New ARM MicroOS snapshot 20240407 released!

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version=Tumbleweed&build=20240407 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa Mesa-drivers MicroOS-release (20240402 -> 20240407) MozillaFirefox (124.0.1 -> 124.0.2) aaa_base (84.87+git20240202.9526d46 -> 84.87+git20240402.16596d1) apparmor avahi avahi-glib2 bash bubblewrap (0.8.0 -> 0.9.0) c-ares (1.27.0 -> 1.28.1) colord coreutils (9.4 -> 9.5) coreutils-systemd (9.4 -> 9.5) cpio evince fwupd gobject-introspection (1.80.0 -> 1.80.1) gtk4 (4.14.1 -> 4.14.2) harfbuzz (8.3.0 -> 8.4.0) installation-images-MicroOS (17.117 -> 17.120) inxi (3.3.33 -> 3.3.33+3) kate kdsoap-qt6 (2.1.1 -> 2.2.0) kernel-firmware kernel-source (6.8.1 -> 6.8.4) kirigami-addons6 (1.0.1 -> 1.1.0) kmod (31 -> 32) krb5 libapparmor libbpf (1.3.0 -> 1.4.0) libcanberra libdeflate (1.19 -> 1.20) libdnf (0.73.0 -> 0.73.1) libproxy-backend (0.5.3 -> 0.5.4) libproxy-client (0.5.3 -> 0.5.4) libsrtp2 (2.5.0 -> 2.6.0) libssh2_org liburing (2.4 -> 2.5) libuv (1.47.0 -> 1.48.0) libzypp (17.32.0 -> 17.32.2) llvm18 (18.1.2 -> 18.1.3) mpg123 (1.32.5 -> 1.32.6) nghttp2 (1.60.0 -> 1.61.0) openssh orca (46.0 -> 46.1) pango plasma6-desktop podman (4.9.3 -> 5.0.1) python-cryptography (42.0.4 -> 42.0.5) python-httpcore (1.0.4 -> 1.0.5) python-numpy python-pyasn1 (0.5.1 -> 0.6.0) python-pyzmq python-typing_extensions (4.10.0 -> 4.11.0) raspberrypi-firmware (2023.11.21 -> 2024.03.27) raspberrypi-firmware-config (2023.11.21 -> 2024.03.27) re2 (20240301 -> 20240401) runc (1.1.12 -> 1.2.0~rc1) snowball sushi (45.0 -> 46.0) systemd vim xdm (1.1.15 -> 1.1.16) xorg-x11-server (21.1.11 -> 21.1.12) xwayland (23.2.4 -> 23.2.5) yast2-storage-ng (5.0.10 -> 5.0.11) zstd (1.5.5 -> 1.5.6) === Details === ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - fix missing free codecs in builds with non-free codecs enabled ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva - fix missing free codecs in builds with non-free codecs enabled ==== MicroOS-release ==== Version update (20240402 -> 20240407) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== MozillaFirefox ==== Version update (124.0.1 -> 124.0.2) - Mozilla Firefox 124.0.2 https://www.mozilla.org/en-US/firefox/124.0.2/releasenotes/ * Fixed an issue where users with a large amount of bookmarks would be unable to restore a bookmarks backup. (bmo#1884308) * Fixed an issue that would cause open Firefox windows to go blank or crash during video playback on sites such as Netflix. (bmo#1883932) * Fixed a crash that affected Linux AArch64 builds. (bmo#1866396) * Fixed an issue where some users experienced difficulties loading webpages due to changes made to the default AppArmor configuration shipping in Ubuntu 24.04. (bmo#1884347) ==== aaa_base ==== Version update (84.87+git20240202.9526d46 -> 84.87+git20240402.16596d1) Subpackages: aaa_base-extras - Update to version 84.87+git20240402.16596d1: * add alacritty to DIR_COLORS * Make sure tput it present before resetting TERM * Add mc helpers for both tcsh and bash resources * Do not overwrite escape sequences for xterm like * Check for valid TERM ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - Use full URLs for source tarball and signature. ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Tag hardening patches as PATCH-FEATURE-OPENSUSE ==== avahi-glib2 ==== - Tag hardening patches as PATCH-FEATURE-OPENSUSE ==== bash ==== Subpackages: bash-doc bash-sh - Help dependcy resolver to identify package split done with bash-sh ==== bubblewrap ==== Version update (0.8.0 -> 0.9.0) - update to v0.9.0: * Build system changed to Meson from Autotools * Add --argv0 https://github.com/containers/bubblewrap/issues/91 * --symlink is now idempotent, meaning it succeeds if the symlink already exists and already has the desired target * Clarify security considerations in documentation * Clarify documentation for --cap-add * Report a better error message if mount(2) fails with ENOSPC * Fix a double-close on error reading from --args, --seccomp or - -add-seccomp-fd argument * Improve memory allocation behaviour ==== c-ares ==== Version update (1.27.0 -> 1.28.1) - c-ares 1.28.1 Features: * Emit warnings when deprecated c-ares functions are used. This can be disabled by passing a compiler definition of `CARES_NO_DEPRECATED`. [PR #732] * Add function `ares_search_dnsrec()` to search for records using the new DNS record data structures. [PR #719] * Rework internals to pass around `ares_dns_record_t` instead of binary data, this introduces new public functions of `ares_query_dnsrec()` and `ares_send_dnsrec()`. [PR #730] Changes: * tests: when performing simulated queries, reduce timeouts to make tests run faster * Replace configuration file parsers with memory-safe parser. [PR #725] * Remove `acountry` completely, the manpage might still get installed otherwise. [Issue #718] Bugfixes: * CMake: don't overwrite global required libraries/definitions/includes which could cause build errors for projects chain building c-ares. [Issue #729] * On some platforms, `netinet6/in6.h` is not included by `netinet/in.h` and needs to be included separately. [PR #728] * Fix a potential memory leak in `ares_init()`. [Issue #724] * Some platforms don't have the `isascii()` function. Implement as a macro. [PR #721] * CMake: Fix Chain building if CMAKE runtime paths not set * NDots configuration should allow a value of zero. [PR #735] ==== colord ==== Subpackages: colord-color-profiles libcolord2 libcolorhug2 - Tag hardening patch as PATCH-FEATURE-OPENSUSE. ==== coreutils ==== Version update (9.4 -> 9.5) Subpackages: coreutils-doc - Update to 9.5: Bug fixes: * chmod -R now avoids a race where an attacker may replace a traversed file with a symlink, causing chmod to operate on an unintended file. [This bug was present in "the beginning".] * cp, mv, and install no longer issue spurious diagnostics like "failed to preserve ownership" when copying to GNU/Linux CIFS file systems. They do this by working around some Linux CIFS bugs. * cp --no-preserve=mode will correctly maintain set-group-ID bits for created directories. Previously on systems that didn't support ACLs, cp would have reset the set-group-ID bit on created directories. [bug introduced in coreutils-8.20] * join and uniq now support multi-byte characters better. For example, 'join -tX' now works even if X is a multi-byte character, and both programs now treat multi-byte characters like U+3000 IDEOGRAPHIC SPACE as blanks if the current locale treats them so. * numfmt options like --suffix no longer have an arbitrary 127-byte limit. [bug introduced with