Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version=... https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&comp... Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: MicroOS-release (20241018 -> 20241023) dav1d (1.4.3 -> 1.5.0) distrobox (1.7.2.1 -> 1.8.0) dnf evolution-data-server (3.54.0 -> 3.54.1) ghostscript (10.03.1 -> 10.04.0) gjs (1.82.0 -> 1.82.1) gnome-branding-Aeon gnome-control-center (47.0.1+8 -> 47.1.1) gnome-online-accounts (3.52.0 -> 3.52.1) gnome-shell (47.0 -> 47.1) gnome-shell-extensions (47.0 -> 47.1) gnome-terminal (3.54.0 -> 3.54.1) grub2 gtk2 gtk3 gvfs (1.56.0 -> 1.56.1) hwinfo (23.2 -> 23.3) hyper-v (8 -> 9) kernel-firmware (20241001 -> 20241018) libdnf (0.73.2 -> 0.73.3) libjcat (0.2.1 -> 0.2.2) libunistring (1.2 -> 1.3) mutter (47.0+19 -> 47.1) nautilus (47.0+8 -> 47.0+14) ncurses (6.5.20240928 -> 6.5.20241019) open-vm-tools (12.4.5 -> 12.5.0) openssl-3 patterns-base pipewire podman python-blinker (1.7.0 -> 1.8.2) python-certifi (2024.7.4 -> 2024.8.30) python-charset-normalizer (3.3.2 -> 3.4.0) python-cryptography (43.0.1 -> 43.0.3) qt6-base runc (1.2.0~rc3 -> 1.2.0) samba (4.21.0+git.363.84c94ca948f -> 4.21.1+git.367.e1da597d86e) selinux-policy (20240930 -> 20241021) u-boot-rpiarm64 vte (0.78.0 -> 0.78.1) webkit2gtk3 (2.46.1 -> 2.46.2) webkit2gtk4 (2.46.1 -> 2.46.2) wireplumber xf86-input-libinput (1.4.0 -> 1.5.0) xfsprogs (6.10.1 -> 6.11.0) xz (5.6.2 -> 5.6.3) zlib-ng-compat (2.2.1 -> 2.2.2) === Details === ==== MicroOS-release ==== Version update (20241018 -> 20241023) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== dav1d ==== Version update (1.4.3 -> 1.5.0) - Update to version 1.5.0 * WARNING: we removed some of the SSE2 optimizations, so if you care about systems without SSSE3, you should be careful when updating! * Optimize index offset calculations for decode_coefs * picture: copy HDR10+ and T35 metadata only to visible frames * SSSE3 new optimizations for 6-tap (8bit and hbd) * AArch64/SVE: Add HBD subpel filters using 128-bit SVE2 * AArch64: Add USMMLA implempentation for 6-tap H/HV * AArch64: Optimize Armv8.0 NEON for HBD horizontal filters and 6-tap filters * Power9: Optimized ITX till 16x4. * Loongarch: numerous optimizations * RISC-V optimizations for pal, cdef_filter, ipred, mc_blend, mc_bdir, itx * Allow playing videos in full-screen mode in dav1dplay ==== distrobox ==== Version update (1.7.2.1 -> 1.8.0) Subpackages: distrobox-bash-completion - update to 1.8.0 * Improvements + Improvements on Nvidia integration + Improvements on XDG_* env variables management + Remote distrobox assemble files! Keep them remote with distrobox assemble create --file https://foo.com/file.ini! + A lot of new container distros, from @ublue-os and @toolbx-images, New Fedora, Ubuntu, Alpine and @wolfi-dev wolfi-toolbox! * all: ensure env variables are set and have values * all: use registry.fedoraproject.org/fedora-toolbox:latest image by default, Fix #1402 * assemble: add support for remote manifest files * assemble: ensure variables are reset correctly * assemble: fix name detection with hyphens, Fix #1507 * assemble: fix possible empty lines, Fix #1514 * assemble: improve handling of hooks, pass around b64 encoded string to avoid unwanted evaluations * compatibility: add missing url for ubuntu:23.04 by @sheevy in #1439 * create: better explain init/pre-init hooks * create: ignore trailing slashes on custom homes, Fix #1575 * docs: Add kali icon by @andyspectre in #1451 * docs: Document support for alpine 3.20 containers by @Ferenc- in #1504 * docs: Fix issue with user not having permissions to write containers.conf by @nhermosilla14 in #1456 * docs: Seperate curl and wget commands by @axtloss in #1434 * docs: Update microos -> aeon/kalpa in docs by @TheRsKing in #1427 * docs: Update openSUSE and SLES compatibility guide by @alexandrevicenzi in #1489 * docs: add BlackaArch Linux compatibility, Fix #1358 * docs: add compatibility with ghcr.io/ublue-os/bluefin-cli, Fix #1453 * docs: document an official way to detect when you're in a distrobox * docs: document pipewire/alsa packages for ubuntu initful containers. Fix #1374 * docs: fix subuids spelling mistake by @yocoldle in #1431 * docs: fix link for Crystal linux. Fix #1418 * docs: fix linting * docs: fix obsolete Chainguard Wolfi notes * docs: point to new nixos wiki by @Mic92 in #1384 * docs: remove rhel-toolbox image from compatibility, it's now behind paywall * docs: support for 3d acceleration in: run_libvirt_in_distrobox.md by @TheRsKing in #1426 * docs: update compatibility, add ublue toolboxes, update Alpine and Fedora versions, Fix #1501 * docs: update vscode integration docs * enter: Fix distrobox-enter and distrobox-rm to handle containers that have environment variables shorter than 5 symbols by @senioroman4uk in #1545 * enter: Fix support for Active Directory usernames including backslashes pt. 2 by @phoppermann in #1458 * enter: fix additional flags evaluation, Fix #1541 * enter: fix docker timestamp incompatibility, Fix #1382, Fix #1424, Fix #1392 * enter: fix regression in login for initful container, Fix #1428 * enter: get rid of eval and pass arguments using set. This will avoid maniupulating args, and simplify our life. Fix #749, Fix #1461 * enter: improve positional args handling, treat enter command accordingly, improve comments explaining the black magic * export: Actually fix XDG_DATA_DIRS and XDG_DATA_HOME handling by @TigerGorilla2 in #1582 * export: Fix XDG_DATA_DIRS and XDG_DATA_HOME handling by @e-luks in #1496 * export: ensure destpath exists, Fix #1405 * export: fix CONTAINER_ID fallback * export: fix grep errors on list-apps * export: improve documentation of the spec. Fix #1444 * export: simplify and cleanup code * export: support exporting app launchers by full-path. * extras: vscode- improve podman wrapper, add docker wrapper, fix reconnections * fix for 1440 by @dtg01100 in #1441 * fix: init package in Gentoo Stage3 image by @xz-dev in #1455 * fix:[#1525] handle container creation failure by @jardon in #1526 * generate-entry: add 'Remove' action to entry, Fix #1433 * generate-entry: add timeout to downloads, Fix #1459 * generate-entry: fix generic icon download and setup * generate-entry: fix linting * generate-entry: use XDG_DATA_HOME by @Samueru-sama in #1468 * host-exec: fix arm naming, Fix #1442 * host-exec: fix host-spawn version * host-exec: update host-spawn version * init: fix arch locale-gen by @Boria138 in #1520 * init: Exclude repos from bind-mounting by @lunacd in #1503 * init: Fix SHELL using absolute path and disable duplicate profile inclusion by @eugenesan in #1397 * init: Generate host locales in container (fixed issue #1399) by @Boria138 in #1404 * init: add fallback values for host locale variables * init: add iputils * init: add iputils in setup_pacman by @intzaaa in #1576 * init: apt-get upgrade, force keeping old configs when non interactive * init: arrange package manager to avoid conflicts when using more than one (eg: packaging containers) * init: auto-link /usr/bin/flatpak, to better support opening links on host's browser, if those are flatpaks * init: do not fail in "Setting up read-only mounts" if findmnt does not exist by @phoppermann in #1454 * init: ensure we have DBUS variables set for host-spawn to work in login scripts, Fix #1383 * init: fallback case where mounting /etc/localtime fails, Fix #1435 * init: fix detection of 32bit nvidia libs on suse family * init: fix failing chpasswd on systemd-homed managed users, Fix #1423 * init: fix locale generation for minimal images * init: fix locale generation on musl and older systems * init: fix missing allowerasing flag for dnf * init: fix nvidia integration mounting files from boost libs, Fix #1500 * init: fix nvidia integration, improve search of nvidia files, Fix #1500 * init: fix typo in fallback locale values * init: fix udev clash on rootful initful systems * init: fix void-linux failing due to runit, Fix #1380 * init: perform upgrade before setting up archlinux packages * init: proper fix for void extraction paths. Fix #1457 * init: remove su-exec workaround for Wolfi, now that it supports proper sudo * init: rework package managment code * init: separate 'mount --rbind -o rslave ...' into 'mount --rbind ...'