Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version=Tumbleweed&build=20241108 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (24.1.7 -> 24.2.6) Mesa-drivers (24.1.7 -> 24.2.6) MicroOS-release (20241107 -> 20241108) baloo-widgets (24.08.2 -> 24.08.3) bluez (5.78 -> 5.79) crun (1.18 -> 1.18.2) curl (8.10.1 -> 8.11.0) dolphin (24.08.2 -> 24.08.3) dracut-pcr-signature (0.4+2 -> 0.5+0) expat (2.6.3 -> 2.6.4) ffmpegthumbs (24.08.2 -> 24.08.3) hwdata (0.384 -> 0.389) kaccounts-integration (24.08.2 -> 24.08.3) kaccounts-integration-kf5 (24.08.2 -> 24.08.3) kaccounts-providers (24.08.2 -> 24.08.3) kate (24.08.2 -> 24.08.3) kdegraphics-mobipocket (24.08.2 -> 24.08.3) kdegraphics-thumbnailers (24.08.2 -> 24.08.3) kdenetwork-filesharing (24.08.2 -> 24.08.3) kdialog (24.08.2 -> 24.08.3) kio-extras (24.08.2 -> 24.08.3) kio-gdrive (24.08.2 -> 24.08.3) konsole (24.08.2 -> 24.08.3) kpmcore (24.08.2 -> 24.08.3) kwalletmanager (24.08.2 -> 24.08.3) libXcursor (1.2.2 -> 1.2.3) libkdcraw-qt6 (24.08.2 -> 24.08.3) libkexiv2-qt6 (24.08.2 -> 24.08.3) libkgapi6 (24.08.2 -> 24.08.3) libselinux partitionmanager (24.08.2 -> 24.08.3) passt (20240906.6b38f07 -> 20241030.ee7d0b6) python-certifi qt6-declarative signon-kwallet-extension (24.08.2 -> 24.08.3) spectacle (24.08.2 -> 24.08.3) === Details === ==== Mesa ==== Version update (24.1.7 -> 24.2.6) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - 0001-dril-Fixup-order-of-pixel-formats-in-drilConfigs.patch * fixes colors for 'swrast' driver (boo#1230637, gitlab issue#11840) - Update to release 24.2.6 - -> https://docs.mesa3d.org/relnotes/24.2.6 - added -32bit package for Mesa-libva since it's needed by Steam; reported on packman ML: https://lists.links2linux.de/pipermail/packman/2024-October/017985.html - Enable intel Vulkan backends on riscv64 (boo#1231756) - Enable iris Gallium backend on riscv64, Power and on Arm, too - Update to release 24.2.5 - -> https://docs.mesa3d.org/relnotes/24.2.5 - drop u_fix-llvm19-build.patch included in upstream - Update to release 24.2.4 - -> https://docs.mesa3d.org/relnotes/24.2.4 - u_mesa-CVE-2023-45913.patch * NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId() (CVE-2023-45913, bsc#1222040) - u_mesa-CVE-2023-45919.patch * buffer over-read in glXQueryServerString() (CVE-2023-45919, bsc#1222041) - u_mesa-CVE-2023-45922.patch * segmentation violation in __glXGetDrawableAttribute() (CVE-2023-45922, bsc#1222042) - libvdpau_gallium was linked directly into libgallium-*.so.*. Drop the subpackage and provides/obsolete it via Mesa-dri which ships libgallium-*.so.*. - drop u_fix_rust_bindgen.patch included in update - Update to release 24.2.3 - -> https://docs.mesa3d.org/relnotes/24.2.3 - disable build of rusticl on sle15; meson is just too old ... - buildrequires: rusticl needs mesa >= 1.4.0 - tlsdesc_test.patch: disable LTO in tlsdesc_test to suppress TLS relaxation (patch by Andreas Schwab <schwab@suse.de>); see also https://gitlab.freedesktop.org/mesa/mesa/-/issues/11929 - buildrequire llvm19-devel/clang19-devel on sle15-sp7 - Add u_fix-llvm19-build.patch to fix build with LLVM 19 on ARM. - Update minimum version requirements based on meson.build. - Fix build on s390x: apparently we don't have libvdpau_gallium.so. ==== Mesa-drivers ==== Version update (24.1.7 -> 24.2.6) Subpackages: Mesa-dri Mesa-gallium - 0001-dril-Fixup-order-of-pixel-formats-in-drilConfigs.patch * fixes colors for 'swrast' driver (boo#1230637, gitlab issue#11840) - Update to release 24.2.6 - -> https://docs.mesa3d.org/relnotes/24.2.6 - added -32bit package for Mesa-libva since it's needed by Steam; reported on packman ML: https://lists.links2linux.de/pipermail/packman/2024-October/017985.html - Enable intel Vulkan backends on riscv64 (boo#1231756) - Enable iris Gallium backend on riscv64, Power and on Arm, too - Update to release 24.2.5 - -> https://docs.mesa3d.org/relnotes/24.2.5 - drop u_fix-llvm19-build.patch included in upstream - Update to release 24.2.4 - -> https://docs.mesa3d.org/relnotes/24.2.4 - u_mesa-CVE-2023-45913.patch * NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId() (CVE-2023-45913, bsc#1222040) - u_mesa-CVE-2023-45919.patch * buffer over-read in glXQueryServerString() (CVE-2023-45919, bsc#1222041) - u_mesa-CVE-2023-45922.patch * segmentation violation in __glXGetDrawableAttribute() (CVE-2023-45922, bsc#1222042) - libvdpau_gallium was linked directly into libgallium-*.so.