numfmt in coreutils-8.21] * mktemp with --suffix now better diagnoses templates with too few X's. Previously it conflated the insignificant --suffix in the error. [bug introduced in coreutils-8.1] * sort again handles thousands grouping characters in single-byte locales where the grouping character is greater than CHAR_MAX. For e.g. signed character platforms with a 0xA0 (aka  ) grouping character. [bug introduced in coreutils-9.1] * split --line-bytes with a mixture of very long and short lines no longer overwrites the heap (CVE-2024-0684). [bug introduced in coreutils-9.2] * tail no longer mishandles input from files in /proc and /sys file systems, on systems with a page size larger than the stdio BUFSIZ. [This bug was present in "the beginning".] * timeout avoids a narrow race condition, where it might kill arbitrary processes after a failed process fork. [bug introduced with timeout in coreutils-7.0] * timeout avoids a narrow race condition, where it might fail to kill monitored processes immediately after forking them. [bug introduced with timeout in coreutils-7.0] * wc no longer fails to count unprintable characters as parts of words. [bug introduced in textutils-2.1] Changes in behavior: * base32 and base64 no longer require padding when decoding. Previously an error was given for non padded encoded data. * base32 and base64 have improved detection of corrupted encodings. Previously encodings with non zero padding bits were accepted. * basenc --base16 -d now supports lower case hexadecimal characters. Previously an error was given for lower case hex digits. * cp --no-clobber, and mv -n no longer exit with failure status if existing files are encountered in the destination. Instead they revert to the behavior from before v9.2, silently skipping existing files. * ls --dired now implies long format output without hyperlinks enabled, and will take precedence over previously specified formats or hyperlink mode. * numfmt will accept lowercase 'k' to indicate Kilo or Kibi units on input, and uses lowercase 'k' when outputting such units in '--to=si' mode. * pinky no longer tries to canonicalize the user's login location by default, rather requiring the new --lookup option to enable this often slow feature. * wc no longer ignores encoding errors when counting words. Instead, it treats them as non white space. New features: * chgrp now accepts the --from=OWNER:GROUP option to restrict changes to files with matching current OWNER and/or GROUP, as already supported by chown(1). * chmod adds support for -h, -H,-L,-P, and --dereference options, providing more control over symlink handling. This supports more secure handling of CLI arguments, and is more consistent with chown, and chmod on other systems. * cp now accepts the --keep-directory-symlink option (like tar), to preserve and follow existing symlinks to directories in the destination. * cp and mv now accept the --update=none-fail option, which is similar to the --no-clobber option, except that existing files are diagnosed, and the command exits with failure status if existing files. The -n,--no-clobber option is best avoided due to platform differences. * env now accepts the -a,--argv0 option to override the zeroth argument of the command being executed. * mv now accepts an --exchange option, which causes the source and destination to be exchanged. It should be combined with - -no-target-directory (-T) if the destination is a directory. The exchange is atomic if source and destination are on a single file system that supports atomic exchange; --exchange is not yet supported in other situations. * od now supports printing IEEE half precision floating point with -t fH, or brain 16 bit floating point with -t fB, where supported by the compiler. * tail now supports following multiple processes, with repeated --pid options. Improvements: * cp,mv,install,cat,split now read and write a minimum of 256KiB at a time. This was previously 128KiB and increasing to 256KiB was seen to increase throughput by 10-20% when reading cached files on modern systems. * env,kill,timeout now support unnamed signals. kill(1) for example now supports sending such signals, and env(1) will list them appropriately. * SELinux operations in file copy operations are now more efficient, avoiding unneeded MCS/MLS label translation. * sort no longer dynamically links to libcrypto unless -R is used. This decreases startup overhead in the typical case. * wc is now much faster in single-byte locales and somewhat faster in multi-byte locales. - coreutils-9.4.split-CVE-2024-0684.patch: Remove now-upstream patch. - gnulib-readutmp-under-gdm.patch: Likewise. - gnulib-readutmp.patch: Likewise. - coreutils-i18n.patch: Remove multi-byte patches for join and uniq, as the upstream version now handles those tests. Pull in gnulib module mbchar manually, as it is a dependency of mbfile, but dropped out of the upstream dependency chain. - coreutils-misc.patch: Remove change for gnulib-tests/test-isnanl.h. - coreutils-fix-gnulib-time_r-tests.patch: Add upstream gnulib patch to skip French test if TZ='Europe/Paris' does not work. ==== coreutils-systemd ==== Version update (9.4 -> 9.5) - Update to 9.5: Bug fixes: * chmod -R now avoids a race where an attacker may replace a traversed file with a symlink, causing chmod to operate on an unintended file. [This bug was present in "the beginning".] * cp, mv, and install no longer issue spurious diagnostics like "failed to preserve ownership" when copying to GNU/Linux CIFS file systems. They do this by working around some Linux CIFS bugs. * cp --no-preserve=mode will correctly maintain set-group-ID bits for created directories. Previously on systems that didn't support ACLs, cp would have reset the set-group-ID bit on created directories. [bug introduced in coreutils-8.20] * join and uniq now support multi-byte characters better. For example, 'join -tX' now works even if X is a multi-byte character, and both programs now treat multi-byte characters like U+3000 IDEOGRAPHIC SPACE as blanks if the current locale treats them so. * numfmt options like --suffix no longer have an arbitrary 127-byte limit. [bug introduced with numfmt in coreutils-8.21] * mktemp with --suffix now better diagnoses templates with too few X's. Previously it conflated the insignificant --suffix in the error. [bug introduced in coreutils-8.1] * sort again handles thousands grouping characters in single-byte locales where the grouping character is greater than CHAR_MAX. For e.g. signed character platforms with a 0xA0 (aka  ) grouping character. [bug introduced in coreutils-9.1] * split --line-bytes