemModelTester: fix mem-leak
* tst_QSortFilterProxyModel: fix mem-leaks
* Fix screens not always updating if order changes
* Update the list of CLDR-based files
* Return TZ time-zone backend's tranCache() as a const reference
* tst_QTcpSocket: fix mem-leak
* tst_QNetworkCookieJar: fix memleak
* tst_QParallelAnimationGroup: fix memleak
* tst_QXmlStream::tokenErrorHandling() - register test directory in CMake
* Fix transparency in 16 bit and 24 bit ico files
* QVariant: always compare floating point with double precision
* Doc: Document QMAKE_APPLE_DEVICE_ARCHS
* Update bundled libpng to version 1.6.40
* fbconvenience: use smart pointer for QFbCursor
* Doc: Clarify that the rich text engine has limited support for HTML tags
* autotest: Blacklist tst_QTableView::columnViewportPosition for winrt
* autotest: Blacklist QTimeLine::interpolation for winrt
* QFuture: mention the work-stealing algorithm in the docs
* QtDoc Global: Add macros for Qt Design Studio in qtdoc
* Fix specific overflow in qtextlayout
* Remove QEglFSCursor's inheritance of QOpenGLFunctions
* tst_QPixmapCache: QVERIFY a failed replace()
* tst_QPixmapCache: check insert() reports failure
* QPixmapCache: add a comment on how failed insert() invalidates cacheKey
* tst_QPixmapCache: rewrite QVERIFY(x != 0) to QVERIFY(x)
* QVariant: remove outdated docs about reimplementing clear()
* Bump version to 5.15.15
* Update The-Qt-Company-Commercial
* Fix crash on QLocale::monthName().simplified()
* Android: fix QDir::entryInfoList() with content URIs
* Android: fix content url handling of filenames with spaces
- Commits dropped by the rebase:
* tst_QXmlStream: remove unneeded _ba UDLs
* Fix specific overflow in qtextlayout (CVE-2023-32763)
==== libqt5-qtdeclarative ====
Version update (5.15.14+kde28 -> 5.15.15+kde25)
- Update to version 5.15.15+kde25, rebased upstream:
* QV4::ArrayData: Fix offset calculation for sort()
* Fix pointer delivery to child items of items with clip:true
* doc: Remove Calendar Example link
* PointerHandler: cancel all grabs when item changes scene
* qintrusivelvist_p.h: Silence nullpointer subtraction warning
* Doc: Fix mislabelled diagram for Context2D.arc()
* Bump version to 5.15.15
==== libqt5-qtgraphicaleffects ====
Version update (5.15.14+kde0 -> 5.15.15+kde0)
- Update to version 5.15.15+kde0, rebased upstream:
* Bump version to 5.15.15
==== libqt5-qtimageformats ====
Version update (5.15.14+kde7 -> 5.15.15+kde4)
- Update to version 5.15.15+kde4, rebased upstream:
* Bump version to 5.15.15
==== libqt5-qtmultimedia ====
Version update (5.15.14+kde2 -> 5.15.15+kde2)
- Update to version 5.15.15+kde2, rebased upstream:
* Bump version to 5.15.15
* Blacklist tst_qmediaplayerbackend::playlistobjects on openSUSE 15.4
* Blacklist tst_QAudioDeviceInfo::codecs on openSUSE 15.4
==== libqt5-qtquickcontrols ====
Version update (5.15.14+kde0 -> 5.15.15+kde0)
- Update to version 5.15.15+kde0, rebased upstream:
* Bump version to 5.15.15
==== libqt5-qtquickcontrols2 ====
Version update (5.15.14+kde5 -> 5.15.15+kde5)
Subpackages: libQt5QuickControls2-5 libQt5QuickTemplates2-5
- Update to version 5.15.15+kde5, rebased upstream:
* Bump version to 5.15.15
* RangeSlider: Don't update position only if mouse/touch is grabbed
==== libqt5-qtspeech ====
Version update (5.15.14+kde1 -> 5.15.15+kde1)
- Update to version 5.15.15+kde1, rebased upstream:
* Bump version to 5.15.15
==== libqt5-qtsvg ====
Version update (5.15.14+kde5 -> 5.15.15+kde5)
- Update to version 5.15.15+kde5, rebased upstream:
* Bump version to 5.15.15
==== libqt5-qtwayland ====
Version update (5.15.14+kde57 -> 5.15.15+kde59)
Subpackages: libQt5WaylandClient5 libQt5WaylandCompositor5
- Update to version 5.15.15+kde59, rebased upstream:
* Revert "Client: Send release button event on pointer leave"
* Fix race condition in drag and drop
* client: don't cache one type in QWaylandMimeData
* DefaultCompositor: use explcit lambda captures
* Fix C++20 deprecated capture of *this in [=]
* compositor: Unbind display on close in linux-dmabuf and eglstream
* Client: Send release button event on pointer leave
* Bump version to 5.15.15
==== libqt5-qtx11extras ====
Version update (5.15.14+kde0 -> 5.15.15+kde0)
- Update to version 5.15.15+kde0, rebased upstream:
* Bump version to 5.15.15
==== libwebp ====
Version update (1.3.2 -> 1.4.0)
Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3
- Update to 1.4.0 & fix libwebp.changes header from previous commit:
* further security related hardening in libwebp & examples
* some minor optimizations in the lossless encoder
* added WEBP_NODISCARD to report unused result warnings; enable with
- DWEBP_ENABLE_NODISCARD=1
* improvements and corrections in webp-container-spec.txt and
webp-lossless-bitstream-spec.txt (#611)
* miscellaneous warning, bug & build fixes
- Remove 0001-Fix-invalid-incremental-decoding-check.patch
==== libzypp ====
Version update (17.35.9 -> 17.35.10)
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- Conflicts: zypper <= 1.14.76
- version 17.35.10 (35)
==== llvm18 ====
- Enable zstd compression support again.
==== mozilla-nss ====
Version update (3.102.1 -> 3.103)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs
- update to NSS 3.103
* bmo#1908623 - move list size check after lock acquisition in sftk_PutObjectToList.
* bmo#1899542: Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH,
* bmo#1909638 - Follow-up to fix test for presence of file nspr.patch.
* bmo#1903783: Adjust libFuzzer size limits
* bmo#1899542: Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk
* bmo#1899542: Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION
- Add nss-reproducible-builds.patch to make the rpms reproducible,
by using a hardcoded, static key to generate the checksums (*.chk-files)
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
==== openssl-3 ====
Subpackages: libopenssl3
- Security fix: [bsc#1229465, CVE-2024-6119]
* possible denial of service in X.509 name checks
* openssl-CVE-2024-6119.patch
==== osinfo-db ====
- Add support for openSUSE Leap 15.7 (jsc#PED-8910)
add-opensuse-leap-15.7-support.patch
- Add support for SLE-15-SP7 (jsc#PED-8910) (bsc#1230160)
add-sle15sp7-support.patch
==== pam-config ====
Version update (2.11+git.20240620 -> 2.11+git.20240906)
- Update to version 2.11+git.20240906:
* Move pam_limits before pam_systemd
==== power-profiles-daemon ====
Version update (0.21 -> 0.22)
- Update to version 0.22:
* power-profiles-daemon is now battery-level aware:
some drivers use this value for better optimizations
* AMD p-state improvements:
+ supports core performance boost when not in power-saver mode
+ uses minimum frequency to lowest non-linear frequency
+ more impervious to faulty firmware and kernel bugs
* support for changing DPM clocks on amdgpu:
explicitly set the DPM clocks down to "low" when in
power-saver mode
* powerprofilesctl can disable logind and upower integration
* fix handling of turbo_pct, now assumed as not present
by default
* power-profiles-daemon.service further lockdown restrictions
* start power-profiles-daemon.service after
multi-user.target AND display-manager.target
to avoid conflicts with module loading
==== procps ====
Subpackages: libproc2-0
- procps-ng-4.0.4-idletime-no-tty.patch: don't print idle time without tty
- procps-ng-4.0.4-w-array-bounds.patch: fix array bounds violation
==== rsync ====
- rsync-gcc14.patch: fixed the ipv6 configure check (bsc#1230156)
==== selinux-policy ====
Subpackages: selinux-policy-targeted
- Fix macros.selinux-policy (bsc#1229132)
- %selinux_modules_install and %selinux_modules_uninstall will
now only execute load_policy if $TRANSACTIONAL_UPDATE is not set
(aka only if they are not in a transactional system)
- $TRANSACTIONAL_UPDATE is set here:
https://github.com/openSUSE/transactional-update/blob/bd524d3ddfcd9aeebb7b9…
==== timezone ====
- Split tzselect script into a subpackage to prevent awk getting into minimal
containers and recommend tzselect by the main package
Fixes bsc#1230054
==== u-boot-rpiarm64 ====
Subpackages: u-boot-rpiarm64-doc
- Install u-boot-dtb.bin for milkvduo flavor
==== vim ====
Version update (9.1.0636 -> 9.1.0718)
Subpackages: vim-data-common vim-small
- Update to 9.1.0718:
* v9.1.0718: hard to know the users personal Vim Runtime Directory
* v9.1.0717: Unnecessary nextcmd NULL checks in parse_command_modifiers()
Maintainers: fix typo in author name
* v9.1.0716: resetting setcellwidth( doesn't update the screen
runtime(hcl,terraform): Add runtime files for HCL and Terraform
runtime(tmux): Update syntax script
* v9.1.0715: Not correctly parsing color names (after v9.1.0709)
* v9.1.0714: GuiEnter_Turkish test may fail
* v9.1.0713: Newline causes E749 in Ex mode
* v9.1.0712: missing dependency of Test_gettext_makefile
* v9.1.0711: test_xxd may file when using different xxd
* v9.1.0710: popup window may hide part of Command line
runtime(vim): Update syntax, improve user-command matching
* v9.1.0709: GUIEnter event not found in Turkish locale
runtime(sudoers): improve recognized Runas_Spec and Tag_Spec items
* v9.1.0708: Recursive window update does not account for reset skipcol
runtime(nu): include filetype plugin