*. Drop the subpackage and provides/obsolete it via Mesa-dri which ships libgallium-*.so.*. - drop u_fix_rust_bindgen.patch included in update - Update to release 24.2.3 - -> https://docs.mesa3d.org/relnotes/24.2.3 - disable build of rusticl on sle15; meson is just too old ... - buildrequires: rusticl needs mesa >= 1.4.0 - tlsdesc_test.patch: disable LTO in tlsdesc_test to suppress TLS relaxation (patch by Andreas Schwab <schwab@suse.de>); see also https://gitlab.freedesktop.org/mesa/mesa/-/issues/11929 - buildrequire llvm19-devel/clang19-devel on sle15-sp7 - Add u_fix-llvm19-build.patch to fix build with LLVM 19 on ARM. - Update minimum version requirements based on meson.build. - Fix build on s390x: apparently we don't have libvdpau_gallium.so. ==== MicroOS-release ==== Version update (20241107 -> 20241108) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== baloo-widgets ==== Version update (24.08.2 -> 24.08.3) - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - No code change since 24.08.2 ==== bluez ==== Version update (5.78 -> 5.79) Subpackages: bluez-auto-enable-devices bluez-cups libbluetooth3 - Update to 5.79: * Fix issue with handling address type while pairing. * Add support for allowing to set A2DP transport delay. * Add support for persistent userspace HID operation. * Add support for handling syncing to multiple BISes. - Drop Fix-crash-after-bt_uhid_unregister_all.patch, merged upstream. ==== crun ==== Version update (1.18 -> 1.18.2) - Update to crun v1.18.2 Upstream changelog is available from <https://github.com/containers/crun/releases/tag/1.18.2> ==== curl ==== Version update (8.10.1 -> 8.11.0) Subpackages: libcurl4 - Update to 8.11.0: * Security fixes: [bsc#1232528, CVE-2024-9681] - curl: HSTS subdomain overwrites parent cache entry * Changes: - curl: --create-dirs works for --dump-header as well - gtls: Add P12 format support - ipfs: add options to disable - TLS: TLSv1.3 earlydata support for curl - WebSockets: make support official (non-experimental) * Bugfixes: - build: clarify CA embed is for curl tool, mark default, improve summary - build: show if CA bundle to embed was found - build: tidy up and improve versioned-symbols options - cmake/FindNGTCP2: use library path as hint for finding crypto module - cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled - cmake: rename LDAP dependency config variables to match Find modules - cmake: replace 'check_include_file_concat()' for LDAP and GSS detection - cmake: use OpenSSL for LDAP detection only if available - curl: add build options for safe/no CA bundle search (Windows) - curl: detect ECH support dynamically, not at build time - curl_addrinfo: support operating systems with only getaddrinfo(3) - ftp: fix 0-length last write on upload from stdin - gnutls: use session cache for QUIC - hsts: improve subdomain handling - hsts: support "implied LWS" properly around max-age - http2: auto reset stream on server eos - json.md: cli-option '--json' is an alias of '--data-binary' - lib: move curl_path.