… by @timwa0669 in #1583 * rm: Fix distrobox-enter and distrobox-rm to handle containers that have environment variables shoter than 5 symbols by @senioroman4uk in #1545 * rm: add fallback value to response_force * rm: ask to force-delete if running and in interactive mode * rm: fix IFS overwriting, Fix #1400 * rm: remove dead code, remove container volumes. ==== dnf ==== - Do not recommend -lang package: the lang package has already the relevant supplements in place. ==== evolution-data-server ==== Version update (3.54.0 -> 3.54.1) Subpackages: libcamel-1_2-64 libebackend-1_2-11 libebook-1_2-21 libebook-contacts-1_2-4 libecal-2_0-3 libedata-book-1_2-27 libedata-cal-2_0-2 libedataserver-1_2-27 libedataserverui-1_2-4 - Update to version 3.54.1: + Bug Fixes: - Pass GError instead of CamelException to camel_movemail_solaris - Fix argument types in ENABLE_BROKEN_SPOOL code - Use GIConv instead of iconv_t with iconv wrappers - ESoupSession: Sometimes accesses server without OAuth2 token + Updated translations. ==== ghostscript ==== Version update (10.03.1 -> 10.04.0) - update to 10.04.0 (bsc#1232173): * Amongst other general bugs fixes, this release addresses: + CVE-2024-46951 + CVE-2024-46952 + CVE-2024-46953 + CVE-2024-46954 + CVE-2024-46955 + CVE-2024-46956 ==== gjs ==== Version update (1.82.0 -> 1.82.1) Subpackages: libgjs0 typelib-1_0-GjsPrivate-1_0 - Update to version 1.82.1: + Fixed gnome-shell crash when switching user after upgrade from Fedora 40 to Fedora 41 ==== gnome-branding-Aeon ==== - Change default recommended flatpaks, install Ptyxis, offer a PDF viewer ==== gnome-control-center ==== Version update (47.0.1+8 -> 47.1.1) Subpackages: gnome-control-center-color gnome-control-center-goa - Update to version 47.1.1: + Fix crash on display scales > 1 due to conflicting type registration. - Update to version 47.1: + About: Allow FQDN hostnames + Appearance: Fix thumbnailing of backgrounds causing OOM kills + Date and Time: Fix resize issue in the time format row when shown in small window sizes + Online Accounts: Fix untranslated account provider info string + Region and Language: Update language row after closing language selector + Remote Desktop: Hide "Remote Desktop" row when gnome-remote-desktop is not available + Wacom: - Don't crash when handling an unknown stylus ID - Don't show Map Buttons for fallback devices - Handle all external remotes like an external TV remote-like device - Make assets recolaborable, supporting dark-style, high-contrast, and accent colors - Support HDPI for tablet/stylus illustration images + Updated translations. ==== gnome-online-accounts ==== Version update (3.52.0 -> 3.52.1) Subpackages: libgoa-1_0-0 libgoa-backend-1_0-2 - Update to version 3.52.1: + Bugs fixed: - goakerberosprovider: don't assume all errors are auth errors - goaoauthprovider: fix expected NULL GError + Updated translations. ==== gnome-shell ==== Version update (47.0 -> 47.1) Subpackages: gnome-shell-calendar - Update to version 47.1: + Improve quick settings accessibility + Use accent color in tablet configuration UI + Improve accuracy of inset box shadows + Fix `PopupSwitchMenuItem::toggled` passing wrong state + Consider text direction when handling arrow keys in sliders + Fix layout issues with new dialog style + Fix uneven padding in notification headers + Fixed crash + Misc. cleanups and bug + Updated translations. ==== gnome-shell-extensions ==== Version update (47.0 -> 47.1) Subpackages: gnome-shell-classic gnome-shell-extensions-common - Update to version 47.1: + classic: Add missing top-bar indicators + window-list: - Fix window state styling - Fix "ignore-workspace" setting getting reset + Misc. bug fixes and cleanups ==== gnome-terminal ==== Version update (3.54.0 -> 3.54.1) Subpackages: nautilus-extension-terminal - Update to version 3.54.1: + prefs: Follow the theme variant setting + Updated translations. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin - Fix error: /boot/grub2/x86_64-efi/bli.mod not found (bsc#1231591) - Keep grub packaging and dependencies in the SLE-12 and SLE-15 builds - Power guest secure boot with key management (jsc#PED-3520) (jsc#PED-9892) * 0001-ieee1275-Platform-Keystore-PKS-Support.patch * 0002-ieee1275-Read-the-DB-and-DBX-secure-boot-variables.patch * 0003-appendedsig-The-creation-of-trusted-and-distrusted-l.patch * 0004-appendedsig-While-verifying-the-kernel-use-trusted-a.patch * 0005-appendedsig-The-grub-command-s-trusted-and-distruste.patch * 0006-appendedsig-documentation.patch * 0007-mkimage-create-new-ELF-Note-for-SBAT.patch * 0008-mkimage-adding-sbat-data-into-sbat-ELF-Note-on-power.patch * grub2.spec : Building signed grub.elf with SBAT metadata - Support for NVMe multipath splitter (jsc#PED-10538) * 0001-ieee1275-support-added-for-multiple-nvme-bootpaths.patch - Deleted path (jsc#PED-10538) * 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch * 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch - Fix not a directory error from the minix filesystem, as leftover data on disk may contain its magic header so it gets misdetected (bsc#1231604) * grub2-install-fix-not-a-directory-error.patch ==== gtk2 ==== Subpackages: gtk2-tools libgtk-2_0-0 - Eliminate usage of update-alternatives: + Drop gtk-update-icon-cache and relevant man page. We rely solely on GTK3 to perform this caching task. ==== gtk3 ==== Subpackages: gtk3-data gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Eliminate usage of update-alternatives: GTK2 no longer provides gtk-update-icon-cache, thus eliminating the need for this extra complexity. ==== gvfs ==== Version update (1.56.0 -> 1.56.1) Subpackages: gvfs-backend-afc gvfs-backend-goa gvfs-backend-samba gvfs-backends gvfs-fuse - Update to version 1.56.1: + udisks2: Increasing reference count when updating volume to fix crashes + onedrive: - Use names instead of id for events to fix monitoring - Add missing replace stream to fix crashes - onedrive: Fix double free during cache rebuild to fix crashes + dav: Recognize the 409 status to fix creation of parent directories + Updated translations. ==== hwinfo ==== Version update (23.2 -> 23.3) Subpackages: libhd23 - merge gh#openSUSE/hwinfo#148 - avoid reporting of spurious usb storage devices (bsc#1223330) - 23.3 ==== hyper-v ==== Version update (8 -> 9) - Add memory allocation check in hv_fcopy_start (94e86b17) - suppress the invalid warning for packed member alignment (207e03b0) - Add new fcopy application based on uio driver (82b0945c) - Add vmbus_bufring (45bab4d7) - kvp: Handle IPv4 and Ipv6 combination for keyfile format (f971f6dd) - kvp: Some small fixes for handling NM keyfiles (c3803203) - kvp: Support for keyfile based connection profile (42999c90) - kvp: remove unnecessary (void*) conversions (22589542) - Remove an extraneous "the" (f15f39fa) - change http to https in hv_kvp_daemon.c (fa52a4b2) - replace the copy of include/linux/hyperv.h with include/uapi/linux/hyperv.h (6de74d10) - merge individual udev rules files into a single rules file - package only files, not directories already owned by filesystem.rpm - remove braces from rpm spec macros - remove obsolete Group tag - replace RPM_BUILD_ROOT with buildroot - use a meaningful name for the UAPI include file - use a meaningful variable name for ifcfg in hv_set_ifconfig.sh ==== kernel-firmware ==== Version update (20241001 -> 20241018) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20241018 (git commit 2f0464118f40): * check_whence.py: skip some validation if git ls-files fails * qcom: Add Audio firmware for X1E80100 CRD/QCPs * amdgpu: DMCUB updates forvarious AMDGPU ASICs * brcm: replace NVRAM for Jetson TX1 * rtlwifi: Update firmware for RTL8192FU to v7.3 * make: separate installation and de-duplication targets * check_whence.py: check the permissions * Remove execute bit from firmware files * configure: remove unused file * rtl_nic: add firmware rtl8125d-1 - Update to version 20241014 (git commit 99f9c7ed1f4a): * iwlwifi: add gl/Bz FW for core91-69 release * iwlwifi: update ty/So/Ma firmwares for core91-69 release * iwlwifi: update cc/Qu/QuZ firmwares for core91-69 release * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for a Lenovo Laptop * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for some ASUS laptops * cirrus: cs35l56: Add firmware for Cirrus Amps for some HP laptops * linux-firmware: update firmware for en8811h 2.5G ethernet phy * QCA: Add Bluetooth firmwares for WCN785x