* v9.1.0707: invalid cursor position may cause a crash
* v9.1.0706: test_gettext fails when using shadow dir
CI: Install locales-all package
* v9.1.0705: Sorting of fuzzy filename completion is not stable
translation(pt): update Portuguese/Brazilian menu translation
runtime(vim): Update base-syntax, match bracket mark ranges
runtime(doc): Update :help :command-complete list
* v9.1.0704: inserting with a count is inefficient
runtime(doc): use mkdir -p to save a command
* v9.1.0703: crash with 2byte encoding and glob2regpat()
runtime(hollywood): update syn highlight for If-Then statements
and For-In-Loops
* v9.1.0702: Patch 9.1.0700 broke CI
* v9.1.0701: crash with NFA regex engine when searching for
composing chars
* v9.1.0700: crash with 2byte encoding and glob2regpat()
* v9.1.0699: "dvgo" is not always an inclusive motion
runtime(java): Provide support for syntax preview features
* v9.1.0698: "Untitled" file not removed when running Test_crash1_3
alone
* v9.1.0697: heap-buffer-overflow in ins_typebuf
* v9.1.0696: installing runtime files fails when using SHADOWDIR
runtime(doc): fix typo
* v9.1.0695: test_crash leaves Untitled file around
translation(br): Update Brazilian translation
translation(pt): Update menu_pt_br
* v9.1.0694: matchparen is slow on a long line
* v9.1.0693: Configure doesn't show result when not using python3
stable abi
* v9.1.0692: Wrong patlen value in ex_substitute()
* v9.1.0691: stable-abi may cause segfault on Python 3.11
runtime(vim): Update base-syntax, match :loadkeymap after colon and bar
runtime(mane): Improve <Plug>ManBS mapping
* v9.1.0690: cannot set special highlight kind in popupmenu
translation(pt): Revert and fix wrong Portuguese menu translation
files
translation(pt): revert Portuguese menu translation
translation(br): Update Brazilian translations
runtime(vim): Update base-syntax, improve :let-heredoc highlighting
* v9.1.0689: buffer-overflow in do_search( with 'rightleft'
runtime(vim): Improve heredoc handling for all embedded scripts
* v9.1.0688: dereferences NULL pointer in check_type_is_value()
* v9.1.0687: Makefile may not install desktop files
runtime(man): Fix <Plug>ManBS
runtime(java): Make the bundled &foldtext function optional
runtime(netrw): Change line on `mx` if command output exists
runtime(netrw): Fix `mf`-selected entry highlighting
runtime(htmlangular): add html syntax highlighting
translation(it): Fix filemode of Italian manpages
runtime(doc): Update outdated man.vim plugin information
runtime(zip): simplify condition to detect MS-Windows
* v9.1.0686: zip-plugin has problems with special characters
runtime(pandoc): escape quotes in &errorformat for pandoc
translation(it): updated Italian manpage
* v9.1.0685: too many strlen( calls in usercmd.c
runtime(doc): fix grammar in :h :keeppatterns
runtime(pandoc): refine pandoc compiler settings
* v9.1.0684: completion is inserted on Enter with "noselect"
translation(ru): update man pages
* v9.1.0683: mode( returns wrong value with <Cmd> mapping
runtime(doc): remove trailing whitespace in cmdline.txt
* v9.1.0682: Segfault with uninitialized funcref
* v9.1.0681: Analyzing failed screendumps is hard
runtime(doc): more clarification for the :keeppatterns needed
* v9.1.0680: VMS does not have defined uintptr_t
runtime(doc): improve typedchar documentation for KeyInputPre autocmd
runtime(dist): verify that executable is in $PATH
translation(it): update Italian manpages
runtime(doc): clarify the effect of :keeppatterns after * v9.1.0677
runtime(doc): update Makefile and make it portable between GNU and BSD
* v9.1.0679: Rename from w_closing to w_locked is incomplete
runtime(colors): update colorschemes
runtime(vim): Update base-syntax, improve :let-heredoc highlighting
runtime(doc): Updating the examples in the xxd manpage
translation(ru): Updated uganda.rux
runtime(yaml): do not re-indent when commenting out lines
* v9.1.0678: use-after-free in alist_add()
* v9.1.0677 :keepp does not retain the substitute pattern
translation(ja): Update Japanese translations to latest release
runtime(netrw): Drop committed trace lines
runtime(netrw): Error popup not always used
... changelog too long, skipping 97 lines ...
- add support for "all" and "userns" rules, and new profile flags
==== xfsprogs ====
Version update (6.9.0 -> 6.10.1)
- update to 6.10.1
- fix C++ compilation errors in xfs_fs.h
- ------------------------------------------------------------------
- update to 6.10.0
- debian: enable xfs_scrub_all systemd timer services by default
- mkfs: set autofsck filesystem property
- xfs_scrub: use the autofsck fsproperty to select mode
- xfs_scrub: allow sysadmin to control background scrubs
- xfs_property: add a new tool to administer fs properties
- xfs_db: add a command to list xattrs
- xfs_db: improve getting and setting extended attributes
- xfs_io: edit filesystem properties
- xfs_scrub: defer phase5 file scans if dirloop fails
- xfs_repair: wipe ondisk parent pointers when there are none
- xfs_scrub: detect and repair directory tree corruptions
- xfs_repair: update ondisk parent pointer records
- xfs_spaceman: report directory tree corruption in the health information
- xfsprogs: support vectored scrub
- man: document vectored scrub mode
- man2: update ioctl_xfs_scrub_metadata.2 for parent pointers
- mkfs: enable formatting with parent pointers
- mkfs: Add parent pointers during protofile creation
- xfs_repair: check parent pointers
- xfs_db: compute hashes of parent pointers
- xfs_db: add link and unlink expert commands
- xfs_repair: build a parent pointer index
- xfs_db: add a parents command to list the parents of a file
- xfs_db: obfuscate dirent and parent pointer names consistently
- xfs_db: report parent pointers embedded in xattrs
- xfs_db: report parent bit on xattrs
- xfs_db: report parent pointers in version command
- xfs_scrub: use parent pointers to report lost file data
- xfs_scrub: use parent pointers when possible to report file operations
- xfs_logprint: decode parent pointers in ATTRI items fully
- xfs_io: Add i, n and f flags to parent command
- xfs_io: adapt parent command to new parent pointer ioctls
- libfrog: report parent pointers to userspace
- libfrog: add parent pointer support code
- man: document the XFS_IOC_GETPARENTS ioctl
- xfs_logprint: dump new attr log item fields
- xfs_scrub_all: failure reporting for the xfs_scrub_all job
- xfs_repair: check free space requirements before allowing upgrades
- xfs_scrub_all: convert systemctl calls to dbus
- xfs_scrub_all: trigger automatic media scans once per month
- xfs_scrub: add an optimization-only mode
- xfs_scrub_all: add CLI option for easier debugging
- xfs_scrub_all: enable periodic file data scrubs automatically
- xfs_scrub: automatic downgrades to dry-run mode in service mode
- xfs_scrub_all: support metadata+media scans of all filesystems
- xfs_scrub_all: fail fast on masked units
- xfs_scrub_all: remove journalctl background process
- xfs_scrub_all: only use the xfs_scrub@ systemd services in service mode
- xfs_scrub: tune fstrim minlen parameter based on free space histograms
- xfs_scrub: improve responsiveness while trimming the filesystem
- xfs_scrub: tighten up the security on the background systemd service
- xfs_scrub: don't call FITRIM after runtime errors
- xfs_scrub: use dynamic users when running as a systemd service
- xfs_scrub: report FITRIM errors properly
- xfs_scrub.service: reduce background CPU usage to less than one core if possible
- xfs_scrub: don't close stdout when closing the progress bar
- xfs_scrub: fix the work estimation for phase 8
- libfrog: print cdf of free space buckets
- libfrog: print wider columns for free space histogram
- xfs_scrub: ignore phase 8 if the user disabled fstrim
- xfs_scrub: move FITRIM to phase 8
- xfs_scrub: improve thread scheduling repair items during phase 4
- xfs_scrub: avoid potential UAF after freeing a duplicate name entry
- xfs_scrub: enable users to bump information messages to warnings
- xfs_scrub: retry incomplete repairs
- xfs_scrub: warn about difficult repairs to rt and quota metadata
- xfs_scrub: any inconsistency in metadata should trigger difficulty warnings
- mkfs: add a formatting option for exchange-range
- xfs_repair: add exchange-range to file systems
- xfs_scrub: fix missing scrub coverage for broken inodes
- xfs_scrub: log when a repair was unnecessary
- libfrog: advertise exchange-range support
- xfs_io: create exchangerange command to test file range exchange ioctl
- xfs_fsr: skip the xattr/forkoff levering with the newer swapext implementations
- xfs_fsr: convert to bulkstat v5 ioctls
- xfs_logprint: support dumping exchmaps log items
- xfs_db: advertise exchange-range in the version command
- libfrog: add support for exchange range ioctl family
- libhandle: add support for bulkstat v5
- man: document XFS_FSOP_GEOM_FLAGS_EXCHRANGE
- man: document the exchange-range ioctl
- xfs_repair: don't crash on -vv
- xfsprogs: Remove support for split-/usr installs
- libxfs: kernel sync
- ------------------------------------------------------------------
==== xxhash ====
- Add inline.patch to resolve FTBFS on gcc-14 + -Og.
