Packages changed:
MozillaFirefox (131.0.2 -> 131.0.3)
dav1d (1.4.3 -> 1.5.0)
evolution (3.54.0 -> 3.54.1)
evolution-data-server (3.54.0 -> 3.54.1)
evolution-ews (3.54.0 -> 3.54.1)
gimp
gtk2
gtk3
gvfs (1.56.0 -> 1.56.1)
libnbd (1.20.2 -> 1.20.3)
libpipeline (1.5.7 -> 1.5.8)
libunistring (1.2 -> 1.3)
man (2.12.1 -> 2.13.0)
nbdkit (1.40.3 -> 1.40.4)
nvidia-open-driver-G06-signed-cuda (555.42.06_k6.11.3_1 -> 555.42.06_k6.11.3_2)
openSUSE-release (20241018 -> 20241021)
openssl-3
selinux-policy (20240930 -> 20241018)
unbound (1.21.1 -> 1.22.0)
xf86-input-evdev (2.10.6 -> 2.11.0)
xf86-input-libinput (1.4.0 -> 1.5.0)
=== Details ===
==== MozillaFirefox ====
Version update (131.0.2 -> 131.0.3)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 131.0.3
* some users could not access the Bill Pay portion of their
bank's site (bmo#1923500)
* some VR180 and 360 videos were not properly rendering on YouTube
(bmo#1922278)
* Fixed a crash that Windows users with Avast or AVG security
software were experiencing when visiting certain sites. (bmo#1919678)
* "List all tabs" button was not able to be moved from the toolbar
(bmo#1918681)
NFSA 2024-53
* CVE-2024-9936 (bmo#1920381)
Undefined behavior in selection node cache
- remove obsolete mozilla-rust-disable-future-incompat.patch
==== dav1d ====
Version update (1.4.3 -> 1.5.0)
- Update to version 1.5.0
* WARNING: we removed some of the SSE2 optimizations, so if
you care about systems without SSSE3, you should be careful
when updating!
* Optimize index offset calculations for decode_coefs
* picture: copy HDR10+ and T35 metadata only to visible frames
* SSSE3 new optimizations for 6-tap (8bit and hbd)
* AArch64/SVE: Add HBD subpel filters using 128-bit SVE2
* AArch64: Add USMMLA implempentation for 6-tap H/HV
* AArch64: Optimize Armv8.0 NEON for HBD horizontal filters
and 6-tap filters
* Power9: Optimized ITX till 16x4.
* Loongarch: numerous optimizations
* RISC-V optimizations for pal, cdef_filter, ipred, mc_blend,
mc_bdir, itx
* Allow playing videos in full-screen mode in dav1dplay
==== evolution ====
Version update (3.54.0 -> 3.54.1)
Subpackages: evolution-lang evolution-plugin-spamassassin
- Update to version 3.54.1:
+ Bug Fixes: Missing sender's S/MIME certificate import button
+ Miscellaneous:
- libgnomecanvas: Add few checks for argument validity
- WebKitGTK 2.46.1: Middle mouse button inserts primary
clipboard twice
+ Updated translations.
==== evolution-data-server ====
Version update (3.54.0 -> 3.54.1)
Subpackages: evolution-data-server-lang libcamel-1_2-64 libebackend-1_2-11 libebook-1_2-21 libebook-contacts-1_2-4 libecal-2_0-3 libedata-book-1_2-27 libedata-cal-2_0-2 libedataserver-1_2-27 libedataserverui-1_2-4
- Update to version 3.54.1:
+ Bug Fixes:
- Pass GError instead of CamelException to
camel_movemail_solaris
- Fix argument types in ENABLE_BROKEN_SPOOL code
- Use GIConv instead of iconv_t with iconv wrappers
- ESoupSession: Sometimes accesses server without OAuth2 token
+ Updated translations.