with UART transport - Update to version 20241011 (git commit 808cba847c70): * mtk_wed: add firmware for mt7988 Wireless Ethernet Dispatcher * ath12k: WCN7850 hw2.0: update board-2.bin (bsc#1230596) * ath12k: QCN9274 hw2.0: add to WLAN.WBE.1.3.1-00162-QCAHKSWPL_SILICONZ-1 * ath12k: QCN9274 hw2.0: add board-2.bin * copy-firmware.sh: rename variables in symlink hanlding * copy-firmware.sh: remove no longer reachable test -L * copy-firmware.sh: remove no longer reachable test -f * copy-firmware.sh: call ./check_whence.py before parsing the file * copy-firmware.sh: warn if the destination folder is not empty * copy-firmware.sh: add err() helper * copy-firmware.sh: fix indentation * copy-firmware.sh: reset and consistently handle destdir * Revert "copy-firmware: Support additional compressor options" * copy-firmware.sh: flesh out and fix dedup-firmware.sh * Style update yaml files * editorconfig: add initial config file * check_whence.py: annotate replacement strings as raw * check_whence.py: LC_ALL=C sort -u the filelist * check_whence.py: ban link-to-a-link * check_whence.py: use consistent naming * Add a link from TAS2XXX1EB3.bin -> ti/tas2781/TAS2XXX1EB30.bin * tas2781: Upload dsp firmware for ASUS laptop 1EB30 & 1EB31 - Skip invocation of check_whence.py at copying: copy-file-skip-check.patch - Refresh copy-file-ignore-README.patch - Drop obsoleted --ignore-duplicates option to copy-firmware.sh - Drop the ath12k workaround again - Update to version 20241010 (git commit d4e688aa74a0): * rtlwifi: Add firmware v39.0 for RTL8192DU * Revert "ath12k: WCN7850 hw2.0: update board-2.bin" (replaced with a newer firmware in this package instead) - update aliases - Update to version 20241004 (git commit bbb77872a8a7): * amdgpu: DMCUB DCN35 update * brcm: Add BCM4354 NVRAM for Jetson TX1 * brcm: Link FriendlyElec NanoPi M4 to AP6356S nvram ==== libdnf ==== Version update (0.73.2 -> 0.73.3) Subpackages: libdnf-repo-config-zypp libdnf2 - version update to 0.73.3 * Support colon in username, use LRO_USERNAME and LRO_PASSWORD * Set pool flag to fix pool_addfileprovides_queue() without filelists.xml * Fix a memory leak in glob_for_cachedir() ==== libjcat ==== Version update (0.2.1 -> 0.2.2) - Update to version 0.2.2: + New Features: - Add bt-logindex blob kind. + Bugfixes: - Increase test coverage for ED25519 support. - Save the auto-generated private key with 0600 file permissions. - Switch ED25519 support to not directly using Nettle. ==== libunistring ==== Version update (1.2 -> 1.3) - update to 1.3: * Support Unicode version 16.0.0 ==== mutter ==== Version update (47.0+19 -> 47.1) - Update to version 47.1: + gwakeup: Reduce wake-ups to only first item in queue + x11: Reduce chances XPending does recvmsg() syscall + Fix grabbing tablet devices + Fix misplaced windows and random resizes on scaled monitors + Fix explicit sync with virtual monitors w/o pipewire streams + Improve detecting preferred primary devices + Fixed crashes + Misc. bug fixes and cleanups + Updated translations. - Update to version 47.0+24: * stage-impl: Ensure that a sync object is created in headless mode * backends/x11: Avoid potential crash in pad_switch_mode * display: Do not crash attempting to display OSD for unknown Wacom device * wayland/drm-lease: Do not add connector twice on lease disappeared * wayland/drm-lease: Hold device fd when listing leases ==== nautilus ==== Version update (47.0+8 -> 47.0+14) Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension4 - Update to version 47.0+14: * nautilus-tag-manager: Drop tinysparql 2to3 migration * Updated translations. ==== ncurses ==== Version update (6.5.20240928 -> 6.5.20241019) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20241019 + fixes for compiler warnings/cppcheck. + build-fixes for DJGPP configuration (patches by Stas Sergeev) - Add ncurses patch 20241006 + fixes for compiler warnings/cppcheck. + use xterm+alt+title in wezterm -TD ==== open-vm-tools ==== Version update (12.4.5 -> 12.5.0) Subpackages: libvmtools0 - convert to obs_scm - update to 12.5.0 (boo#1231826): There are no new features in the open-vm-tools 12.5.0 release. This is primarily a maintenance release that addresses