==== zxing-cpp ====
Version update (2.1.0 -> 2.2.1)
- Update to 2.2.1. Changes:
* Fix ABI breakage from 2.2.0.
- Changes from 2.2.0:
* Rename DecodeHints to ReaderOptions. The old name is still available for
backward API compatibility but deprecated. Since the C-API and the Qt
wrapper code are not officially part of the library, they changed without
backward compatibility.
* WASM: bytes in ReadResult.
* DataMatrix: use charset for encoding.
* QRCode: Support QR Code Model1.
* rMQR Code: Support Rectangular Micro QR Code.
- Refresh patch:
* cmake.patch
==== zypper ====
Version update (1.14.76 -> 1.14.77)
Subpackages: zypper-needs-restarting
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- BuildRequires: libzypp-devel >= 17.35.10.
- Fix wrong numbers used in CommitSummary skipped/failed messages.
- version 1.14.77
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240905 -> 20240906)
aardvark-dns (1.12.1 -> 1.12.2)
containerd (1.7.17 -> 1.7.21)
crun (1.15 -> 1.16.1)
expat (2.6.2 -> 2.6.3)
iputils (20240117 -> 20240905)
kernel-source (6.10.7 -> 6.10.8)
libXi (1.8.1 -> 1.8.2)
libvpl (2.11.0 -> 2.13.0)
llvm18
pam-config (2.11+git.20240620 -> 2.11+git.20240906)
timezone
vim (9.1.0636 -> 9.1.0718)
=== Details ===
==== MicroOS-release ====
Version update (20240905 -> 20240906)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== aardvark-dns ====
Version update (1.12.1 -> 1.12.2)
- Update to version 1.12.2:
* Release v1.12.2
* Update release notes for 1.12.2
* coredns: work on tcp requests concurrently
* tcp: add timeout to connection (fixes bsc#1230153 / CVE-2024-8418)
* cirrus: update branch names
==== containerd ====
Version update (1.7.17 -> 1.7.21)
- Update to containerd v1.7.21. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.21>
Fixes CVE-2023-47108. bsc#1217070
Fixes CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
==== crun ====
Version update (1.15 -> 1.16.1)
- new upstream release 1.16.1
1.16.1:
- fix a regression introduced by 1.16 where using 'rshared' rootfs mount propagation and the rootfs itself is a mountpoint.
- inherit user from original process on exec, if not overridden.
1.16:
- build: fix build for s390x.
- linux: fix mount of special files with rro. Open the mount target with O_PATH to prevent open(2) failures with special files like FIFOs or UNIX sockets.
- Fix sd-bus error handling for cpu quota and period props update.
- container: use relative path for rootfs if possible. If the rootfs cannot be resolved and it is below the current working directory, only use its relative path.
- wasmedge: access container environment variables for the WasmEdge configuration.
- cgroup, systemd: use MemoryMax instead of MemoryLimit. Fixes a warning for using an old configuration name.
- cgroup, systemd: improve checks for sd_bus_message_append errors
==== expat ====
Version update (2.6.2 -> 2.6.3)
- Update to 2.6.3:
* Security fixes:
- CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with
len < 0 without noticing and then calling XML_GetBuffer
will have XML_ParseBuffer fail to recognize the problem
and XML_GetBuffer corrupt memory.
With the fix, XML_ParseBuffer now complains with error
XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
has been doing since Expat 2.2.1, and now documented.
Impact is denial of service to potentially artitrary code
execution.
- CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an
integer overflow for nDefaultAtts on 32-bit platforms
(where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
- CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can
have an integer overflow for m_groupSize on 32-bit
platforms (where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
* Other changes:
- Autotools: Sync CMake templates with CMake 3.28
- Autotools: Always provide path to find(1) for portability
- Autotools: Ensure that the m4 directory always exists.
- Autotools: Simplify handling of SIZEOF_VOID_P
- Autotools: Support non-GNU sed
- Autotools|CMake: Fix main() to main(void)
- Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM
- Autotools|CMake: Stop requiring dos2unix
- CMake: Fix check for symbols size_t and off_t
- docs|tests: Convert README to Markdown and update
- Windows: Drop support for Visual Studio <=15.0/2017
- Drop needless XML_DTD guards around is_param access
- Fix typo in a code comment
- Version info bumped from 10:2:9 (libexpat*.so.1.9.2)
to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/
for what these numbers do
==== iputils ====
Version update (20240117 -> 20240905)
- Update to version 20240905 (mostly ping fixes release)
https://github.com/iputils/iputils/releases/tag/20240905
- Fix tarball url
==== kernel-source ====
Version update (6.10.7 -> 6.10.8)
- Linux 6.10.8 (bsc#1012628).
- drm/amdgpu/mes: fix mes ring buffer overflow (bsc#1012628).
- erofs: fix out-of-bound access when z_erofs_gbuf_growsize()
partially fails (bsc#1012628).
- ALSA: seq: Skip event type filtering for UMP events
(bsc#1012628).
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop
14-ey0xxx (bsc#1012628).
- ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED
(bsc#1012628).
- LoongArch: Remove the unused dma-direct.h (bsc#1012628).
- LoongArch: Add ifdefs to fix LSX and LASX related warnings
(bsc#1012628).
- tpm: ibmvtpm: Call tpm2_sessions_init() to initialize session
support (bsc#1012628).
- btrfs: fix a use-after-free when hitting errors inside
btrfs_submit_chunk() (bsc#1012628).
- btrfs: run delayed iputs when flushing delalloc (bsc#1012628).
- smb/client: avoid dereferencing rdata=NULL in
smb2_new_read_req() (bsc#1012628).
- pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B
pins (bsc#1012628).
- pinctrl: single: fix potential NULL dereference in
pcs_get_function() (bsc#1012628).
- netfs, ceph: Partially revert "netfs: Replace PG_fscache by
setting folio->private and marking dirty" (bsc#1012628).
- wifi: wfx: repair open network AP mode (bsc#1012628).
- wifi: mwifiex: duplicate static structs used in driver instances
(bsc#1012628).
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response
(bsc#1012628).
- mptcp: close subflow when receiving TCP+FIN (bsc#1012628).
- mptcp: sched: check both backup in retrans (bsc#1012628).
- mptcp: pr_debug: add missing \n at the end (bsc#1012628).
- mptcp: pm: reuse ID 0 after delete and re-add (bsc#1012628).
- mptcp: pm: skip connecting to already established sf
(bsc#1012628).
- mptcp: pm: reset MPC endp ID when re-added (bsc#1012628).
- mptcp: pm: send ACK on an active subflow (bsc#1012628).
- mptcp: pm: fix RM_ADDR ID for the initial subflow (bsc#1012628).
- mptcp: pm: do not remove already closed subflows (bsc#1012628).
- mptcp: pm: fix ID 0 endp usage after multiple re-creations
(bsc#1012628).
- mptcp: avoid duplicated SUB_CLOSED events (bsc#1012628).
- mptcp: pm: ADD_ADDR 0 is not a new address (bsc#1012628).
- selftests: mptcp: join: cannot rm sf if closed (bsc#1012628).
- selftests: mptcp: join: check removing ID 0 endpoint
(bsc#1012628).
- selftests: mptcp: join: no extra msg if no counter
(bsc#1012628).
- selftests: mptcp: join: check re-re-adding ID 0 endp
(bsc#1012628).
- binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2
is defined (bsc#1012628).
- drm/v3d: Disable preemption while updating GPU stats
(bsc#1012628).
- drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict
(bsc#1012628).
- drm/i915/dp_mst: Fix MST state after a sink reset (bsc#1012628).
- drm/amdgpu: align pp_power_profile_mode with kernel docs
(bsc#1012628).
- drm/amdgpu/swsmu: always force a state reprogram on init
(bsc#1012628).
- drm/vmwgfx: Prevent unmapping active read buffers (bsc#1012628).
- drm/vmwgfx: Fix prime with external buffers (bsc#1012628).
- video/aperture: optionally match the device in sysfb_disable()
(bsc#1012628).
- drm/xe: Prepare display for D3Cold (bsc#1012628).
- drm/xe/display: Make display suspend/resume work on discrete
(bsc#1012628).
- drm/xe/vm: Simplify if condition (bsc#1012628).
- drm/xe/exec_queue: Rename xe_exec_queue::compute to
xe_exec_queue::lr (bsc#1012628).
- drm/xe: prevent UAF around preempt fence (bsc#1012628).
- drm/amdgpu: Do not wait for MP0_C2PMSG_33 IFWI init in SRIOV
(bsc#1012628).
- drm/amdgpu: fix eGPU hotplug regression (bsc#1012628).
- pinctrl: qcom: x1e80100: Update PDC hwirq map (bsc#1012628).
- ASoC: SOF: amd: move iram-dram fence register programming
sequence (bsc#1012628).