with a mixture of very long and short lines no longer overwrites the heap (CVE-2024-0684). [bug introduced in coreutils-9.2] * tail no longer mishandles input from files in /proc and /sys file systems, on systems with a page size larger than the stdio BUFSIZ. [This bug was present in "the beginning".] * timeout avoids a narrow race condition, where it might kill arbitrary processes after a failed process fork. [bug introduced with timeout in coreutils-7.0] * timeout avoids a narrow race condition, where it might fail to kill monitored processes immediately after forking them. [bug introduced with timeout in coreutils-7.0] * wc no longer fails to count unprintable characters as parts of words. [bug introduced in textutils-2.1] Changes in behavior: * base32 and base64 no longer require padding when decoding. Previously an error was given for non padded encoded data. * base32 and base64 have improved detection of corrupted encodings. Previously encodings with non zero padding bits were accepted. * basenc --base16 -d now supports lower case hexadecimal characters. Previously an error was given for lower case hex digits. * cp --no-clobber, and mv -n no longer exit with failure status if existing files are encountered in the destination. Instead they revert to the behavior from before v9.2, silently skipping existing files. * ls --dired now implies long format output without hyperlinks enabled, and will take precedence over previously specified formats or hyperlink mode. * numfmt will accept lowercase 'k' to indicate Kilo or Kibi units on input, and uses lowercase 'k' when outputting such units in '--to=si' mode. * pinky no longer tries to canonicalize the user's login location by default, rather requiring the new --lookup option to enable this often slow feature. * wc no longer ignores encoding errors when counting words. Instead, it treats them as non white space. New features: * chgrp now accepts the --from=OWNER:GROUP option to restrict changes to files with matching current OWNER and/or GROUP, as already supported by chown(1). * chmod adds support for -h, -H,-L,-P, and --dereference options, providing more control over symlink handling. This supports more secure handling of CLI arguments, and is more consistent with chown, and chmod on other systems. * cp now accepts the --keep-directory-symlink option (like tar), to preserve and follow existing symlinks to directories in the destination. * cp and mv now accept the --update=none-fail option, which is similar to the --no-clobber option, except that existing files are diagnosed, and the command exits with failure status if existing files. The -n,--no-clobber option is best avoided due to platform differences. * env now accepts the -a,--argv0 option to override the zeroth argument of the command being executed. * mv now accepts an --exchange option, which causes the source and destination to be exchanged. It should be combined with - -no-target-directory (-T) if the destination is a directory. The exchange is atomic if source and destination are on a single file system that supports atomic exchange; --exchange is not yet supported in other situations. * od now supports printing IEEE half precision floating point with -t fH, or brain 16 bit floating point with -t fB, where supported by the compiler. * tail now supports following multiple processes, with repeated --pid options. Improvements: * cp,mv,install,cat,split now read and write a minimum of 256KiB at a time. This was previously 128KiB and increasing to 256KiB was seen to increase throughput by 10-20% when reading cached files on modern systems. * env,kill,timeout now support unnamed signals. kill(1) for example now supports sending such signals, and env(1) will list them appropriately. * SELinux operations in file copy operations are now more efficient, avoiding unneeded MCS/MLS label translation. * sort no longer dynamically links to libcrypto unless -R is used. This decreases startup overhead in the typical case. * wc is now much faster in single-byte locales and somewhat faster in multi-byte locales. - coreutils-9.4.split-CVE-2024-0684.patch: Remove now-upstream patch. - gnulib-readutmp-under-gdm.patch: Likewise. - gnulib-readutmp.patch: Likewise. - coreutils-i18n.patch: Remove multi-byte patches for join and uniq, as the upstream version now handles those tests. Pull in gnulib module mbchar manually, as it is a dependency of mbfile, but dropped out of the upstream dependency chain. - coreutils-misc.patch: Remove change for gnulib-tests/test-isnanl.h. - coreutils-fix-gnulib-time_r-tests.patch: Add upstream gnulib patch to skip French test if TZ='Europe/Paris' does not work. ==== cpio ==== Subpackages: cpio-mt - Fix build with gcc14, bsc#1221712 * fix-gcc14.patch ==== evince ==== Subpackages: evince-plugin-pdfdocument libevdocument3-4 libevview3-3 typelib-1_0-EvinceDocument-3_0 typelib-1_0-EvinceView-3_0 - Properly tag patches as PATCH-FIX-SLE. ==== fwupd ==== Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - dbxtool is built unconditionally on all architectures: move it out of the condition in the files section and also unconditionally provide/obsolete the old version. ==== gobject-introspection ==== Version update (1.80.0 -> 1.80.1) Subpackages: girepository-1_0 libgirepository-1_0-1 - Update to version 1.80.1: + Require Python 3.8 when running mypy. + Ensure that POSIX types follow the target architecture. + Look for finish functions inside the list of constructors. ==== gtk4 ==== Version update (4.14.1 -> 4.14.2) Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.14.2: + GtkScale: Improve positioning of values in some cases. + Theme: Make progress in entries visible. + Accessibility: Fix text insertion handling. + GDK: - dnd: Use the default cursor durion motion - dnd: Use a better cursor for indicating the move action + GSK: - gl: Handle offloads in offscreen context better - Fix text rendering problems with some fonts + Wayland: - Tighten up some protocol version checks - Use the presentation time protocol - Fix a crash with subsurfaces - Improve settings portal handling + Debugging: Add font settings in the inspector. + Demos: - Clean up the application demo - Update cursor images for the cursor demo + Updated translations. ==== harfbuzz ==== Version update (8.3.0 -> 8.4.0) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - update to version 8.4.0: + When subsetting, place variation store at the end of “GDEF” table to fix shaping issues with some versions of Adobe InDesign. + Various build fixes - update to version 8.3.1: + Fix hb_style_get_value() in fonts with “STAT” table + Properly