Packages changed:
ImageMagick (7.1.1.35 -> 7.1.1.36)
MozillaFirefox (128.0.3 -> 129.0)
NetworkManager (1.48.6 -> 1.48.8)
PackageKit
SDL2 (2.30.4 -> 2.30.6)
accountsservice
apache-commons-logging (1.2 -> 1.3.3)
apache2-mod_php8 (8.3.9 -> 8.3.10)
binutils (2.42 -> 2.43)
btrfsprogs (6.10 -> 6.10.1)
bubblewrap (0.9.0 -> 0.10.0)
curl (8.9.0 -> 8.9.1)
emacs
ethtool (6.9 -> 6.10)
ffmpeg-6
gdm
gegl
gnome-bluetooth (46.0 -> 46.1)
gnome-control-center (46.3 -> 46.4)
gnome-remote-desktop (46.3 -> 46.4)
gnome-shell
gnome-software (46.3 -> 46.4)
gnome-user-docs (46.1 -> 46.4)
gom (0.5.2 -> 0.5.3)
gpg2
guestfs-tools (1.53.1 -> 1.53.2)
iproute2 (6.9 -> 6.10)
kernel-firmware (20240728 -> 20240809)
kernel-source (6.10.3 -> 6.10.5)
kexec-tools (2.0.28 -> 2.0.29)
lib2geom
libadwaita (1.5.2 -> 1.5.3)
libass (0.17.1 -> 0.17.3)
libei (1.2.1 -> 1.3.0)
libgphoto2
libheif (1.18.1 -> 1.18.2)
liblc3 (1.0.4 -> 1.1.1)
libnftnl (1.2.6 -> 1.2.7)
libqt5-qtwebengine
libshumate (1.2.2 -> 1.2.3)
liburing
libxml++30 (3.2.4 -> 3.2.5)
lvm2
lvm2-device-mapper
lz4
makedumpfile
mutter
ncurses (6.5.20240713 -> 6.5.20240810)
openSUSE-release (20240812 -> 20240818)
ovmf
patterns-base
patterns-media
pcre2 (10.43 -> 10.44)
php8 (8.3.9 -> 8.3.10)
polkit
protobuf
protobuf-c
ptools
python-M2Crypto (0.40.0 -> 0.42.0)
python-anyio (4.3.0 -> 4.4.0)
python-argcomplete
python-cryptography
qt6-webengine
rdma-core (52.0 -> 53.0)
selinux-policy (20240809 -> 20240814)
sensors
shadow
suse-module-tools (16.0.48 -> 16.0.49)
sysvinit (3.08 -> 3.10)
texlive
totem-pl-parser (3.26.6 -> 3.26.6+30)
unbound (1.20.0 -> 1.21.0)
virt-v2v (2.5.5 -> 2.5.6)
webkit2gtk3 (2.44.2 -> 2.44.3)
wtmpdb (0.13.0+git.20240726 -> 0.13.0+git.20240814)
xdm
xfce4-notifyd (0.9.4 -> 0.9.6)
xfwm4
yast2-bootloader (5.0.10 -> 5.0.11)
=== Details ===
==== ImageMagick ====
Version update (7.1.1.35 -> 7.1.1.36)
Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10
- version update to 7.1.1.36
* uhdr.c: default initialize range field for hdr/sdr intent inputs to
enc by @aayushsoni111 in #7482
* Fixed typo in documentation of MagickAdaptiveBlurImage by @JonahEMorgan
in #7500
* Silence warning when freetype delegate is disabled. by @niclet in #7515
==== MozillaFirefox ====
Version update (128.0.3 -> 129.0)
- Mozilla Firefox 129.0
https://www.mozilla.org/en-US/firefox/129.0/releasenotes
MFSA 2024-33 (bsc#1228648))
* CVE-2024-7518 (bmo#1875354)
Fullscreen notification dialog can be obscured by document content
* CVE-2024-7519 (bmo#1902307)
Out of bounds memory access in graphics shared memory handling
* CVE-2024-7520 (bmo#1903041)
Type confusion in WebAssembly
* CVE-2024-7521 (bmo#1904644)
Incomplete WebAssembly exception handing
* CVE-2024-7522 (bmo#1906727)
Out of bounds read in editor component
* CVE-2024-7523 (bmo#1908344)
Document content could partially obscure security prompts
* CVE-2024-7524 (bmo#1909241)
CSP strict-dynamic bypass using web-compatibility shims
* CVE-2024-7525 (bmo#1909298)
Missing permission check when creating a StreamFilter
* CVE-2024-7526 (bmo#1910306)
Uninitialized memory used by WebGL
* CVE-2024-7527 (bmo#1871303)
Use-after-free in JavaScript garbage collection
* CVE-2024-7528 (bmo#1895951)