- ASoC: SOF: amd: Fix for incorrect acp error register offsets
(bsc#1012628).
- ASoC: amd: acp: fix module autoloading (bsc#1012628).
- ASoC: SOF: amd: Fix for acp init sequence (bsc#1012628).
- ALSA: hda: cs35l56: Don't use the device index as a calibration
index (bsc#1012628).
- ASoC: cs-amp-lib-test: Force test calibration blob entries to
be valid (bsc#1012628).
- ASoC: cs-amp-lib: Ignore empty UEFI calibration entries
(bsc#1012628).
- backing-file: convert to using fops->splice_write (bsc#1012628).
- pinctrl: mediatek: common-v2: Fix broken bias-disable for
PULL_PU_PD_RSEL_TYPE (bsc#1012628).
- pinctrl: qcom: x1e80100: Fix special pin offsets (bsc#1012628).
- pinctrl: starfive: jh7110: Correct the level trigger
configuration of iev register (bsc#1012628).
- nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open
(bsc#1012628).
- mm: Fix missing folio invalidation calls during truncation
... changelog too long, skipping 178 lines ...
- commit 64dc967
==== libXi ====
Version update (1.8.1 -> 1.8.2)
- Update to version 1.8.2
* This release includes fixes for malloc failures and a double
alignment issue on some machines. XFreeDeviceInfo can now be
called with NULL and XGetFeedbackControl is more robust in
the face of a malicious X server sending random data. Plus a
typo fix in the man page.
==== libvpl ====
Version update (2.11.0 -> 2.13.0)
- Update to version 2.13.0:
+ Added:
- Intel® VPL API 2.13 support, including new APIs for AV1
screen content tools, encoded picture quality information,
alpha channel encoding, AI-based frame interpolation,
AI-based super resolution, and Battlemage platform
- hello-encode-jpeg example
- Changes from version 2.12.0:
+ Added: Intel® VPL API 2.12 support, including new APIs for
AI-based frame interpolation and Vulkan zero-copy surface
sharing.
==== llvm18 ====
- Enable zstd compression support again.
==== pam-config ====
Version update (2.11+git.20240620 -> 2.11+git.20240906)
- Update to version 2.11+git.20240906:
* Move pam_limits before pam_systemd
==== timezone ====
- Split tzselect script into a subpackage to prevent awk getting into minimal
containers and recommend tzselect by the main package
Fixes bsc#1230054
==== vim ====
Version update (9.1.0636 -> 9.1.0718)
Subpackages: vim-data-common vim-small
- Update to 9.1.0718:
* v9.1.0718: hard to know the users personal Vim Runtime Directory
* v9.1.0717: Unnecessary nextcmd NULL checks in parse_command_modifiers()
Maintainers: fix typo in author name
* v9.1.0716: resetting setcellwidth( doesn't update the screen
runtime(hcl,terraform): Add runtime files for HCL and Terraform
runtime(tmux): Update syntax script
* v9.1.0715: Not correctly parsing color names (after v9.1.0709)
* v9.1.0714: GuiEnter_Turkish test may fail
* v9.1.0713: Newline causes E749 in Ex mode
* v9.1.0712: missing dependency of Test_gettext_makefile
* v9.1.0711: test_xxd may file when using different xxd
* v9.1.0710: popup window may hide part of Command line
runtime(vim): Update syntax, improve user-command matching
* v9.1.0709: GUIEnter event not found in Turkish locale
runtime(sudoers): improve recognized Runas_Spec and Tag_Spec items
* v9.1.0708: Recursive window update does not account for reset skipcol
runtime(nu): include filetype plugin
* v9.1.0707: invalid cursor position may cause a crash
* v9.1.0706: test_gettext fails when using shadow dir
CI: Install locales-all package
* v9.1.0705: Sorting of fuzzy filename completion is not stable
translation(pt): update Portuguese/Brazilian menu translation
runtime(vim): Update base-syntax, match bracket mark ranges
runtime(doc): Update :help :command-complete list
* v9.1.0704: inserting with a count is inefficient
runtime(doc): use mkdir -p to save a command
* v9.1.0703: crash with 2byte encoding and glob2regpat()
runtime(hollywood): update syn highlight for If-Then statements
and For-In-Loops
* v9.1.0702: Patch 9.1.0700 broke CI
* v9.1.0701: crash with NFA regex engine when searching for
composing chars
* v9.1.0700: crash with 2byte encoding and glob2regpat()
* v9.1.0699: "dvgo" is not always an inclusive motion
runtime(java): Provide support for syntax preview features
* v9.1.0698: "Untitled" file not removed when running Test_crash1_3
alone
* v9.1.0697: heap-buffer-overflow in ins_typebuf
* v9.1.0696: installing runtime files fails when using SHADOWDIR
runtime(doc): fix typo
* v9.1.0695: test_crash leaves Untitled file around
translation(br): Update Brazilian translation
translation(pt): Update menu_pt_br
* v9.1.0694: matchparen is slow on a long line
* v9.1.0693: Configure doesn't show result when not using python3
stable abi
* v9.1.0692: Wrong patlen value in ex_substitute()
* v9.1.0691: stable-abi may cause segfault on Python 3.11
runtime(vim): Update base-syntax, match :loadkeymap after colon and bar
runtime(mane): Improve <Plug>ManBS mapping
* v9.1.0690: cannot set special highlight kind in popupmenu
translation(pt): Revert and fix wrong Portuguese menu translation
files
translation(pt): revert Portuguese menu translation
translation(br): Update Brazilian translations
runtime(vim): Update base-syntax, improve :let-heredoc highlighting
* v9.1.0689: buffer-overflow in do_search( with 'rightleft'
runtime(vim): Improve heredoc handling for all embedded scripts
* v9.1.0688: dereferences NULL pointer in check_type_is_value()
* v9.1.0687: Makefile may not install desktop files
runtime(man): Fix <Plug>ManBS
runtime(java): Make the bundled &foldtext function optional
runtime(netrw): Change line on `mx` if command output exists
runtime(netrw): Fix `mf`-selected entry highlighting
runtime(htmlangular): add html syntax highlighting
translation(it): Fix filemode of Italian manpages
runtime(doc): Update outdated man.vim plugin information
runtime(zip): simplify condition to detect MS-Windows
* v9.1.0686: zip-plugin has problems with special characters
runtime(pandoc): escape quotes in &errorformat for pandoc
translation(it): updated Italian manpage
* v9.1.0685: too many strlen( calls in usercmd.c
runtime(doc): fix grammar in :h :keeppatterns
runtime(pandoc): refine pandoc compiler settings
* v9.1.0684: completion is inserted on Enter with "noselect"
translation(ru): update man pages
* v9.1.0683: mode( returns wrong value with <Cmd> mapping
runtime(doc): remove trailing whitespace in cmdline.txt
* v9.1.0682: Segfault with uninitialized funcref
* v9.1.0681: Analyzing failed screendumps is hard
runtime(doc): more clarification for the :keeppatterns needed
* v9.1.0680: VMS does not have defined uintptr_t
runtime(doc): improve typedchar documentation for KeyInputPre autocmd
runtime(dist): verify that executable is in $PATH
translation(it): update Italian manpages
runtime(doc): clarify the effect of :keeppatterns after * v9.1.0677
runtime(doc): update Makefile and make it portable between GNU and BSD
* v9.1.0679: Rename from w_closing to w_locked is incomplete
runtime(colors): update colorschemes
runtime(vim): Update base-syntax, improve :let-heredoc highlighting
runtime(doc): Updating the examples in the xxd manpage
translation(ru): Updated uganda.rux
runtime(yaml): do not re-indent when commenting out lines
* v9.1.0678: use-after-free in alist_add()
* v9.1.0677 :keepp does not retain the substitute pattern
translation(ja): Update Japanese translations to latest release
runtime(netrw): Drop committed trace lines
runtime(netrw): Error popup not always used
... changelog too long, skipping 97 lines ...
- add support for "all" and "userns" rules, and new profile flags
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
SDL2 (2.30.6 -> 2.30.7)
gnome-autoar (0.4.4 -> 0.4.5)
gnutls (3.8.6 -> 3.8.7)
kernel-firmware (20240826 -> 20240903)
kwalletmanager
libjxl
libwebp (1.3.2 -> 1.4.0)
mozilla-nss (3.102.1 -> 3.103)
openssl-3
osinfo-db
power-profiles-daemon (0.21 -> 0.22)
procps
selinux-policy
xen
xfsprogs (6.9.0 -> 6.10.1)
xxhash
zxing-cpp (2.1.0 -> 2.2.1)
=== Details ===
==== SDL2 ====
Version update (2.30.6 -> 2.30.7)
- Update to release 2.30.7
* Added support for the Retro-bit Controller in PS3 mode
* Fixed the cursor becoming visible when using relative mode
under XWayland
* Fixed Direct Rendering Manager initialization failure on some
Linux systems
* Fixed a crash when the current mouse capture window is
destroyed
==== gnome-autoar ====
Version update (0.4.4 -> 0.4.5)
- Update to version 0.4.5:
+ mime-types: Add tar variant of bzip2
+ extractor: Fix source string leak
==== gnutls ====
Version update (3.8.6 -> 3.8.7)
- Update to 3.8.7:
* libgnutls: New configure option to compile out DSA support
The --disable-dsa configure option has been added to completely
disable DSA algorithm support.