[ch] into vssh/ - lib: remove function pointer typecasts for hmac/sha256/md5 - libssh.c: handle EGAINS during proto-connect correctly - libssh2: use the filename buffer when getting the homedir - multi.c: warn/assert on stall only without timer - negotiate: conditional check around GSS & SSL specific code - netrc: cache the netrc file in memory - ngtcp2: do not loop on recv - ngtcp2: set max window size to 10x of initial (128KB) - openssl quic: populate x509 store before handshake - openssl: extend the OpenSSL error messages - openssl: improve retries on shutdown - quic: use send/recvmmsg when available - schannel: fix TLS cert verification by IP SAN - schannel: ignore error on recv beyond close notify - select: use poll() if existing, avoid poll() with no sockets - sendf: add condition to max-filesize check - server/mqttd: fix two memory leaks - setopt: return error for bad input to CURLOPT_RTSP_REQUEST - setopt_cptr: make overflow check only done when needed - tls: avoid abusing CURLE_SSL_ENGINE_INITFAILED - tool: support --show-headers AND --remote-header-name - tool_operate: make --skip-existing work for --parallel - url: connection reuse on h3 connections - url: use same credentials on redirect - urlapi: normalize the IPv6 address - version: say quictls in MSH3 builds - vquic: fix compiler warning with gcc + MUSL - vquic: recv_mmsg, use fewer, but larger buffers - vtls: convert Curl_pin_peer_pubkey to use dynbuf - vtls: convert pubkey_pem_to_der to use dynbuf * Rebase curl-secure-getenv.patch ==== dolphin ==== Version update (24.08.2 -> 24.08.3) Subpackages: dolphin-part libdolphinvcs6 - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - No code change since 24.08.2 ==== dracut-pcr-signature ==== Version update (0.4+2 -> 0.5+0) - Update to version 0.5+0: * Normalize spec file * Use a generator to mount ESP * Avoid race condition when multiple disks are encrypted ==== expat ==== Version update (2.6.3 -> 2.6.4) - version update to 2.6.4 * Security fixes: [bsc#1232601] [#915] CVE-2024-50602 -- Fix crash within function XML_ResumeParser from a NULL pointer dereference by disallowing function XML_StopParser to (stop or) suspend an unstarted parser. A new error code XML_ERROR_NOT_STARTED was introduced to properly communicate this situation. // CWE-476 CWE-754 * Other changes: [#903] CMake: Add alias target "expat::expat" [#905] docs: Document use via CMake >=3.18 with FetchContent and SOURCE_SUBDIR and its consequences [#902] tests: Reduce use of global parser instance [#904] tests: Resolve duplicate handler [#317] #918 tests: Improve tests on doctype closing (ex CVE-2019-15903) [#914] Fix signedness of format strings [#919] #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3) to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/ for what these numbers do ==== ffmpegthumbs ==== Version update (24.08.2 -> 24.08.3) - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - No code change since 24.08.2 ==== hwdata ==== Version update (0.384 -> 0.389) - update to 0.389: * Update pci and vendor ids - update to 0.385: * Update pci and vendor ids ==== kaccounts-integration ==== Version update (24.08.2 -> 24.08.3) Subpackages: libkaccounts6-2 - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - Changes since 24.08.2: * Categorize logging * Abort gracefully when file to remove doesn't exist (kde#495344) * Avoid dangling reference in removeNetAttach ==== kaccounts-integration-kf5 ==== Version update (24.08.2 -> 24.08.3) - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - Changes since 24.08.2: * Categorize logging * Abort gracefully when file to remove doesn't exist (kde#495344) * Avoid dangling reference in removeNetAttach ==== kaccounts-providers ==== Version update (24.08.2 -> 24.08.3) - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - No code change since 24.08.2 ==== kate ==== Version update (24.08.2 -> 24.08.3) Subpackages: kate-plugins - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - Changes since 24.08.2: * Fix sql copy/export is randomly ordered (kde#461419) * formatting: Listen to all process signals properly * KateViewSpace: Store session group name on save * Fix QString.arg