==== evolution-ews ====
Version update (3.54.0 -> 3.54.1)
Subpackages: evolution-ews-lang
- Update to version 3.54.1:
+ Bug Fixes:
- m365: Mails do not have set size in summary
- m365: Fails to save a message in the Drafts folder
- m365: Cannot delete instance of a recurring event
+ Miscellaneous:
- m365: Camel: Correct message ID calculation for folder
summary
- m365: Read 'bodyPreview' for mail messages
- m365: Handle SyncStateNotFound error
+ Updated translations.
==== gimp ====
Subpackages: gimp-plugin-aa libgimp-2_0-0 libgimpui-2_0-0
- Add gtk-update-icon-cache BuildRequires: Ensure
/usr/bin/gtk-update-icon-cache is present during build, as
configure checks for it.
==== gtk2 ====
Subpackages: gtk2-data gtk2-immodule-xim gtk2-lang gtk2-tools libgtk-2_0-0
- Eliminate usage of update-alternatives:
+ Drop gtk-update-icon-cache and relevant man page. We rely
solely on GTK3 to perform this caching task.
==== gtk3 ====
Subpackages: gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-tigrigna gtk3-immodule-vietnamese gtk3-immodule-xim gtk3-lang gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0
- Eliminate usage of update-alternatives: GTK2 no longer provides
gtk-update-icon-cache, thus eliminating the need for this extra
complexity.
==== gvfs ====
Version update (1.56.0 -> 1.56.1)
Subpackages: gvfs-backend-afc gvfs-backend-goa gvfs-backend-samba gvfs-backends gvfs-fuse gvfs-lang
- Update to version 1.56.1:
+ udisks2: Increasing reference count when updating volume to fix
crashes
+ onedrive:
- Use names instead of id for events to fix monitoring
- Add missing replace stream to fix crashes
- onedrive: Fix double free during cache rebuild to fix crashes
+ dav: Recognize the 409 status to fix creation of parent
directories
+ Updated translations.
==== libnbd ====
Version update (1.20.2 -> 1.20.3)
Subpackages: libnbd0
- Update to version 1.20.3:
* Version 1.20.3.
* interop: Skip nbd-server test on Alpine
* ci: Update CI files
* rust: Parse perlpod L<https://...> (external links) to rust markup
* podwrapper: Add some simple checks for cross-references within manual pages.
* docs/libnbd-release-notes-1.10.pod: Remove broken link to "nbd_connect(3)"
* docs/nbd_create.pod: Cross-reference nbd_shutdown(3)
* docs: Use "oldstyle servers" in preference to "older servers"
* docs: Mention newstyle and oldstyle servers in main docs
* README: Fix bold markdown
* README: Mention 'make install DESTDIR=...'
* README: Mention the ./run script
* build: Prefer "for developers" in ./configure --help output
* build: Fix ./configure --help output for --enable-python-code-style
* .gitignore: Remove unused line
* ci: Drop Alma Linux 8
* lib/crypto.c: Check <gnutls/socket.h> works before including it
* docs/libnbd-security.pod: Assign CVE-2024-7383
* jsc#PED-8910
==== libpipeline ====
Version update (1.5.7 -> 1.5.8)
- Update to 1.5.8 (27 August 2024):
* Upgrade to Gnulib `stable-202407`. Building libpipeline now requires
Automake >= 1.14.
* Use C23-style `nullptr`.
==== libunistring ====
Version update (1.2 -> 1.3)
Subpackages: libunistring5 libunistring5-32bit
- update to 1.3:
* Support Unicode version 16.0.0
==== man ====
Version update (2.12.1 -> 2.13.0)
- Update to man-db 2.13.0 (29 August 2024)
* Drop support for versions of groff before 1.21 (released on 2010-12-31).
* Fix `man-suffixed-extension` test failure when not using the GNU
hierarchy organization.
* Fix `-Wmissing-variable-declarations` warnings with GCC 14.
* Fix `-Wflex-array-member-not-at-end` warning with GCC 14.
* Upgrade to Gnulib `stable-202407`.
* Support running the test suite against an installed package; this is
useful for systems such as Debian's autopkgtest framework.