* libgnutls: Experimental support for X25519Kyber768Draft00 key
exchange in TLS. For testing purposes, the hybrid post-quantum
key exchange defined in draft-tls-westerbaan-xyber768d00 has been
implemented using liboqs. Since the algorithm is still not finalized,
the support of this key exchange is disabled by default and can be
enabled with the --with-liboqs configure option.
* Rebase patches:
- gnutls-FIPS-140-3-references.patch
- gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
==== kernel-firmware ====
Version update (20240826 -> 20240903)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd
- Update to version 20240903 (git commit 96af55bd3d0b):
* amdgpu: Revert sienna cichlid dmcub firmware update (bsc#1230007)
* iwlwifi: add Bz FW for core89-58 release
* rtl_nic: add firmware rtl8126a-3
* linux-firmware: update firmware for MT7921 WiFi device
* linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
- Update to version 20240830 (git commit d6c600d46981):
* amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351
* qcom: vpu: restore compatibility with kernels before 6.6
==== kwalletmanager ====
- Add upstream fix (kde#492138):
* 0001-Fix-service-file-name.patch
==== libjxl ====
- Update libjxl.spec:
Add compiler condition to fix SLE-15-SP7 ppc64le build env.
(bsc#1229831)
==== libwebp ====
Version update (1.3.2 -> 1.4.0)
Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3
- Update to 1.4.0 & fix libwebp.changes header from previous commit:
* further security related hardening in libwebp & examples
* some minor optimizations in the lossless encoder
* added WEBP_NODISCARD to report unused result warnings; enable with
- DWEBP_ENABLE_NODISCARD=1
* improvements and corrections in webp-container-spec.txt and
webp-lossless-bitstream-spec.txt (#611)
* miscellaneous warning, bug & build fixes
- Remove 0001-Fix-invalid-incremental-decoding-check.patch
==== mozilla-nss ====
Version update (3.102.1 -> 3.103)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs
- update to NSS 3.103
* bmo#1908623 - move list size check after lock acquisition in sftk_PutObjectToList.
* bmo#1899542: Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH,
* bmo#1909638 - Follow-up to fix test for presence of file nspr.patch.
* bmo#1903783: Adjust libFuzzer size limits
* bmo#1899542: Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk
* bmo#1899542: Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION
- Add nss-reproducible-builds.patch to make the rpms reproducible,
by using a hardcoded, static key to generate the checksums (*.chk-files)
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
==== openssl-3 ====
Subpackages: libopenssl3
- Security fix: [bsc#1229465, CVE-2024-6119]
* possible denial of service in X.509 name checks
* openssl-CVE-2024-6119.patch
==== osinfo-db ====
- Add support for openSUSE Leap 15.7 (jsc#PED-8910)
add-opensuse-leap-15.7-support.patch
- Add support for SLE-15-SP7 (jsc#PED-8910)
add-sle15sp7-support.patch
==== power-profiles-daemon ====
Version update (0.21 -> 0.22)
- Update to version 0.22:
* power-profiles-daemon is now battery-level aware:
some drivers use this value for better optimizations
* AMD p-state improvements:
+ supports core performance boost when not in power-saver mode
+ uses minimum frequency to lowest non-linear frequency
+ more impervious to faulty firmware and kernel bugs
* support for changing DPM clocks on amdgpu:
explicitly set the DPM clocks down to "low" when in
power-saver mode
* powerprofilesctl can disable logind and upower integration
* fix handling of turbo_pct, now assumed as not present
by default
* power-profiles-daemon.service further lockdown restrictions
* start power-profiles-daemon.service after
multi-user.target AND display-manager.target
to avoid conflicts with module loading
==== procps ====
Subpackages: libproc2-0
- procps-ng-4.0.4-idletime-no-tty.patch: don't print idle time without tty
- procps-ng-4.0.4-w-array-bounds.patch: fix array bounds violation
==== selinux-policy ====
Subpackages: selinux-policy-targeted
- Fix macros.selinux-policy (bsc#1229132)
- %selinux_modules_install and %selinux_modules_uninstall will
now only execute load_policy if $TRANSACTIONAL_UPDATE is not set
(aka only if they are not in a transactional system)
- $TRANSACTIONAL_UPDATE is set here:
https://github.com/openSUSE/transactional-update/blob/bd524d3ddfcd9aeebb7b9…
==== xen ====
- Fix build on aarch64 with gcc14 (bsc#1225953)
66d02b69-Arm64-adjust-irq_to_desc-to-fix-build-with-gcc14.patch
==== xfsprogs ====
Version update (6.9.0 -> 6.10.1)
- update to 6.10.1
- fix C++ compilation errors in xfs_fs.h
- ------------------------------------------------------------------
- update to 6.10.0
- debian: enable xfs_scrub_all systemd timer services by default
- mkfs: set autofsck filesystem property
- xfs_scrub: use the autofsck fsproperty to select mode
- xfs_scrub: allow sysadmin to control background scrubs
- xfs_property: add a new tool to administer fs properties
- xfs_db: add a command to list xattrs
- xfs_db: improve getting and setting extended attributes
- xfs_io: edit filesystem properties
- xfs_scrub: defer phase5 file scans if dirloop fails
- xfs_repair: wipe ondisk parent pointers when there are none
- xfs_scrub: detect and repair directory tree corruptions
- xfs_repair: update ondisk parent pointer records
- xfs_spaceman: report directory tree corruption in the health information
- xfsprogs: support vectored scrub
- man: document vectored scrub mode
- man2: update ioctl_xfs_scrub_metadata.2 for parent pointers
- mkfs: enable formatting with parent pointers
- mkfs: Add parent pointers during protofile creation
- xfs_repair: check parent pointers
- xfs_db: compute hashes of parent pointers
- xfs_db: add link and unlink expert commands
- xfs_repair: build a parent pointer index
- xfs_db: add a parents command to list the parents of a file
- xfs_db: obfuscate dirent and parent pointer names consistently
- xfs_db: report parent pointers embedded in xattrs
- xfs_db: report parent bit on xattrs
- xfs_db: report parent pointers in version command
- xfs_scrub: use parent pointers to report lost file data
- xfs_scrub: use parent pointers when possible to report file operations
- xfs_logprint: decode parent pointers in ATTRI items fully
- xfs_io: Add i, n and f flags to parent command
- xfs_io: adapt parent command to new parent pointer ioctls
- libfrog: report parent pointers to userspace
- libfrog: add parent pointer support code
- man: document the XFS_IOC_GETPARENTS ioctl
- xfs_logprint: dump new attr log item fields
- xfs_scrub_all: failure reporting for the xfs_scrub_all job
- xfs_repair: check free space requirements before allowing upgrades
- xfs_scrub_all: convert systemctl calls to dbus
- xfs_scrub_all: trigger automatic media scans once per month
- xfs_scrub: add an optimization-only mode
- xfs_scrub_all: add CLI option for easier debugging
- xfs_scrub_all: enable periodic file data scrubs automatically
- xfs_scrub: automatic downgrades to dry-run mode in service mode
- xfs_scrub_all: support metadata+media scans of all filesystems
- xfs_scrub_all: fail fast on masked units
- xfs_scrub_all: remove journalctl background process
- xfs_scrub_all: only use the xfs_scrub@ systemd services in service mode
- xfs_scrub: tune fstrim minlen parameter based on free space histograms
- xfs_scrub: improve responsiveness while trimming the filesystem
- xfs_scrub: tighten up the security on the background systemd service
- xfs_scrub: don't call FITRIM after runtime errors
- xfs_scrub: use dynamic users when running as a systemd service
- xfs_scrub: report FITRIM errors properly
- xfs_scrub.service: reduce background CPU usage to less than one core if possible
- xfs_scrub: don't close stdout when closing the progress bar
- xfs_scrub: fix the work estimation for phase 8
- libfrog: print cdf of free space buckets
- libfrog: print wider columns for free space histogram
- xfs_scrub: ignore phase 8 if the user disabled fstrim
- xfs_scrub: move FITRIM to phase 8
- xfs_scrub: improve thread scheduling repair items during phase 4
- xfs_scrub: avoid potential UAF after freeing a duplicate name entry
- xfs_scrub: enable users to bump information messages to warnings
- xfs_scrub: retry incomplete repairs
- xfs_scrub: warn about difficult repairs to rt and quota metadata
- xfs_scrub: any inconsistency in metadata should trigger difficulty warnings
- mkfs: add a formatting option for exchange-range
- xfs_repair: add exchange-range to file systems
- xfs_scrub: fix missing scrub coverage for broken inodes
- xfs_scrub: log when a repair was unnecessary
- libfrog: advertise exchange-range support
- xfs_io: create exchangerange command to test file range exchange ioctl
- xfs_fsr: skip the xattr/forkoff levering with the newer swapext implementations
- xfs_fsr: convert to bulkstat v5 ioctls
- xfs_logprint: support dumping exchmaps log items
- xfs_db: advertise exchange-range in the version command
- libfrog: add support for exchange range ioctl family
- libhandle: add support for bulkstat v5
- man: document XFS_FSOP_GEOM_FLAGS_EXCHRANGE
- man: document the exchange-range ioctl
- xfs_repair: don't crash on -vv
- xfsprogs: Remove support for split-/usr installs
- libxfs: kernel sync
- ------------------------------------------------------------------
==== xxhash ====
- Add inline.patch to resolve FTBFS on gcc-14 + -Og.