calls * Add libffi8 needed by opensuse. * snapcraft: Fix ld-library-config. ==== kdegraphics-mobipocket ==== Version update (24.08.2 -> 24.08.3) - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - No code change since 24.08.2 ==== kdegraphics-thumbnailers ==== Version update (24.08.2 -> 24.08.3) - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - No code change since 24.08.2 ==== kdenetwork-filesharing ==== Version update (24.08.2 -> 24.08.3) - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - No code change since 24.08.2 ==== kdialog ==== Version update (24.08.2 -> 24.08.3) - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - No code change since 24.08.2 ==== kio-extras ==== Version update (24.08.2 -> 24.08.3) Subpackages: libkioarchive6-6 trash_kcm - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - Changes since 24.08.2: * thumbnail: image plugin add webp support * audiothumbnail and imagethumbnail: Mention supported mimetypes explicitly ==== kio-gdrive ==== Version update (24.08.2 -> 24.08.3) - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - Changes since 24.08.2: * CI: Build libkgapi from the same branch ==== konsole ==== Version update (24.08.2 -> 24.08.3) Subpackages: konsole-part - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - Changes since 24.08.2: * Fix OSC 4 past colorTable and apply the check to OSC 104 ==== kpmcore ==== Version update (24.08.2 -> 24.08.3) Subpackages: libkpmcore12 - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - No code change since 24.08.2 ==== kwalletmanager ==== Version update (24.08.2 -> 24.08.3) - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - No code change since 24.08.2 ==== libXcursor ==== Version update (1.2.2 -> 1.2.3) - Update to version 1.2.3 * Change all *LoadImage(..., size) APIs to always return a cursor with the requested size. * Remove unnecessary MIN calls * build-fix * fix compiler warnings * improve manpage formatting * trim redundant code from the resize-calls * add new property "resized" and environment "XCURSOR_RESIZED" * add getter/setter for "resized" property * restore behavior of image-loading, provide resizing via internal function * provide internal variants of existing functions to pass "resized" parameter * use resized-parameter where available when loading images * add/use _XcursorLibraryLoadImages to pass resized-parameter when loading * add debug-logging for file.c, to help with analysis * add traces for library.c and xlib.c, also another internal function for dpy * document the new XCURSOR_RESIZED environment variable and resource "resized" * document/tidy the new set/get functions * changes will suggest new release * ensure ncomment and nimage values are positive * add debug-trace for the configuration information * fix overlooked compiler-warning * reduce the message-check to ignore the over-long one * amend per merge_requests/22#note_2642034 * amend per merge_requests/22#note_2642042 * Ignore invalid cursor files ==== libkdcraw-qt6 ==== Version update (24.08.2 -> 24.08.3) Subpackages: libKDcrawQt6-5 - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - No code change since 24.08.2 ==== libkexiv2-qt6 ==== Version update (24.08.2 -> 24.08.3) Subpackages: libKExiv2Qt6-0 - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - No code change since 24.08.2 ==== libkgapi6 ==== Version update (24.08.2 -> 24.08.3) Subpackages: libKPim6GAPICore6 libKPim6GAPIDrive6 libkgapi6-sasl2-kdexoauth2 - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - No code change since 24.08.2 ==== libselinux ==== Subpackages: libselinux1 selinux-tools - Drop check_runlevel from selinux-ready script and remove restorecond from check_packages as we don't require it to be selinux-ready. ==== partitionmanager ==== Version update (24.08.2 -> 24.08.3) - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - No code change