a few critical problems, including: * A Github pull request has been integrated. Please see the Resolved Issues section of the Release Notes. * For a more complete list of issues resolved in this release, see the Resolved Issues section of the Release Notes. For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-12.5.0 Release Notes are available at: https://github.com/vmware/open-vm-tools/blob/stable-12.5.0/ReleaseNotes.md The granular changes that have gone into the 12.5.0 release are in the ChangeLog at: https://github.com/vmware/open-vm-tools/blob/stable-12.5.0/open-vm-tools/Cha... ==== openssl-3 ==== Subpackages: libopenssl3 - Security fix: [bsc#1231741, CVE-2024-9143] * Low-level invalid GF(2^m) parameters lead to OOB memory access * Add openssl-CVE-2024-9143.patch - Security fix: [bsc#1220262, CVE-2023-50782] * Implicit rejection in PKCS#1 v1.5 * Add openssl-CVE-2023-50782.patch ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - In case of doubt, also favor libz1-32bit over libz-ng1-compat for the time being. ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add patch from upstream to fix a crash with broadcasting sinks: * 0001-bluez5-fix-crash-with-broadcast-sinks.patch - Add patch from upstream to actually clear the mix io areas when being asked to clear it. Otherwise crashes might happen: * 0002-jack-actually-clear-the-mix-io.patch ==== podman ==== - Add patch for CVE-2024-9676 (bsc#1231698): * 0002-Use-securejoin.SecureJoin-when-forming-userns-paths.patch - Rebase patch: * 0001-Properly-validate-cache-IDs-and-sources.patch ==== python-blinker ==== Version update (1.7.0 -> 1.8.2) - update to 1.8.2: * Simplify type for _async_wrapper and _sync_wrapper arguments. :pr:`156` * Restore identity handling for str and int senders. :pr:`148` * Fix deprecated blinker.base.WeakNamespace import. :pr:`149` * Fix deprecated blinker.base.receiver_connected import. :pr:`153` * Use types from collections.abc instead of typing. :pr:`150` * Fully specify exported types as reported by pyright. :pr:`152` * Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("blinker"), instead. :issue:`128` * Specify that the deprecated temporarily_connected_to will be removed in the next version. * Show a deprecation warning for the deprecated global receiver_connected signal and specify that it will be removed in the next version. * Show a deprecation warning for the deprecated WeakNamespace and specify that it will be removed in the next version. * Greatly simplify how the library uses weakrefs. This is a significant change internally but should not affect any public API. :pr:`144` * Expose the namespace used by signal() as default_namespace. :pr:`145` - add remove-sphinxextensions.patch to remove an optional sphinxextension ==== python-certifi ==== Version update (2024.7.4 -> 2024.8.30) - update to 2024.8.30: added certs: * TWCA CYBER Root CA O=TAIWAN-CA OU=Root CA * SecureSign Root CA12 O=Cybertrust Japan Co., Ltd. * SecureSign Root CA14 O=Cybertrust Japan Co., Ltd. * SecureSign Root CA15 O=Cybertrust Japan Co., Ltd. ==== python-charset-normalizer ==== Version update (3.3.2 -> 3.4.0) - update to 3.4.0: * Argument `--no-preemptive` in the CLI to prevent the detector to search for hints. * Support for Python 3.13 * Relax the TypeError exception thrown when trying to compare a CharsetMatch with anything else than a CharsetMatch. * Improved the general reliability of the detector based on user feedbacks. (#520) (#509) (#498) (#407) * Declared charset in content (preemptive detection) not changed when converting to utf-8 bytes. ==== python-cryptography ==== Version update (43.0.1 -> 43.0.3) - update to 43.0.3: * Fixed release metadata for cryptography-vectors * Fixed compilation when using LibreSSL 4.0.0. ==== qt6-base ==== Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6Widgets6 libQt6Xml6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-printsupport-cups qt6-sql-sqlite - Add patch to fix qxmpp test failures (gh#qxmpp-project/qxmpp#659): * 0001-QUuid-restore-sorting-order-of-Qt-6.8.patch - Add patch to fix potential crash with QDirIterator (QTBUG-130142): * 0001-QDirIterator-don-t-crash-with-next-after-hasNext-ret.patch ==== runc ==== Version update (1.2.0~rc3 -> 1.2.0) - Update to runc v1.2.0. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.2.0>. ==== samba ==== Version update (4.21.0+git.363.84c94ca948f -> 4.21.1+git.367.e1da597d86e) Subpackages: libldb2 samba-ad-dc-libs samba-client samba-client-libs samba-libs - Adjust spec to split out rpcd_* binaries into a separate sub package; (bsc#1231414). - Update to 4.21.1 * DH reconnect error handling can lead to stale sharemode entries; (bso#15624). * "inherit permissions = yes" triggers assert() in vfs_default when creating a stream; (bso#15695). * Samba 4.21.0 broke FreeIPA domain member integration; (bso#15715). * Missing conversion for msDS-UserTGTLifetime, msDS- ComputerTGTLifetime and msDS-ServiceTGTLifetime on "samba- tool domain auth policy modify"; (bso#15692). * irpc_destructor may crash during shutdown; (bso#15280). * Durable handle is not granted when a previous OPEN exists with NoOplock; (bso#15649). * Durable handle is granted but reconnect fails; (bso#15651). * Disconnected durable handles with RH lease should not be purged by a new non conflicting open; (bso#15708). * net ads testjoin and other commands use the wrong secrets.tdb in a cluster; (bso#15714). * 4.21 using --with-system-mitkrb5 requires MIT krb5 1.16 as rfc 8009 etypes are used; (bso#15726). * VFS_OPEN_HOW_WITH_BACKUP_INTENT breaks shadow_copy2; (bso#15730). * Samba 4.20.0 DLZ module crashes BIND on startup; (bso#15643). * Cannot build libldb lmdb backend on a build without AD DC; (bso#15721). * Consistent log level for sighup handler; (bso#15706). ==== selinux-policy ==== Version update (20240930 -> 20241021) Subpackages: selinux-policy-targeted - Update to version 20241021: * rsync: add rsync_exec_commands boolean and enable it by default (bsc#1231494) * Allow snapperd to execute systemctl (bsc#1231489) - Update to version 20241018: * Allow slpd to create TCPDIAG netlink socket (bsc#1231491) * Allow slpd to use sys_chroot (bsc#1231491) * Allow openvswitch-ipsec use strongswan (bsc#1231493) ==== u-boot-rpiarm64 ==== Subpackages: u-boot-rpiarm64-doc Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2024.10 * Patches added: 0018-Revert-riscv-dts-jh7110-Update-qspi.patch boo#1231674 ==== vte ==== Version update (0.78.0 -> 0.78.1) - Update to version 0.78.1: + build: - Prepend python to minifont coverage cmd - Add missing includes + widget: - Improve the robustness of ringview updating - Make sure to update the ringview after a widget resize - termprops: Fix for double termprops + draw: - gsk: . Use fill_n to fill background . Draw cell background using scaled texture - Fix background drawing offset + tests: Remove excessive constrexpr ==== webkit2gtk3 ==== Version update (2.46.1 -> 2.46.2) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles - Update to version 2.46.2: + Own well-known bus name on a11y bus. + Improve memory consumption when putImageData is used repeatedly on accelerated canvas. + Disable cached web process suspension for now to prevent leaks. + Improve text kerning with different combinations of antialias and hinting settings. + Destroy all network sessions on process exit. + Fix visible rectangle calculation when there are animations. + Fix the build with ENABLE_NOTIFICATIONS=OFF. + Fix the build with ENABLE_FULLSCREEN_API=OFF. + Fix the build with ENABLE_WEB_AUDIO=OFF. + Fix the build on ppc64le. + Fix several crashes and rendering issues. - Drop bug281495.patch: fixed upstream. ==== webkit2gtk4 ==== Version update (2.46.1 -> 2.46.2) Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 webkitgtk-6_0-injected-bundles - Update to version 2.46.2: + Own well-known bus name on a11y bus. + Improve memory consumption when putImageData is used repeatedly on accelerated canvas. + Disable cached web process suspension for now to prevent leaks. + Improve text kerning with different combinations of antialias and hinting settings. + Destroy all network sessions on process exit. + Fix visible rectangle calculation when there are animations. + Fix the build with ENABLE_NOTIFICATIONS=OFF. + Fix the build with ENABLE_FULLSCREEN_API=OFF. + Fix the build with ENABLE_WEB_AUDIO=OFF. + Fix