==== zxing-cpp ====
Version update (2.1.0 -> 2.2.1)
- Update to 2.2.1. Changes:
* Fix ABI breakage from 2.2.0.
- Changes from 2.2.0:
* Rename DecodeHints to ReaderOptions. The old name is still available for
backward API compatibility but deprecated. Since the C-API and the Qt
wrapper code are not officially part of the library, they changed without
backward compatibility.
* WASM: bytes in ReadResult.
* DataMatrix: use charset for encoding.
* QRCode: Support QR Code Model1.
* rMQR Code: Support Rectangular Micro QR Code.
- Refresh patch:
* cmake.patch
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240903 -> 20240904)
ima-evm-utils (1.6 -> 1.6.2)
libavif (1.0.4 -> 1.1.1)
libfido2 (1.14.0 -> 1.15.0)
live555 (2024.06.26 -> 2024.08.01)
raspberrypi-firmware (2024.03.27 -> 2024.08.30)
raspberrypi-firmware-config (2024.03.27 -> 2024.08.30)
runc (1.2.0~rc2 -> 1.2.0~rc3)
rust-keylime (0.2.6~0 -> 0.2.6+13)
sdbootutil (1+git20240830.7f696c8 -> 1+git20240903.81f1f40)
zlib-ng-compat (2.1.6 -> 2.2.1)
=== Details ===
==== MicroOS-release ====
Version update (20240903 -> 20240904)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== ima-evm-utils ====
Version update (1.6 -> 1.6.2)
Subpackages: evmctl libimaevm5
- Update to version 1.6.2
https://github.com/linux-integrity/ima-evm-utils/blob/v1.6.2/NEWS
- Remove LicenseRef-GPL-2.0-with-openssl-exception (no need due relicensing of
OpenSSL 3 or later to the Apache 2 license
https://github.com/linux-integrity/ima-evm-utils/commit/4a4c762c8e3cbbff5f4… )
- Upstream added COPYING (again) and COPYING.LGPL (new), add them to %license.
==== libavif ====
Version update (1.0.4 -> 1.1.1)
- update to 1.1.1:
* In avif.h, change "AVIF_API AVIF_NODISCARD" back to
"AVIF_NODISCARD AVIF_API" to fix clang-cl and MSVC compilation
errors in the shared library build on Windows.
* Fix -DAVIF_GTEST=SYSTEM
* Fix infe_type and codec_config_type wrongly read as byte-
aligned fields in the
* experimental feature AVIF_ENABLE_EXPERIMENTAL_METAV1.
* When building aom as a local dependency, runtime CPU
detection (`CONFIG_RUNTIME_CPU_DETECT`) is now always `ON`;
* Fix CMake config shared library leaks
* Update gain map metadata to current ISO 21496-1 draft.
* cmake: Only search for ASM_NASM language on x86_64 platforms.
* Fix "No known features for CXX compiler" CMake error.
* Fix aom link flags so that transitive library link flags are
included when aom is a static library
* Fix out-of-order 'dimg' grid associations
* Report files with an item used in multiple 'dimg' boxes with
* AVIF_RESULT_NOT_IMPLEMENTED instead of
AVIF_RESULT_INVALID_IMAGE_GRID.
* Add experimental API for reading and writing gain maps in
AVIF files.
* If enabled at compile time, add `gainMap` field to
`avifImage`,
* add `qualityGainMap` field to `avifEncoder`, add
`gainMapPresent`, `enableDecodingGainMap`,
`enableParsingGainMapMetadata` and `ignoreColorAndAlpha` to
`avifDecoder`.
* Utility functions for working with gain maps are also added.
* Gain maps allow readers that support them to display HDR
images that look good on both HDR and SDR displays.
* Add experimental support for converting jpeg files with gain
maps to AVIF files with gain maps. Requires libxml2, and the
AVIF_ENABLE_EXPERIMENTAL_GAIN_MAP compilation flag.
* Add a --qgain-map flag to control the gain map quality in
avifenc.
* Add the headerFormat member of new type avifHeaderFormat to
avifEncoder.
* Add experimental API for reading and writing "mif3"-branded
AVIF files behind the compilation flag
AVIF_ENABLE_EXPERIMENTAL_METAV1.
* Implement avifImageScale() fallback when libyuv is not
available.
* Partial import of libyuv to third_party/libyuv (new LICENSE).
* Add avifenc flag suffixes ":update" and ":u". Quality-
relative, tiling-relative and codec-specific flags can now be
positional, relative to input files.
* Add experimental support for layered AVIF encoding in
avifenc.
* Use the --layered flag to enable layered AVIF encoding.
* Layered AVIF has multiple layers, which works like frame of
animated AVIF, and layers can be rendered in progressive
manner on supported viewers
* Only aom supports layered AVIF encoding at the time of
writing.
* Add --scaling-mode flag to set scaling mode of each layer.
* This part of AV1 encoder is not as thoroughly tested, so
there are higher possibility encoder may crash when given certain
configuration or input.
* Add imageSequenceTrackPresent flag to the avifDecoder struct.
* avifImageScale() function was made part of the public ABI.
* Add avif_cxx.h as a C++ header with basic functionality.
* Add enum aliases AVIF_COLOR_PRIMARIES_SRGB,
AVIF_COLOR_PRIMARIES_BT2100,
* AVIF_COLOR_PRIMARIES_DCI_P3,
AVIF_TRANSFER_CHARACTERISTICS_PQ.
* Add avifResult enum entry AVIF_RESULT_INTERNAL_ERROR.
* Require libyuv by default (but it can still be disabled with
* -DAVIF_LIBYUV=OFF).
* Add avifdec --icc flag to override the output color profile.
* Add experimental API for reading and writing 16-bit AVIF
files behind the
* compilation flag AVIF_ENABLE_EXPERIMENTAL_SAMPLE_TRANSFORM.
* Add AVIF_CHROMA_SAMPLE_POSITION_RESERVED to
avifChromaSamplePosition enum.
==== libfido2 ====
Version update (1.14.0 -> 1.15.0)
- update to 1.15.0:
* bio, credman: improved CTAP 2.1 support.
* hid_osx: fix issue where fido_hid_read() may block
unnecessarily; gh#757.
* fido2-token -I: print maxcredbloblen.
* hid_linux: improved support for uhid devices.
* New API calls:
- fido_cred_set_attobj;
- fido_cred_x5c_list_count;
- fido_cred_x5c_list_len;
- fido_cred_x5c_list_ptr.
==== live555 ====
Version update (2024.06.26 -> 2024.08.01)
Subpackages: libBasicUsageEnvironment2 libUsageEnvironment3 libgroupsock30 libliveMedia112
- update to 2024-08-01:
* Updated "ServerMediaSession::generateSDPDescription()" to
treat "time_t" as (long long).
==== raspberrypi-firmware ====
Version update (2024.03.27 -> 2024.08.30)
- Update to bf12222 (2024-08-30):
* firmware: arm_dt: Delay power property handling
* firmware: AI Camera Support
* firmware: video_encode: Add colourspace support
See: #1885
* firmware: arm_loader: SET_POWER_STATE should only consider bit 0
See: #1905
* firmware: filesystem: Prevent any sdcard modifications
See: #1893
* firmware: filesystem: Accept 0xf (W95 Ext) as an extended partition type
* firmware: arm_dt: Support HAT EEPROM dtparams
* firmware: arm_display: Add support for changing the pixel order via the mailbox
See: #1320
* firmware: di_fast: Avoid green line at bottom of image
See: https://forum.libreelec.tv/thread/28367-green-pulsing-line-rpi4
* firmware: arm_dt: On 2711, force otg_mode=1 if xhci is enabled
See: raspberrypi/linux#6062
* firmware: arm_dt: Improve power HAT+ support
* firmware: arm_loader: Add user otp read and write functions
See: raspberrypi/linux#6014
* firmware: dtoverlay: Use %u when converting u32s to strings
See: raspberrypi/linux#6039
* firmware: video_decode: CONFIGCHANGED not wanted with lack of aspect ratio in new frame
See: https://forum.libreelec.tv/thread/28391-cvideoplayeraudio-process-stream-st…
==== raspberrypi-firmware-config ====
Version update (2024.03.27 -> 2024.08.30)
- Update to bf12222 (2024-08-30):
* firmware: arm_dt: Delay power property handling
* firmware: AI Camera Support
* firmware: video_encode: Add colourspace support
See: #1885
* firmware: arm_loader: SET_POWER_STATE should only consider bit 0
See: #1905
* firmware: filesystem: Prevent any sdcard modifications
See: #1893
* firmware: filesystem: Accept 0xf (W95 Ext) as an extended partition type
* firmware: arm_dt: Support HAT EEPROM dtparams
* firmware: arm_display: Add support for changing the pixel order via the mailbox
See: #1320
* firmware: di_fast: Avoid green line at bottom of image
See: https://forum.libreelec.tv/thread/28367-green-pulsing-line-rpi4
* firmware: arm_dt: On 2711, force otg_mode=1 if xhci is enabled
See: raspberrypi/linux#6062
* firmware: arm_dt: Improve power HAT+ support
* firmware: arm_loader: Add user otp read and write functions
See: raspberrypi/linux#6014
* firmware: dtoverlay: Use %u when converting u32s to strings
See: raspberrypi/linux#6039
* firmware: video_decode: CONFIGCHANGED not wanted with lack of aspect ratio in new frame
See: https://forum.libreelec.tv/thread/28391-cvideoplayeraudio-process-stream-st…
==== runc ====
Version update (1.2.0~rc2 -> 1.2.0~rc3)
- Update to runc v1.2.0~rc3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.0-rc.3>.