handle negative offsets in CFF table + Update IANA Language Subtag Registry to 2024-03-07 + Subsetter now supports subsetting “BASE” table + Subsetter will update “hhea” font metrics in sync with “OS/2” ones. + “--variations” option of “hb-subset” now supports leaving out values that should be unchanged, e.g. “wght=:500:” will change the default and keep max and min unchanged. It also supports “*=drop” to to pin all axes to default location. + Fix hb_ot_math_get_glyph_kerning() to match updated “MATH” table spec. + Support legacy MacRoman encoding in “cmap” table. + Various build fixes. + Various subsetting and instancing fixes. ==== installation-images-MicroOS ==== Version update (17.117 -> 17.120) - merge gh#openSUSE/installation-images#704 - ensure crypto-policies postinstall script is run (bsc#1222235) - 17.120 - merge gh#openSUSE/installation-images#702 - Require Mesa-dri - 17.119 - merge gh#openSUSE/installation-images#703 - etc: update module.config to match 6.9 - 17.118 ==== inxi ==== Version update (3.3.33 -> 3.3.33+3) - Updated to version 3.3.33-1+3: + A quick point release, one critical bug fix, and a few new features and enhancements. + Code cleanup. - Add service to pull from git and avoid tarball release. - Adjust spec file for service use. ==== kate ==== Subpackages: kate-plugins - Add a couple recommended plugins to preview files in kate ==== kdsoap-qt6 ==== Version update (2.1.1 -> 2.2.0) - update to 2.2.0: * buildsystem - Add co-installability of Qt5 and Qt6 headers back. Installs Qt6 headers into their own subdirectory so client code still works, but can be co-installed with Qt5 again. * Add KDSoapClientInterface::setMessageAddressingProperties() so that WS-Addressing support can be used with WSDL-generated services (issue #254) * Don't require a SOAP action in order to write addressing properties (also issue #254) * WSDL parser / code generator changes, applying to both client and server side * Improve -import-path ==== kernel-firmware ==== Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Drop duplicated WHENCE from kernel-firmware-* subpackages (bsc#1222319) ==== kernel-source ==== Version update (6.8.1 -> 6.8.4) - Linux 6.8.4-rc1 (bsc#1012628). - Revert "workqueue.c: Increase workqueue name length" (bsc#1012628). - Revert "workqueue: Move pwq->max_active to wq->max_active" (bsc#1012628). - Revert "workqueue: Factor out pwq_is_empty()" (bsc#1012628). - Revert "workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work()" (bsc#1012628). - Revert "workqueue: Move nr_active handling into helpers" (bsc#1012628). - Revert "workqueue: Make wq_adjust_max_active() round-robin pwqs while activating" (bsc#1012628). - Revert "workqueue: RCU protect wq->dfl_pwq and implement accessors for it" (bsc#1012628). - Revert "workqueue: Introduce struct wq_node_nr_active" (bsc#1012628). - Revert "workqueue: Implement system-wide nr_active enforcement for unbound workqueues" (bsc#1012628). - Revert "workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active()" (bsc#1012628). - Revert "workqueue: Shorten events_freezable_power_efficient name" (bsc#1012628). - commit 1089550 - Linux 6.8.3 (bsc#1012628). - drm/vmwgfx: Unmap the surface before resetting it on a plane state (bsc#1012628). - wifi: brcmfmac: avoid invalid list operation when vendor attach fails (bsc#1012628). - media: staging: ipu3-imgu: Set fields before media_entity_pads_init() (bsc#1012628). - arm64: dts: qcom: sc7280: Add additional MSI interrupts (bsc#1012628). - remoteproc: virtio: Fix wdg cannot recovery remote processor (bsc#1012628). - clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd (bsc#1012628). - smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() (bsc#1012628). - smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() (bsc#1012628). - arm: dts: marvell: Fix maxium->maxim typo in brownstone dts (bsc#1012628). - drm/vmwgfx: Fix possible null pointer derefence with invalid contexts (bsc#1012628). - arm64: dts: qcom: sm8450-hdk: correct AMIC4 and AMIC5 microphones (bsc#1012628). - serial: max310x: fix NULL pointer dereference in I2C instantiation (bsc#1012628). - drm/vmwgfx: Fix the lifetime of the bo cursor memory (bsc#1012628). - pci_iounmap(): Fix MMIO mapping leak (bsc#1012628). - media: xc4000: Fix atomicity violation in xc4000_get_frequency (bsc#1012628). - media: mc: Add local pad to pipeline regardless of the link state (bsc#1012628). - media: mc: Fix flags handling when creating pad links (bsc#1012628). - media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access (bsc#1012628). - media: mc: Add num_links flag to media_pad (bsc#1012628). - media: mc: Rename pad variable to clarify intent (bsc#1012628). - media: mc: Expand MUST_CONNECT flag to always require an enabled link (bsc#1012628). - media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT (bsc#1012628). - md: use RCU lock to protect traversal in md_spares_need_change() (bsc#1012628). - KVM: Always flush async #PF workqueue when vCPU is being destroyed (bsc#1012628). - arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping (bsc#1012628). - arm64: dts: qcom: sm8550-mtp: correct WCD9385 TX port mapping (bsc#1012628). - cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() (bsc#1012628). - thermal/intel: Fix intel_tcc_get_temp() to support negative CPU temperature (bsc#1012628). - powercap: intel_rapl: Fix a NULL pointer dereference (bsc#1012628). - powercap: intel_rapl: Fix locking in TPMI RAPL (bsc#1012628). - powercap: intel_rapl_tpmi: Fix a register bug (bsc#1012628). - powercap: intel_rapl_tpmi: Fix System Domain probing (bsc#1012628). - powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core (bsc#1012628). - powerpc/smp: Increase nr_cpu_ids to include the boot CPU (bsc#1012628). - sparc64: NMI watchdog: fix return value of __setup handler (bsc#1012628). - sparc: vDSO: fix return value of __setup handler (bsc#1012628). - crypto: qat - change SLAs cleanup flow at shutdown (bsc#1012628). - crypto: qat - resolve race condition during AER recovery (bsc#1012628). - selftests/mqueue: Set timeout to 180 seconds (bsc#1012628). - pinctrl: qcom: sm8650-lpass-lpi: correct Kconfig name (bsc#1012628). - ext4: correct best extent lstart adjustment logic (bsc#1012628). - drm/amdgpu/display: Address kdoc for 'is_psr_su' in ... changelog too long, skipping 1837 lines ... - commit 6a29422 ==== kirigami-addons6 ==== Version update (1.0.1 -> 1.1.0) - Update to 1.1.0 * New FormCard delegate: FormColorDelegate * New delegate container: FormCardDialog * Fixed a newline bug in the AboutKDE component * The default size of MessageDialog was decreased * Fixed the autoplay of the video delegate for the maximized album component ==== kmod ==== Version update (31 -> 32) Subpackages: kmod-bash-completion libkmod2 - Update to release 32 * Drop python bindings * Remove unmaintained experimental tool - Drop upstreamed patches * configure-Detect-openssl-sm3-support.patch * man-depmod.d-Fix-incorrect-usr-lib-search-path.patch * usr-lib-modprobe.patch * kmod-Add-pkgconfig-file-with-kmod-compile-time-confi.patch * tools-depmod-fix-Walloc-size.patch * libkmod-remove-pkcs7-obj_to_hash_algo.patch * usr-lib-modules.patch * configure-Check-that-provided-paths-are-absolute.patch - Refresh no-stylesheet-download.patch ==== krb5 ==== - Add crypto-policies support [bsc#1211301] * Update krb5.conf in vendor-files.tar.bz2 ==== libapparmor ==== - Use full URLs for source tarball and signature. ==== libbpf ==== Version update (1.3.0 -> 1.4.0) - update to 1.4.0: * support for BPF token throughout low-level and high-level APIs (see also LIBBPF_BPF_TOKEN_PATH envvar) * struct_ops functionality around handling multi-kernel compatibility using BPF CO-RE principles and approaches * BPF arena map support * support __arena tagged global variables, which are automatically put into BPF arena map * BPF cookie support for raw tracepoint BPF programs in attach APIs loaded or created, respectively * add SEC("sk_skb/verdict") support * support global subprog argument tagging for for kprobe/uprobe, and perf_event BPF program with newly added __arg_ctx, __arg_nonnull, __arg_nullable, __arg_trusted, and __arg_arena annotations * add bpf_core_cast() macro, improving ergonomics of bpf_rdonly_cast() BPF helper * __long() macro added for specifying 64-bit values when declaring BTF-defined maps * better GCC-BPF support in BPF CO-RE macros in bpf_core_read.h header * show specific error messages when attempting to use struct bpf_program/bpf_map instances there were not loaded or created * fix inner map's max_entries setting logic * btf_ext__raw_data() and btf__new_split() APIs are added back * ignore DWARF sections in BPF linker sanity checks, improving handling of some corner cases * fix potential NULL dereference when handling corrupted ELF files. ==== libcanberra ==== Subpackages: canberra-gtk-play libcanberra-gtk-module-common libcanberra-gtk0 libcanberra-gtk2-module libcanberra-gtk3-0 libcanberra-gtk3-module libcanberra0 - Don't recommend the gtk modules unconditionally. They already have conditional supplements. - Switch from packageand(x:y) to boolean dependencies - Use %license ==== libdeflate ==== Version update (1.19 -> 1.20) - update to 1.20: * Improved CRC-32 performance on recent x86 CPUs by adding * VPCLMULQDQ-accelerated implementations using 256-bit and 512-bit vectors. * Improved Adler-32 performance on recent x86 CPUs by adding * VNNI-accelerated implementations using 256-bit and 512-bit vectors. * Improved CRC-32 and Adler-32 performance on short inputs. * Optimized the portable implementation of Adler-32. * Added some basic optimizations for RISC-V. * Dropped support for gcc versions older than v4.9 (released in 2014) and clang versions older than v3.9 (released in 2016). * Dropped support for CRC-32 acceleration on 32-bit ARM using the ARMv8 pmull or crc32 instructions. ==== libdnf ==== Version update (0.73.0 -> 0.73.1) Subpackages: libdnf-repo-config-zypp libdnf2 - version update to 0.73.1 * Bug fixes: - Fix https://issues.redhat.com/browse/RHEL-27657 - subject-py: Fix memory leak * Others: - MergedTransaction: Calculate RPM difference between two same versions as no-op - Onboard packit tests - Add virtual destructor to TransactionItem ==== libproxy-backend ==== Version update (0.5.3 -> 0.5.4) - Update to version 0.5.4: + Add golang link to application page. + Improve libproxy test coverage. + Improve coverage. + Specify library version more completely. + Use the correct separator character for Windows ProxyOverride. + Improve handling of Windows proxy settings. + Add curl option to the generated config for backend instead. + Set initial state to online. + Windows: Detect scheme presence in proxy URLs more robustly. + Fix broken WPAD proxy resolution. ==== libproxy-client ==== Version update (0.5.3 -> 0.5.4) - Update to version 0.5.4: + Add golang link to application page. + Improve libproxy test coverage. + Improve coverage. + Specify library version more completely. + Use the correct separator character for Windows ProxyOverride. + Improve handling of Windows proxy settings. + Add curl option to the generated config for backend instead. + Set initial state to online. + Windows: Detect scheme presence in proxy URLs more robustly. + Fix broken WPAD proxy resolution. ==== libsrtp2 ==== Version update (2.5.0 -> 2.6.0) - version update to 2.6.0 * remove use of pointers to 32bit values * Cleaning up cmake and enabled more warnings. * start using const on internal arguments * Some srtp_driver fixes * remove travis reference from README.md * meson.build: implement mbedtls support * iv length is constant so set only once * Add x86 SIMD optimizations to crypto datatypes * Add a missing typedef for stream list ctx * cmake: Rename TEST_APPS as LIBSRTP_TEST_APPS option * cmake: Support configuring as subproject ==== libssh2_org ==== - Fix an issue with Encrypt-then-MAC family. [bsc#1221622] * Test the ETM feature in the remote end's configuration when receiving data. Upstream issue: #1331. * Add libssh2_org-ETM-remote.patch - Always add the KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com" when configuring custom method list. [bsc#1218971, CVE-2023-48795] * The strict-kex extension is announced in the list of available KEX methods. However, when the default KEX method list is modified or replaced, the extension is not added back automatically. * Add libssh2_org-CVE-2023-48795-ext.patch ==== liburing ==== Version update (2.4 -> 2.5) - Update to 2.5: * Add support for io_uring_prep_cmd_sock() * Add support for application allocated ring memory, for placing rings in huge mem. Available through io_uring_queue_init_mem(). * Add support for registered ring fds * Various documentation updates * Various fixes - Remove (they are upstream) * test-io_uring_register-fix-errno-confusion-and-new-e.patch * tests-don-t-expect-multishot-recv-overflow-backloggi.patch - Add * test-recv-multishot-wait-for-the-right-amount-of-CQE.patch (to fix test errors on the 6.8.2 kernel) * test-no-mmap-inval-0-return-is-fine-too.patch (fix the test) ==== libuv ==== Version update (1.47.0 -> 1.48.0) - Update to version 1..48.0 * CVE-2024-24806: Improper Domain Lookup that potentially leads to SSRF attacks (bsc#1219724) * misc: remove deprecated stalebot file * misc: ignore libuv-release-tool files * build,win: remove extraneous -lshell32 * build,win: work around missing uuid.dll on MinGW * build: disable windows asan buildbot * build: add .cache clangd folder to .gitignore * build: re-enable msvc-asan job on CI * linux: disable io_uring on hppa below kernel 6.1.51 * linux: remove HAVE_IFADDRS_H macro * linux: fix bind/connect for abstract sockets * linux: retry fs op if unsupported by io_uring * linux: disable io_uring on ppc64 and ppc64le * unix,win: utility for setting priority for thread * unix,win: fix read past end of pipe name buffer * unix,win: fix busy loop with zero timeout timers * unix,win: reset the timer queue on stop * unix: ignore ifaddrs with NULL ifa_addr * unix: unbreak macOS < 10.14 * unix: correct pwritev conditional * unix: support full TCP keep-alive on Solaris * unix: optimize uv__tcp_keepalive cpp directives * freebsd: fix F_KINFO file path handling * freebsd: fix build on non-intel archs * aix: disable ipv6 link local * aix,ibmi: use uv_interface_addresses instead of getifaddrs * win: remove check for UV_PIPE_NO_TRUNCATE * win: honor NoDefaultCurrentDirectoryInExePath env var * win: stop using deprecated names * win: replace c99 comments with c89 comments * win: fix ESRCH implementation * win/spawn: optionally run executable paths with no file extension * test: don't run tcp_writealot under msan * test: check if ipv6 link-local traffic is routable * test: skip tcp-write-in-a-row on IBM i * test: empty strings are not valid IDNA * test_fs.c: Fix issue on 32-bit systems using btrfs * idna: fix compilation warning * pipe: add back error handling to connect / bind * fix: always zero-terminate idna output * fix: reject zero-length idna inputs * doc: move cjihrig to emeriti * doc: add very basic Security Policy document * Merge pull request from GHSA-f74f-cvh7-c6q6 - Remove ppc64-disable-liburing.patch because it was applied in the current source code ==== libzypp ==== Version update (17.32.0 -> 17.32.2) - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) Fixed the name of the keyword to "support_superseded" as it was agreed on in jsc#OBS-301. - version 17.32.2 (32) - Add resolver option 'removeUnneeded' to file weak remove jobs for unneeded packages (bsc#1175678) - version 17.32.1 (32) ==== llvm18 ==== Version update (18.1.2 -> 18.1.3) - Update to version 18.1.3. * Fixes ThreadSanitizer failures for glibc's LoongArch and certain RISC-V ports when fstat is used. * `transform.structured.convert_to_loops` now properly deletes its target op. * Fix a `llvm.usub.with.overflow.i128` wrong code generation regression that was introduced with LLVM 18.1.0. * MemorySanitizer on Linux can now run even when maximum-entropy address-space layout randomization is configured globally (as is becoming increasingly common). MemorySanitizer can automatically re-exec ASLR-off for the process if needed, instead of aborting. * Fixed a Clang 18.x regression which increased binary size and stack usage with `-ftrivial-auto-var-init`. - Set directories for configuration files: /etc/clang for system- wide configuration and ~/.config/clang for users. For details see https://clang.llvm.org/docs/UsersManual.html#configuration-files. - Use old conflicts/provides for python3-clang on Leap. ==== mpg123 ==== Version update (1.32.5 -> 1.32.6) Subpackages: libmpg123-0 mpg123-openal - Update to version 1.32.6 build: * Detect forced 64 bit offsets on a dual-mode system that used to default to 32 bits and drop ambiguous suffix-less symbols in that case. This avoids subtle ABI breakage (causing memory corruption) with existing binaries and instead has them fail during runtime linking. You trigger that when having -D_FILE_OFFSET_BITS=64 in your compiler flags during mpg123 build. ==== nghttp2 ==== Version update (1.60.0 -> 1.61.0) - version update to 1.61.0 * Fixes CVE-2024-28182 [bsc#1221399] * nghttpx: Shutdown h3 stream read with trailer as well by @tatsuhiro-t in #2087 * Checkout with submodules by @jonaski in #2093 * Respect BUILD_STATIC_LIBS and add option for tests by @jonaski in #2092 * build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #2097 * Workaround llvm issue on github ubuntu runner by @tatsuhiro-t in #2098 * docker: Use copy --link by @tatsuhiro-t in #2099 * Nghttpx header idle timeout by @tatsuhiro-t in #2100 * nghttpx: Fix frontend-header-timeout does not work in config file by @tatsuhiro-t in #2101 * Rewrite hexdump by @tatsuhiro-t in #2102 * Switch to distroless/base-nossl by @tatsuhiro-t in #2103 * Bump ngtcp2 by @tatsuhiro-t in #2105 * nghttpx: Simplify quic connection close handling by @tatsuhiro-t in #2106 * build(deps): bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by @dependabot in #2107 * autotools: Use tar-ustar automake option by @tatsuhiro-t in #2108 * Automate release process by @tatsuhiro-t in #2109 * autotools: Switch to tar-pax by @tatsuhiro-t in #2110 * nghttpx: Drop a UDP datagram from well-known port by @tatsuhiro-t in #2111 * nghttpx: Fix port byte order by @tatsuhiro-t in #2112 * h2load: Allow host header to be overridden by @tatsuhiro-t in #2113 * nghttpx: Rework QUIC stateless reset packet size by @tatsuhiro-t in #2114 * nghttpx: More QUIC prohibited ports by @tatsuhiro-t in #2115 * Add actions/stale by @tatsuhiro-t in #2116 * nghttpx: Discard UDP datagram that is too short to be a valid QUIC packet by @tatsuhiro-t in #2117 * nghttp: Support SSLKEYLOGFILE by @tatsuhiro-t in #2119 * No rfc7540 priority fix by @tatsuhiro-t in #2120 * Further reduce Stateless reset emission by @tatsuhiro-t in #2122 * nghttpx: Rework Connection ID construction by @tatsuhiro-t in #2124 * Nghttpx faster worker lookup by @tatsuhiro-t in #2125 * nghttpx: Split thread into worker_process and thread by @tatsuhiro-t in #2126 * bpf: Drop bad QUIC packet by @tatsuhiro-t in #2127 * cmake: check SSL_provide_quic_data when ENABLE_HTTP3 is ON by @jimmy-park in #2128 * nghttpx: Allocate 3 bits for QUIC configuration in Connection ID by @tatsuhiro-t in #2129 * nghttpx: Migrate to ares_getaddrinfo by @tatsuhiro-t in #2132 * Bump munit by @tatsuhiro-t in #2131 * nghttpx: Fix error message by @tatsuhiro-t in #2133 * nghttpd: Fix read stall by @tatsuhiro-t in #2134 - gcc7.patch: Fix compilation for SLE-15 (jsc#PED-8206) ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Use %config(noreplace) for sshd_config . In any case, it's recommended to drop a file in sshd_config.d instead of editing sshd_config (bsc#1221063) - Use %{_libexecdir} when removing ssh-keycat instead of the hardcoded path so it works in TW and SLE. - Add