- Remove patch man-db-2.6.3-chinese.dif as not supported anymore
due to newer groff versions
- Port patches
* man-db-2.6.3-listall.dif
* man-db-2.7.1-zio.dif
* man-db-2.9.4.patch
* man-propose-online.patch
==== nbdkit ====
Version update (1.40.3 -> 1.40.4)
Subpackages: nbdkit-basic-filters nbdkit-basic-plugins nbdkit-curl-plugin nbdkit-nbd-plugin nbdkit-python-plugin nbdkit-server nbdkit-ssh-plugin nbdkit-vddk-plugin
- Update to version 1.40.4:
* Version 1.40.4.
* ci: Update CI files
* docs/nbdkit-service.pod: Add KeepAlive and User/Group settings
* tests/test-ondemand.sh: Refine qemu exportname skips
* tests/test-ondemand.sh: Work around bug in qemu 9.1 exportname handling
* ondemand: Serialize the .open method
* ondemand: Delete the disk if creation fails
* ondemand, tmpdisk: Don't allow parameters containing '-'
* ondemand: Be less strict about filenames
* tests: bzip2, curl, ext2, file, gzip, memory, offset, xz: Don't leak 'data' returned by guestfs_cat
* Fix documented default value for xz-max-depth
* bzip2: Fix version where this filter first appeared
* filters/qcow2dec/qcow2dec.c: Fix format specifier in error message
* tests: old-plugins: Fix srcdir != builddir
* tests: Rearrange some filter tests in alphabetical order
* server: Clear conn->magic when freeing a connection
* jsc#PED-8910
==== nvidia-open-driver-G06-signed-cuda ====
Version update (555.42.06_k6.11.3_1 -> 555.42.06_k6.11.3_2)
- cuda-flavor
* provide nvidia-open-driver-G06-kmp = %version to workaround
broken cuda-drivers
- nv-prefer-signed-open-driver
* added comments for requirements
- latest change hardcoded to 555.42.06; we no longer need this
for 560
- nv-prefer-signed-open-driver:
* added specicic versions of cuda-drivers/cuda-drivers-xxx as
preconditions for requiring specific version of
nvidia-compute-G06
- nv-prefer-signed-open-driver:
* no longer require a specific version of
nvidia-open-driver-G06-signed-cuda-kmp, so it can select the
correct open driver KMP matching the cuda-runtime version
- cuda-flavor:
* added nvidia-compute-G06 = %version to preconditions for
requiring kernel-firmware-nvidia-gspx-G06, since
nvidia-compute-utils-G06 does not have a version-specific
requires on nvidia-compute-G06
- cuda-flavor:
* require kernel-firmware-nvidia-gspx-G06 instead of
kernel-firmware-nvidia-gspx-G06-cuda (which provides also
kernel-firmware-nvidia-gspx-G06)
* trigger removal of driver modules also on
kernel-firmware-nvidia-gspx-G06
- no longer hard-require kernel firmware package, but install it
automatically once nvidia-compute-utils-G06 gets installed
- trigger removal of driver modules with non-existing or wrong
firmware when (new) firmware gets installed
==== openSUSE-release ====
Version update (20241018 -> 20241021)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== openssl-3 ====
Subpackages: libopenssl3 libopenssl3-32bit libopenssl3-x86-64-v3
- Security fix: [bsc#1231741, CVE-2024-9143]
* Low-level invalid GF(2^m) parameters lead to OOB memory access
* Add openssl-CVE-2024-9143.patch
- Security fix: [bsc#1220262, CVE-2023-50782]
* Implicit rejection in PKCS#1 v1.5
* Add openssl-CVE-2023-50782.patch
==== selinux-policy ====
Version update (20240930 -> 20241018)
Subpackages: selinux-policy-targeted
- Update to version 20241018:
* Allow slpd to create TCPDIAG netlink socket (bsc#1231491)
* Allow slpd to use sys_chroot (bsc#1231491)
* Allow openvswitch-ipsec use strongswan (bsc#1231493)
==== unbound ====
Version update (1.21.1 -> 1.22.0)
Subpackages: libunbound8 unbound-anchor
- Update to 1.22.0:
Features:
* Add iter-scrub-ns, iter-scrub-cname and max-global-quota
configuration options.