Includes the patch for CVE-2024-45310.
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.14. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.14>.
Includes the patch for CVE-2024-45310.
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
* 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.13. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.12>.
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- Backport <https://github.com/opencontainers/runc/pull/3931> to fix a
performance issue when running lots of containers, caused by systemd getting
too many mount notifications. bsc#1214960
+ 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
==== rust-keylime ====
Version update (0.2.6~0 -> 0.2.6+13)
- Update vendored crates (bsc#1229952, bsc#1230029)
* rustix 0.37.25
* rustix 0.38.34
* shlex 1.3.0
- Update to version 0.2.6+13:
* Enable test functional/iak-idevid-persisted-and-protected
* build(deps): bump uuid from 1.7.0 to 1.10.0
* build(deps): bump openssl from 0.10.64 to 0.10.66
* keylime-agent/src/revocation: Fix comment indentation
* keylime/crypto: Fix indentation of documentation comment
* build(deps): bump thiserror from 1.0.59 to 1.0.63
* build(deps): bump serde_json from 1.0.116 to 1.0.120
* dependabot: Extend to also monitor workflow actions
* ci: Disable Packit CI on CentOS Stream 9
* ci: use CODECOV_TOKEN when submitting coverage data
* revocation: Use into() for unfallible transformation
* secure_mount: Fix possible infinite loop
* error: Rename enum variants to avoid clippy warning
==== sdbootutil ====
Version update (1+git20240830.7f696c8 -> 1+git20240903.81f1f40)
Subpackages: sdbootutil-snapper sdbootutil-tukit
- Update to version 1+git20240903.81f1f40:
* Generate new predictions for update_all_entries
* Use raw option in jq update all entries
==== zlib-ng-compat ====
Version update (2.1.6 -> 2.2.1)
- Update to 2.2.1:
* Changelog at https://github.com/zlib-ng/zlib-ng/releases/tag/2.2.1
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240903 -> 20240904)
ima-evm-utils (1.6 -> 1.6.2)
libavif (1.0.4 -> 1.1.1)
libfido2 (1.14.0 -> 1.15.0)
live555 (2024.06.26 -> 2024.08.01)
runc (1.2.0~rc2 -> 1.2.0~rc3)
rust-keylime (0.2.6~0 -> 0.2.6+13)
sdbootutil (1+git20240830.7f696c8 -> 1+git20240903.81f1f40)
zlib-ng-compat (2.1.6 -> 2.2.1)
=== Details ===
==== MicroOS-release ====
Version update (20240903 -> 20240904)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== ima-evm-utils ====
Version update (1.6 -> 1.6.2)
Subpackages: evmctl libimaevm5
- Update to version 1.6.2
https://github.com/linux-integrity/ima-evm-utils/blob/v1.6.2/NEWS
- Remove LicenseRef-GPL-2.0-with-openssl-exception (no need due relicensing of
OpenSSL 3 or later to the Apache 2 license
https://github.com/linux-integrity/ima-evm-utils/commit/4a4c762c8e3cbbff5f4… )
- Upstream added COPYING (again) and COPYING.LGPL (new), add them to %license.
==== libavif ====
Version update (1.0.4 -> 1.1.1)
- update to 1.1.1:
* In avif.h, change "AVIF_API AVIF_NODISCARD" back to
"AVIF_NODISCARD AVIF_API" to fix clang-cl and MSVC compilation
errors in the shared library build on Windows.
* Fix -DAVIF_GTEST=SYSTEM
* Fix infe_type and codec_config_type wrongly read as byte-
aligned fields in the
* experimental feature AVIF_ENABLE_EXPERIMENTAL_METAV1.
* When building aom as a local dependency, runtime CPU
detection (`CONFIG_RUNTIME_CPU_DETECT`) is now always `ON`;
* Fix CMake config shared library leaks
* Update gain map metadata to current ISO 21496-1 draft.
* cmake: Only search for ASM_NASM language on x86_64 platforms.
* Fix "No known features for CXX compiler" CMake error.
* Fix aom link flags so that transitive library link flags are
included when aom is a static library
* Fix out-of-order 'dimg' grid associations
* Report files with an item used in multiple 'dimg' boxes with
* AVIF_RESULT_NOT_IMPLEMENTED instead of
AVIF_RESULT_INVALID_IMAGE_GRID.
* Add experimental API for reading and writing gain maps in
AVIF files.
* If enabled at compile time, add `gainMap` field to
`avifImage`,
* add `qualityGainMap` field to `avifEncoder`, add
`gainMapPresent`, `enableDecodingGainMap`,
`enableParsingGainMapMetadata` and `ignoreColorAndAlpha` to
`avifDecoder`.
* Utility functions for working with gain maps are also added.
* Gain maps allow readers that support them to display HDR
images that look good on both HDR and SDR displays.
* Add experimental support for converting jpeg files with gain
maps to AVIF files with gain maps. Requires libxml2, and the
AVIF_ENABLE_EXPERIMENTAL_GAIN_MAP compilation flag.
* Add a --qgain-map flag to control the gain map quality in
avifenc.
* Add the headerFormat member of new type avifHeaderFormat to
avifEncoder.
* Add experimental API for reading and writing "mif3"-branded
AVIF files behind the compilation flag
AVIF_ENABLE_EXPERIMENTAL_METAV1.
* Implement avifImageScale() fallback when libyuv is not
available.
* Partial import of libyuv to third_party/libyuv (new LICENSE).
* Add avifenc flag suffixes ":update" and ":u". Quality-
relative, tiling-relative and codec-specific flags can now be
positional, relative to input files.
* Add experimental support for layered AVIF encoding in
avifenc.
* Use the --layered flag to enable layered AVIF encoding.
* Layered AVIF has multiple layers, which works like frame of
animated AVIF, and layers can be rendered in progressive
manner on supported viewers
* Only aom supports layered AVIF encoding at the time of
writing.
* Add --scaling-mode flag to set scaling mode of each layer.
* This part of AV1 encoder is not as thoroughly tested, so
there are higher possibility encoder may crash when given certain
configuration or input.
* Add imageSequenceTrackPresent flag to the avifDecoder struct.
* avifImageScale() function was made part of the public ABI.
* Add avif_cxx.h as a C++ header with basic functionality.
* Add enum aliases AVIF_COLOR_PRIMARIES_SRGB,
AVIF_COLOR_PRIMARIES_BT2100,
* AVIF_COLOR_PRIMARIES_DCI_P3,
AVIF_TRANSFER_CHARACTERISTICS_PQ.
* Add avifResult enum entry AVIF_RESULT_INTERNAL_ERROR.
* Require libyuv by default (but it can still be disabled with
* -DAVIF_LIBYUV=OFF).
* Add avifdec --icc flag to override the output color profile.
* Add experimental API for reading and writing 16-bit AVIF
files behind the
* compilation flag AVIF_ENABLE_EXPERIMENTAL_SAMPLE_TRANSFORM.
* Add AVIF_CHROMA_SAMPLE_POSITION_RESERVED to
avifChromaSamplePosition enum.
==== libfido2 ====
Version update (1.14.0 -> 1.15.0)
- update to 1.15.0:
* bio, credman: improved CTAP 2.1 support.
* hid_osx: fix issue where fido_hid_read() may block
unnecessarily; gh#757.
* fido2-token -I: print maxcredbloblen.
* hid_linux: improved support for uhid devices.
* New API calls:
- fido_cred_set_attobj;
- fido_cred_x5c_list_count;
- fido_cred_x5c_list_len;
- fido_cred_x5c_list_ptr.
==== live555 ====
Version update (2024.06.26 -> 2024.08.01)
Subpackages: libBasicUsageEnvironment2 libUsageEnvironment3 libgroupsock30 libliveMedia112
- update to 2024-08-01:
* Updated "ServerMediaSession::generateSDPDescription()" to
treat "time_t" as (long long).
==== runc ====
Version update (1.2.0~rc2 -> 1.2.0~rc3)
- Update to runc v1.2.0~rc3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.0-rc.3>.
Includes the patch for CVE-2024-45310.
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.14. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.14>.
Includes the patch for CVE-2024-45310.
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
* 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.13. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.12>.