the build on ppc64le. + Fix several crashes and rendering issues. - Drop bug281495.patch: fixed upstream. ==== wireplumber ==== Subpackages: libwireplumber-0_5-0 wireplumber-audio - Add patch from upstream to fix switching automatically the profile of non-bluetooth devices (boo#1231815): * 0001-autoswitch-bluetooth-profile-switch-only-Bluetooth-devices.patch - Add patch from upstream to fix switching automatically the profile when starting some apps and then switching to the previous profile: * 0002-autoswitch-bluetooth-profile-Switch-to-HSP_HFP-on-timeout.patch - Add patches from upstream to fix a couple of memory leaks: * 0003-m-mixer-api-Fix-memory-in-leak-wp_mixer_api_set_volume.patch * 0004-module-dbus-connection-fix-GCancellable-leak.patch ==== xf86-input-libinput ==== Version update (1.4.0 -> 1.5.0) - Update to version 1.5.0: * the compose and kana LEDs are now supported * tablet tools now have a property to indicate the tool serial and hw id (if any) * libinput's tablet tool pressure range config is now supported * libinput's clickfinger button map config is now supported * we remap some higher keycodes to FK20 and friends, paving the way for systemd/udev to map those properly in their hwdb files ==== xfsprogs ==== Version update (6.10.1 -> 6.11.0) - update to 6.11.0 - mkfs: break up the rest of the rtinit() function - mkfs: clean up the rtinit() function - xfs_repair: use library functions for orphanage creation - xfs_repair: use library functions to reset root/rbm/rsum inodes - xfs_repair: don't crash in get_inode_parent - xfs_repair: fix exchrange upgrade - xfs_db: port the iunlink command to use the libxfs iunlink function - xfs_db/mdrestore/repair: don't use the incore struct xfs_sb for offsets into struct xfs_dsb - xfs_db/mkfs/xfs_repair: port to use XFS_ICREATE_UNLINKABLE - xfs_db: port the unlink command to use libxfs_droplink - libxfs: implement get_random_u32 - libxfs: remove libxfs_dir_ialloc - libxfs: backport inode init code from the kernel - libxfs: pack icreate initialization parameters into a separate structure - xfs_io: add RWF_ATOMIC support to pwrite - libfrog: emulate deprecated attrlist functionality in libattr - misc: clean up code around attr_list_by_handle calls - fsck.xfs: fix fsck.xfs run by different shells when fsck.mode=force is set - libxfs: provide a memfd_create() wrapper if not present in libc - xfs_io: Fix fscrypt macros ordering - man: Update unit for fsx_extsize and fsx_cowextsize - xfs_db: release ip resource before returning from get_next_unlinked() - libxfs: kernel sync - ------------------------------------------------------------------ ==== xz ==== Version update (5.6.2 -> 5.6.3) Subpackages: liblzma5 - Update to 5.6.3: * liblzma: - Fix x86-64 inline assembly compatibility with GNU Binutils older than 2.27. - Fix the build with GCC 4.2 on OpenBSD/sparc64. * xzdec: Display an error instead of failing silently if the unsupported option -M is specified. * lzmainfo: Fix integer overflows when rounding the dictionary and uncompressed sizes to the nearest mebibyte. * Autotools-based build: - Fix feature checks with link-time optimization (-flto). - Solaris: Fix a compatibility issue in version.sh. It matters if one wants to regenerate configure by running autoconf. * CMake: - Use paths relative to ${prefix} in liblzma.pc when possible. This is done only with CMake >= 3.20. - Prefer a C11 compiler over a C99 compiler but accept both. - Link Threads::Threads against liblzma using PRIVATE so that - pthread and such flags won't unnecessarily get included in the usage requirements of shared liblzma. That is, target_link_libraries(foo PRIVATE liblzma::liblzma) no longer adds -pthread if using POSIX threads and linking against shared liblzma. The threading flags are still added if linking against static liblzma. * Updated translations: Catalan, Chinese (simplified), and Brazilian Portuguese. ==== zlib-ng-compat ==== Version update (2.2.1 -> 2.2.2) - Update to 2.2.2: * Changelog at https://github.com/zlib-ng/zlib-ng/releases/tag/2.2.2 - Install the ld.so configuration file also with the -32bit package, as otherwise biarch installs won't find that library (boo#1232065).