crypto-policies support [bsc#1211301] * Add patches: - openssh-9.6p1-crypto-policies.patch - openssh-9.6p1-crypto-policies-man.patch ==== orca ==== Version update (46.0 -> 46.1) - Update to version 46.1: + Fix issue causing flat review clicking to fail in some Gtk apps. + Fix regression in SayAll upon page load. + Fix presentation of new radio button groups. + Avoid triggering crash in Pidgin. + Fix issue in which Orca appeared to hang when where am I was used immediately after page load of a large document. ==== pango ==== Subpackages: libpango-1_0-0 typelib-1_0-Pango-1_0 - added GraphicsMagick package as Recommends. The invocation of pango-view with the ft2 backend requires the gm command found in that package ==== plasma6-desktop ==== Subpackages: plasma6-desktop-emojier - Add "-DBUILD_KCM_MOUSE_X11=OFF" for s390x - Move touchpad and mouse configuration to all (also for s390x) ==== podman ==== Version update (4.9.3 -> 5.0.1) - update to 5.0.1: * Bugfixes - Fixed a bug where rootless containers using the Pasta network driver did not properly handle localhost DNS resolvers on the host leading to DNS resolution issues (#22044). - Fixed a bug where Podman would warn that cgroups v1 systems were no longer supported on FreeBSD hosts. - Fixed a bug where HyperV podman machine VMs required an SSH client be installed on the system (#22075). - Fixed a bug that prevented the remote Podman client's podman build command from working properly when connecting from a rootless client to a rootful server (#22109). * Misc - The HyperV driver to podman machine now fails immediately if admin privileges are not available (previously, it would only fail when it reached operations that required admin privileges). - Refactor network backend dependencies: * require either cni or netavark for SLE-15-SP5 and lower * require netavark for all other streams and fresh installations even on older SLE systems for podman >= 5.0.0 - Drop slirp4netns, require passt instead for rootless networking - Update to version 5.0.0: * New release: v5.0.0 * Update RELEASE_NOTES.md with CVE-2024-1753 (bsc#1221677) * [v5.0] Bump Buildah to v1.35.1 * Adjust to the standard location of gvforwarder used in new images * Switch to 5.x WSL machine os stream using new automation * rpm: use macro supported vendoring * Bump to v5.0.0-dev * Bump to v5.0.0-RC7 * Add release notes for v5.0.0-rc7 * fix invalid HTTP header values when hijacking a connection * Use faster gzip for compression for 3x speedup for sending large contexts to remote * pkg/machine: make checkExclusiveActiveVM race free * pkg/machine/wsl: remove unused CheckExclusiveActiveVM() * pkg/machine: CheckExclusiveActiveVM should also check for starting * pkg/machine: refresh config after we hold lock * rpm: update containers-common dep on f40+ * Change API socket to be machine name isolated * Makefile: drop tests-included from validate target * Add release notes for v5.0.0 * do not require policy.json * Machine decompress.go refactoring follow-up * Add target win-gvproxy in winmake.ps1 * Add final machine endpoint * update API doc version to 5.0.0 * Bump to 5.0.0-dev * Bump to 5.0.0-rc6 * docs: generate-systemd: add clarification statement * docs: quadlet: improve docs on root/rootless dirs * [CI:DOCS] performance: fix URL and kernel version requirement * [CI:DOCS] Remove outdated references * Add note for RHEL 8.5 * Update module gopkg.in/go-jose/go-jose.v2 to v2.6.3 [SECURITY] * Update module github.com/go-jose/go-jose/v3 to v3.0.3 [SECURITY] * Bump to v5.0.0-dev * Bump to v5.0.0-rc5 * Fix Mac CI * Complete policy.json inclusion * Bump Buildah to v1.35.0 * podman compose: enable machine socket connection * [CI:DOCS] Add farm command to commands list * podman machine start/stop do not write config unlocked * [CI:BUILD] Build universal Podman binary for Mac installer * podman machine init: do not write config unlocked * Fail on failures to close the file descriptors, and especially the SparseWriter * Avoid reliance on fs.ErrClosed in SparseWriter users * Fix the logic for detecting an unexpected close error * vendor libhvee-0.7.0 * podman machine set: change options only locked * Remove copySparseFile * pkg/machine: fix relative DefaultPolicyJSONPath * Don't read full VM File before decompressing * [CI:DOCS] Fix windows installer action * machine: make more use of strongunits * Fix wrong units size return * fix(deps): update github.com/containers/libhvee digest to 7cee23c * [CI:DOCS] Migrate podman container image * fix(deps): update module google.golang.org/protobuf to v1.33.0 * CI: try to fix more flakes * [CI:BUILD] rpm: Put the podmansh(1) manual in the podmansh sub-package * e2e: fix potential race in file-locks test * Makefile: podman should have correct selinux label * properly implement pull-error event status * fix(deps): update module golang.org/x/tools to v0.19.0 * Resurrect auto-port reassignment, but for all providers * Refactor env dir and port functions into new leaf pkgs * fix(deps): update module golang.org/x/net to v0.22.0 * Revert "Expose as-tested Mac/Windows repository state" * fix(deps): update module golang.org/x/term to v0.18.0 * Update podman-for-windows.md * fix(deps): update github.com/containers/libhvee digest to 0ff33af * machine init: print output to improve UX * logformatter: fixes for Macintosh * test/e2e: check for stderr errors in cleanup() * Bump to FreeBSD 13.3 (13.2 vanished) * Bump to v5.0.0-dev * fix(deps): update module github.com/stretchr/testify to v1.9.0 ... changelog too long, skipping 613 lines ... * Change default QEMU CPU level to `qemu64` on Windows amd64 ==== python-cryptography ==== Version update (42.0.4 -> 42.0.5) - update to 42.0.5: * Limit the number of name constraint checks that will be performed in :mod:`X.509 path validation <cryptography.x509.verification>` to protect against denial of service attacks. * Upgrade pyo3 version, which fixes building on PowerPC. ==== python-httpcore ==== Version update (1.0.4 -> 1.0.5) - update to 1.0.5: * Handle `EndOfStream` exception for anyio backend. * Allow trio `0.25.