* Merge patch to fix for glue that is outside of zone, with
`harden-unverified-glue`, from Karthik Umashankar (Microsoft).
Enabling this option protects the Unbound resolver against bad
glue, that is unverified out of zone glue, by resolving them.
It uses the records as last resort if there is no other working
glue.
* Add redis-command-timeout: 20 and redis-connect-timeout: 200,
that can set the timeout separately for commands and the
connection set up to the redis server. If they are not
specified, the redis-timeout value is used.
* Log timestamps in ISO8601 format with timezone. This adds the
option `log-time-iso: yes` that logs in ISO8601 format.
* DNS over QUIC. This adds `quic-port: 853` and `quic-size: 8m`
that enable dnsoverquic, and the counters `num.query.quic` and
`mem.quic` in the statistics output. The feature needs to be
enabled by compiling with libngtcp2, with
`--with-libngtcp2=path` and libngtcp2 needs openssl+quic, pass
that with `--with-ssl=path` to compile unbound as well.
Bug Fixes:
* unbound-control-setup hangs while testing for openssl presence
starting from version 1.21.0.
* Fix error: "memory exhausted" when defining more than 9994
local-zones.
* Fix documentation for cache_fill_missing function.
* Fix Loads of logs: "validation failure: key for validation
<domain>. is marked as invalid because of a previous" for
non-DNSSEC signed zone.
* Fix that when rpz is applied the message does not get picked up
by the validator. That stops validation failures for the
message.
* Fix that stub-zone and forward-zone clauses do not exhaust
memory for long content.
* Fix to print port number in logs for auth zone transfer
activities.
* b.root renumbering.
* Add new IANA trust anchor.
* Fix config file read for dnstap-sample-rate.
* Fix alloc-size and calloc-transposed-args compiler warnings.
* Fix to limit NSEC and NSEC3 TTL when aggressive nsec is enabled
(RFC9077).
* Fix dns64 with prefetch that the prefetch is stored in cache.
* Attempt to further fix doh_downstream_buffer_size.tdir
flakiness.
* More clear text for prefetch and minimal-responses in the
unbound.conf man page.
* Fix cache update when serve expired is used. Expired records
are favored over resolution and validation failures when
serve-expired is used.
* Fix negative cache NSEC3 parameter compares for zero length
NSEC3 salt.
* Fix unbound-control-setup hangs sometimes depending on the
openssl version.
* Fix Cannot override tcp-upstream and tls-upstream with
forward-tcp-upstream and forward-tls-upstream.
* Fix to limit NSEC TTL for messages from cachedb. Fix to limit
the prefetch ttl for messages after a CNAME with short TTL.
* Fix to disable detection of quic configured ports when quic is
not compiled in.
* Fix harden-unverified-glue for AAAA cache_fill_missing lookups.
* Fix contrib/aaaa-filter-iterator.patch for change in call
signature for cache_fill_missing.
* Fix to display warning if quic-port is set but dnsoverquic is
not enabled when compiled.
* Fix dnsoverquic to extend the number of streams when one is
closed.
* Fix for dnstap with dnscrypt and dnstap without dnsoverquic.
* Fix for dnsoverquic and dnstap to use the correct dnstap
environment.
- Update keyring
==== xf86-input-evdev ====
Version update (2.10.6 -> 2.11.0)
- update to version 2.11.0
* FTBFS fixes on non-linux platforms and dropping some ancient quirks
* Fixes for the Compose and Kana LEDs
* we remap some higher keycodes to FK20 and friends, paving the
way for systemd/udev to map those properly in their hwdb files
==== xf86-input-libinput ====
Version update (1.4.0 -> 1.5.0)
- Update to version 1.5.0:
* the compose and kana LEDs are now supported
* tablet tools now have a property to indicate the tool serial and hw id
(if any)
* libinput's tablet tool pressure range config is now supported
* libinput's clickfinger button map config is now supported
* we remap some higher keycodes to FK20 and friends, paving the
way for systemd/udev to map those properly in their hwdb files