since 24.08.2 ==== passt ==== Version update (20240906.6b38f07 -> 20241030.ee7d0b6) Subpackages: passt-selinux - Update to version 20241030.ee7d0b6: * util: Don't use errno after a successful call in __daemon() * udp: Take care of cert-int09-c clang-tidy warning for enum udp_iov_idx * treewide: Address cert-err33-c clang-tidy warnings for clock and timer functions * treewide: Suppress clang-tidy warning if we already use O_CLOEXEC * Makefile: Disable readability-math-missing-parentheses clang-tidy check * treewide: Silence cert-err33-c clang-tidy warnings for fprintf() * treewide: Comply with CERT C rule ERR33-C for snprintf() * Makefile: Exclude qrap.c from clang-tidy checks * tcp: unify l2 TCPv4 and TCPv6 queues and structures * tcp: set ip and eth headers in l2 tap queues on the fly * test: remove obsolete images * tcp: cleanup tcp_buf_data_from_sock() * tcp: Use runtime tests for TCP_INFO fields * tcp: Generalise probing for tcpi_snd_wnd field * tcp: Remove compile-time dependency on struct tcp_info version * tcp_splice: fcntl(2) returns the size of the pipe, if F_SETPIPE_SZ succeeds * tcp_splice: splice() all we have to the writing side, not what we just read * tcp: Use structures to construct initial TCP options * fwd: Direct inbound spliced forwards to the guest's external address * test: Clarify test for spliced inbound transfers * passt.1: Clarify and update "Handling of local addresses" section * passt.1: Mark --stderr as deprecated more prominently * test: Wait for DAD on DHCPv6 addresses * test: Explicitly wait for DAD to complete on SLAAC addresses * arp: Fix a handful of small warts * tcp: Send "empty" handshake ACK before first data segment * test: Pass TRACE from run_term() into ./run from_term * test/lib/term: Always use printf for messages with escape sequences * conf: Add --dns-host option to configure host side nameserver * conf: Add command line switch to enable IP_FREEBIND socket option * udp: Update UDP checksum using an iovec array * tcp: Update TCP checksum using an iovec array * checksum: Add an offset argument in csum_iov() * pcap: Add an offset argument in pcap_iov() * tcp: Use tcp_payload_t rather than tcphdr * test: Kernel binary can now be passed via the KERNEL environmental variable * inany: Add inany_pton() helper * tcp, udp: Make {tcp,udp}_sock_init() take an inany address * util, pif: Replace sock_l4() with pif_sock_l4() * udp: Don't attempt to get dual-stack sockets in nonsensical cases * tcp: Allow checksum to be disabled * udp: Allow checksum to be disabled * util: Remove possible quadratic behaviour from write_remainder() * util: Add helper to write() all of a buffer * tcp: Make tcp_update_seqack_wnd()s force_seq parameter explicitly boolean * tcp: Simplify ifdef logic in tcp_update_seqack_wnd() * tcp: Clean up tcpi_snd_wnd probing * tcp: Make some extra functions private * tcp: Avoid overlapping memcpy() in DUP_ACK handling * tcp: Remove redundant initialisation of iov[TCP_IOV_ETH].iov_base ==== python-certifi ==== - Make the test suite working just with the standard library. ==== qt6-declarative ==== Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Add patch (pending upstream) to fix properties getting GC'd: (QTBUG-128789, kde#494804) * 0001-WIP-speculative-gc-fix.patch ==== signon-kwallet-extension ==== Version update (24.08.2 -> 24.08.3) - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - No code change since 24.08.2 ==== spectacle ==== Version update (24.08.2 -> 24.08.3) - Update to 24.08.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.08.3/ - Changes since 24.08.2: * work around bugged qmlcachegen (kde#494281) * Fix negative animation duration without capture on click support (kde#495216) * AnnotationViewport: fix stretching odd sized images * Revert "Make screenshots with scales multiplied or divided by integers look sharper in AnnotationViewport"