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- Backport <https://github.com/opencontainers/runc/pull/3931> to fix a
performance issue when running lots of containers, caused by systemd getting
too many mount notifications. bsc#1214960
+ 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
==== rust-keylime ====
Version update (0.2.6~0 -> 0.2.6+13)
- Update vendored crates (bsc#1229952, bsc#1230029)
* rustix 0.37.25
* rustix 0.38.34
* shlex 1.3.0
- Update to version 0.2.6+13:
* Enable test functional/iak-idevid-persisted-and-protected
* build(deps): bump uuid from 1.7.0 to 1.10.0
* build(deps): bump openssl from 0.10.64 to 0.10.66
* keylime-agent/src/revocation: Fix comment indentation
* keylime/crypto: Fix indentation of documentation comment
* build(deps): bump thiserror from 1.0.59 to 1.0.63
* build(deps): bump serde_json from 1.0.116 to 1.0.120
* dependabot: Extend to also monitor workflow actions
* ci: Disable Packit CI on CentOS Stream 9
* ci: use CODECOV_TOKEN when submitting coverage data
* revocation: Use into() for unfallible transformation
* secure_mount: Fix possible infinite loop
* error: Rename enum variants to avoid clippy warning
==== sdbootutil ====
Version update (1+git20240830.7f696c8 -> 1+git20240903.81f1f40)
Subpackages: sdbootutil-snapper sdbootutil-tukit
- Update to version 1+git20240903.81f1f40:
* Generate new predictions for update_all_entries
* Use raw option in jq update all entries
==== zlib-ng-compat ====
Version update (2.1.6 -> 2.2.1)
- Update to 2.2.1:
* Changelog at https://github.com/zlib-ng/zlib-ng/releases/tag/2.2.1
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240902 -> 20240903)
ffmpeg-6
google-noto-fonts (20240801 -> 20240901)
libjpeg-turbo
python-alembic (1.13.1 -> 1.13.2)
python-cffi (1.16.0 -> 1.17.0)
selinux-policy (20240830 -> 20240903)
u-boot-rpiarm64 (2024.04 -> 2024.07)
xmlsec1 (1.2.40 -> 1.2.41)
=== Details ===
==== MicroOS-release ====
Version update (20240902 -> 20240903)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== ffmpeg-6 ====
Subpackages: libavcodec60 libavfilter9 libavformat60 libavutil58 libpostproc57 libswresample4 libswscale7
- Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
[boo#1229338]
==== google-noto-fonts ====
Version update (20240801 -> 20240901)
Subpackages: google-noto-sans-fonts google-noto-sans-math-fonts
- Update to 20240901
* Various updates to fonts
==== libjpeg-turbo ====
- update to 3.0.3:
* The x86-64 SIMD extensions now include support for Intel
Control-flow Enforcement Technology (CET), which is enabled
automatically if CET is enabled in the C compiler.
* Fixed a regression introduced by 3.0 beta2[6] that made it
impossible for calling applications to supply custom Huffman
tables when generating 12-bit-per-component lossy JPEG images
using the libjpeg API.
* Fixed a segfault that occurred when attempting to use the
jpegtran `-drop` option with a specially-crafted malformed
input image or drop image (specifically an image in which all
of the scans contain fewer components than the number of
components specified in the Start Of Frame segment.)
==== python-alembic ====
Version update (1.13.1 -> 1.13.2)
- update to 1.31.2:
* Improve computed column compare function to support multi-line
expressions. Pull request courtesy of Georg Wicke-Arndt.
* Fixed bug in alembic command stdout where long messages were
not properly wrapping at the terminal width. Pull request
courtesy Saif Hakim.
* Fixed internal issue where Alembic would call
connection.execute() sending an empty tuple to indicate
âno paramsâ. In SQLAlchemy 2.1 this case will be deprecated as
âempty sequenceâ is ambiguous as to its intent.
* Fixes to support pytest 8.1 for the test suite.
* Fixed the detection of serial column in autogenerate with
tables not under default schema on PostgreSQL.
- Drop pytest8.patch as it has merged upstream and included
in the 1.31.2 release.
==== python-cffi ====
Version update (1.16.0 -> 1.17.0)
- update to 1.17.0:
* Add support for Python 3.13.
* In API mode, when you get a function from a C library by writing
`fn = lib.myfunc`, you get an object of a special type for
performance reasons, instead of a `<cdata 'C-function-type'>`.
Before version 1.17 you could only call such objects.
You could write `ffi.addressof(lib, "myfunc")` in order to get
a real `<cdata>` object, based on the idea that in these cases
in C you'd usually write `&myfunc` instead of `myfunc`. In
version 1.17, the special object `lib.myfunc` can now be passed
in many places where CFFI expects
a regular `<cdata>` object. For example, you can now pass
it as a callback to a C function call, or write it inside a C
structure field of the correct pointer-to-function type, or use
`ffi.cast()` or `ffi.typeof()` on it.
- drop py313-compat.patch, py313-use-format-unraisable.patch,
py313-use-hashpointer.patch (upstream)
==== selinux-policy ====
Version update (20240830 -> 20240903)
Subpackages: selinux-policy-targeted
- Update to version 20240903:
* allow sshd_t and sshd_net_t access to ssh vsockets (bsc#1228831)
- Update to version 20240902:
* Allow xen to use qemu as dom0 disk backend (bsc#1228540)
* Label /var/lib/xen/xenstore as xenstored_var_lib_t (bsc#1228540)
* Allow xl to access hypercall interfaces to xen hypervisor (bsc#1228540)
==== u-boot-rpiarm64 ====
Version update (2024.04 -> 2024.07)
Subpackages: u-boot-rpiarm64-doc
- Update to 2024.07:
* Full changelog available at:
https://source.denx.de/u-boot/u-boot/-/compare/v2024.04...v2024.07
==== xmlsec1 ====
Version update (1.2.40 -> 1.2.41)
Subpackages: libxmlsec1-1 libxmlsec1-openssl1
- Update to 1.2.41:
* (xmlsec-mscng,xmlsec-mscrypto) Improved certificates verification.
* (xmlsec-gnutls) Added support for self-signed certificates.
* (xmlsec-core) Fix deprecated functions in LibXML2 2.13.1
including disabling HTTP support by default
(use '--enable-http' option to re-enable it).
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MicroOS-release (20240902 -> 20240903)
ffmpeg-6
google-noto-fonts (20240801 -> 20240901)
libjpeg-turbo
python-alembic (1.13.1 -> 1.13.2)
python-cffi (1.16.0 -> 1.17.0)
selinux-policy (20240830 -> 20240903)
xmlsec1 (1.2.40 -> 1.2.41)
=== Details ===
==== MicroOS-release ====
Version update (20240902 -> 20240903)
Subpackages: MicroOS-release-appliance MicroOS-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== ffmpeg-6 ====
Subpackages: libavcodec60 libavfilter9 libavformat60 libavutil58 libpostproc57 libswresample4 libswscale7
- Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
[boo#1229338]
==== google-noto-fonts ====
Version update (20240801 -> 20240901)
Subpackages: google-noto-sans-fonts google-noto-sans-math-fonts
- Update to 20240901
* Various updates to fonts
==== libjpeg-turbo ====
- update to 3.0.3:
* The x86-64 SIMD extensions now include support for Intel
Control-flow Enforcement Technology (CET), which is enabled
automatically if CET is enabled in the C compiler.
* Fixed a regression introduced by 3.0 beta2[6] that made it
impossible for calling applications to supply custom Huffman
tables when generating 12-bit-per-component lossy JPEG images
using the libjpeg API.
* Fixed a segfault that occurred when attempting to use the
jpegtran `-drop` option with a specially-crafted malformed
input image or drop image (specifically an image in which all
of the scans contain fewer components than the number of
components specified in the Start Of Frame segment.)
==== python-alembic ====
Version update (1.13.1 -> 1.13.2)
- update to 1.31.2:
* Improve computed column compare function to support multi-line
expressions. Pull request courtesy of Georg Wicke-Arndt.
* Fixed bug in alembic command stdout where long messages were
not properly wrapping at the terminal width. Pull request
courtesy Saif Hakim.
* Fixed internal issue where Alembic would call
connection.execute() sending an empty tuple to indicate
âno paramsâ. In SQLAlchemy 2.1 this case will be deprecated as
âempty sequenceâ is ambiguous as to its intent.
* Fixes to support pytest 8.1 for the test suite.
* Fixed the detection of serial column in autogenerate with
tables not under default schema on PostgreSQL.
- Drop pytest8.patch as it has merged upstream and included
in the 1.31.2 release.
==== python-cffi ====
Version update (1.16.0 -> 1.17.0)
- update to 1.17.0:
* Add support for Python 3.13.
* In API mode, when you get a function from a C library by writing
`fn = lib.myfunc`, you get an object of a special type for
performance reasons, instead of a `<cdata 'C-function-type'>`.
Before version 1.17 you could only call such objects.
You could write `ffi.addressof(lib, "myfunc")` in order to get
a real `<cdata>` object, based on the idea that in these cases
in C you'd usually write `&myfunc` instead of `myfunc`. In
version 1.17, the special object `lib.myfunc` can now be passed
in many places where CFFI expects
a regular `<cdata>` object. For example, you can now pass
it as a callback to a C function call, or write it inside a C
structure field of the correct pointer-to-function type, or use
`ffi.cast()` or `ffi.typeof()` on it.
- drop py313-compat.patch, py313-use-format-unraisable.patch,
py313-use-hashpointer.patch (upstream)
==== selinux-policy ====
Version update (20240830 -> 20240903)
Subpackages: selinux-policy-targeted
- Update to version 20240903:
* allow sshd_t and sshd_net_t access to ssh vsockets (bsc#1228831)
- Update to version 20240902:
* Allow xen to use qemu as dom0 disk backend (bsc#1228540)
* Label /var/lib/xen/xenstore as xenstored_var_lib_t (bsc#1228540)
* Allow xl to access hypercall interfaces to xen hypervisor (bsc#1228540)
==== xmlsec1 ====
Version update (1.2.40 -> 1.2.41)
Subpackages: libxmlsec1-1 libxmlsec1-openssl1
- Update to 1.2.41:
* (xmlsec-mscng,xmlsec-mscrypto) Improved certificates verification.
* (xmlsec-gnutls) Added support for self-signed certificates.
* (xmlsec-core) Fix deprecated functions in LibXML2 2.13.1
including disabling HTTP support by default
(use '--enable-http' option to re-enable it).
1
0