*` series in package dependancies. ==== python-numpy ==== - Add patch to fix detection of some features: * 0001-feature-module-Fix-handling-of-multiple-conflicts-pe.patch - Add patch to fix test failure on some platforms (boo#1221902): * 0001-BUG-Fix-test_impossible_feature_enable-failing-witho.patch ==== python-pyasn1 ==== Version update (0.5.1 -> 0.6.0) - update to 0.6.0: * Added support for previously missing RELATIVE-OID construct * Updated link to Layman's Guide Now it provides a link to links to a formatted PDF version of the paper, at a stable domain (researchgate), using https * Removed support for EOL Python 2.7, 3.6, 3.7 ==== python-pyzmq ==== - Add %{?sle15_python_module_pythons} ==== python-typing_extensions ==== Version update (4.10.0 -> 4.11.0) - update to 4.11.0: * Fix tests on Python 3.13.0a5. Patch by Jelle Zijlstra. * Fix the runtime behavior of type parameters with defaults * Fix minor discrepancy between error messages produced by `typing` and `typing_extensions` on Python 3.10. * When `include_extra=False`, `get_type_hints()` now strips `ReadOnly` from the annotation. ==== raspberrypi-firmware ==== Version update (2023.11.21 -> 2024.03.27) - Update to a43358b (2024-03-27): * firmware: sdram: Implement get_info for 2711 See: raspberrypi/linux#6045 * Revert "firmware: sdram: Implement get_info for 2711" This reverts commit f762e4a * firmware: sdram: Implement get_info for 2711 See: raspberrypi/linux#6045 * firmware: sdram: Handle mode registers and refresh updates in sdram driver See: #1854 * firmware: arm_loader: mailbox: Optionally return extended board rev See: #1831 * firmware: arm_loader: Set dma-channel-mask as well as brcm,dma-channel-mask * firmware: board_info: Add Compute Module 5 model info string * firmware: arm_loader: Move non-kernels back to 512KB See: #1868 * firmware: Increase DATA_READY_TIMEOUT in sdhost.h * firmware: arm_loader/bootloader: Add HAT+ support * firmware: hat_lib: Avoid an I2C double-close - Enable v3d "Broadcom V3D DRM Driver" (bsc#1218780). See also: https://docs.mesa3d.org/drivers/v3d.html ==== raspberrypi-firmware-config ==== Version update (2023.11.21 -> 2024.03.27) - Update to a43358b (2024-03-27): * firmware: sdram: Implement get_info for 2711 See: raspberrypi/linux#6045 * Revert "firmware: sdram: Implement get_info for 2711" This reverts commit f762e4a * firmware: sdram: Implement get_info for 2711 See: raspberrypi/linux#6045 * firmware: sdram: Handle mode registers and refresh updates in sdram driver See: #1854 * firmware: arm_loader: mailbox: Optionally return extended board rev See: #1831 * firmware: arm_loader: Set dma-channel-mask as well as brcm,dma-channel-mask * firmware: board_info: Add Compute Module 5 model info string * firmware: arm_loader: Move non-kernels back to 512KB See: #1868 * firmware: Increase DATA_READY_TIMEOUT in sdhost.h * firmware: arm_loader/bootloader: Add HAT+ support * firmware: hat_lib: Avoid an I2C double-close ==== re2 ==== Version update (20240301 -> 20240401) - update to 2024-04-01: * Fix SIGSEGV if Match is called before Compile * remove unsuppressable stderr message when compiling an empty re2.Filter ==== runc ==== Version update (1.1.12 -> 1.2.0~rc1) - Update to runc v1.2.0~rc1. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.2.0-rc.1>. - Remove upstreamed patches. - 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch - 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch - 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch ==== snowball ==== - Properly tag patches as PATCH-FIX-OPENSUSE. ==== sushi ==== Version update (45.0 -> 46.0) - Update to version 46.0: + Make webkit2gtk optional. + Fix freeze when libreoffice is missing. + Fix tick position for fullscreen video. + Misc cleanup. + Updated translations. ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-coredump udev - Move systemd-repart from experimental to udev. - Add 0001-Drop-support-for-efivar-SystemdOptions.patch (bsc#1220338) Upstream deprecated it and plan to drop it in the future. Let's get ahead and drop it now as this feature is unlikely to be used on SUSE distros and it might be used to gain access to encrypted SLEM systems with unattended disk unlock and with secure boot disabled. - The following patches have been merged into SUSE/v255 branch hence removed from the OBS project. 5006-cgroup-Add-EffectiveMemoryMax-EffectiveMemoryHigh-an.patch 5007-test-Convert-rlimit-test-to-subtest-of-generic-limit.patch 5008-test-Add-effective-cgroup-limits-testing.patch 5009-cgroup-Restrict-effective-limits-with-global-resourc.patch 5010-cgroup-Rename-effective-limits-internal-table.patch - Import commit 56b53b17bcd8311dfb53f05b359b2812593883ab 56b53b17bc cgroup: Rename effective limits internal table (jsc#PED-5659) 7c9202317c cgroup: Restrict effective limits with global resource provision (jsc#PED-5659) da858e68eb test: Add effective cgroup limits testing (jsc#PED-5659) 2f013357a5 test: Convert rlimit test to subtest of generic limit testing (jsc#PED-5659) 0a3ea7f367 cgroup: Add EffectiveMemoryMax=, EffectiveMemoryHigh= and EffectiveTasksMax= properties (jsc#PED-5659) - Drop split_usr build conditional since both split-usr and unmerged-usr supports have been removed since v255. - Don't use the "Patch:" directive with a suffix number as since the suffix doesn't serve any purpose. ==== vim ==== Subpackages: vim-data vim-data-common vim-small xxd - spec.skeleton: add sample check section (W: no-%check-section) ==== xdm ==== Version update (1.1.15 -> 1.1.16) - Update to release 1.1.16 * This release fixes a failure to build with the recent libXaw 1.0.16 release due to a change introduced in xdm 1.1.15 to address gcc 14 build issues. ==== xorg-x11-server ==== Version update (21.1.11 -> 21.1.12) Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - Security update 21.1.12 This release addresses the following 4 security issues: * CVE-2024-31080 * CVE-2024-31081 * CVE-2024-31082 * CVE-2024-31083 Additionally it provides a way to disable byte-swapped clients either by command line flag or config option. This allows to turn off byte swapping code that has been a source of security problems lately. ==== xwayland ==== Version update (23.2.4 -> 23.2.5) - Security update 23.2.5 This release contains the 3 security fixes that actually apply to Xwayland reported in the security advisory of April 3rd 2024 * CVE-2024-31080 * CVE-2024-31081 * CVE-2024-31083 Additionally, it also contains a couple of other fixes, a copy/paste error in the DeviceStateNotify event and a fix to enable buttons with pointer gestures for backward compatibility with legacy X11 clients. ==== yast2-storage-ng ==== Version update (5.0.10 -> 5.0.11) - GuidedProposal: fixed a problem related to the :bigger_resize strategy (Agama) detected at gh#openSUSE/agama#1106. - 5.0.11 ==== zstd ==== Version update (1.5.5 -> 1.5.6) Subpackages: libzstd1 - update to 1.5.6: * Introduce a new stable parameter ZSTD_c_targetCBlockSize, enabling the division of blocks into smaller segments to enhance initial byte delivery speed for congested networks * library allows allow ganular binary size selection - drop zstd-pr-3961.patch, merged upstream