Use-after-free in IndexedDB
* CVE-2024-7529 (bmo#1903187)
Document content could partially obscure security prompts
* CVE-2024-7530 (bmo#1904011)
Use-after-free in JavaScript code coverage collection
* CVE-2024-7531 (bmo#1905691)
PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel
Sandy Bridge machines
- removed obsolete patches
mozilla-bmo1905018.patch
mozilla-bmo1504834-part3.patch
mozilla-bmo1512162.patch
mozilla-bmo1822730.patch
mozilla-fix-aarch64-libopus.patch
mozilla-partial-revert-1768632.patch
- requires NSS 3.102.1
- extended mozilla-silence-no-return-type.patch
==== NetworkManager ====
Version update (1.48.6 -> 1.48.8)
Subpackages: NetworkManager-bluetooth NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0
- Update to version 1.48.8:
+ ovs: fix triggering stage3 activation without DHCP client
initialized
+ config: parse autoconnect-ports value on config
+ ndisc: preserve router preferences
==== PackageKit ====
Subpackages: PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0
- Add PackageKit-mark-as-compulsory.patch: Prevent PackageKit from
user uninstallable for most desktops (bsc#1226269).
==== SDL2 ====
Version update (2.30.4 -> 2.30.6)
- Update to release 2.30.6
* Improved detection of Nintendo Switch Pro controller report mode
* Fixed a rare crash when a controller is disconnected
==== accountsservice ====
Subpackages: libaccountsservice0 typelib-1_0-AccountsService-1_0
- Drop as-fate318433-prevent-same-account-multi-logins.patch.
Gnome-shell now has similar functionality upstream.
==== apache-commons-logging ====
Version update (1.2 -> 1.3.3)
- Upgrade to 1.3.3
* Bug Fixes:
+ * LOGGING-193: Update Log4j 2 OSGi imports #268.
+ * Fix PMD UnnecessaryFullyQualifiedName in SimpleLog.
+ * Fix NullPointerException in SimpleLog#write(Object) on null
input.
+ Fix NullPointerException in SimpleLog#write(StringBuffer) on
null input.
- Includes changes from 1.3.2
* Fixed Bugs
+ LOGGING-190: Add OSGi metadata to enable Service Loader
Mediator #234.
+ LOGGING-191: Apache commons logging shows 1.4 as latest
release instead of 1.3.1.
+ Deprecate
org.apache.commons.logging.LogSource.jdk14IsAvailable.
- Includes changes from 1.3.1
* New features
+ Add Maven property project.build.outputTimestamp for build
reproducibility.
* Fixed Bugs
+ Remove references to very old JDK and Commons Logging
versions #201.
+ Update from Logj 1 to the Log4j 2 API compatibility layer
[#231].
+ Allow Servlet 4 in OSGi environment #191.
+ Fix generics warnings #213.
+ LOGGING-189: Fix Import-Package entry for org.slf4j #188.
- Includes changes from 1.3.0
* New Features:
+ Add support for Log4j API and SLF4J #177.
+ Deprecate org.apache.commons.logging.impl.WeakHashtable
without replacement. LOGGING-188: Deprecate and disable
`Jdk13LumberjackLogger` and `Log4JLogger`. LOGGING-173:
+ Deprecate and disable `AvalonLogger` and `LogKitLogger`.
+ LOGGING-165: Add Automatic-Module-Name Manifest Header for
Java 9 compatibility.
* Fixed Bugs:
+ LOGGING-163: BufferedReader is not closed properly.
+ LOGGING-177: Remove redundant initializer #46
+ Use a weak reference for the cached class loader #71.
+ Add more entries to .gitignore file #25.
+ Minor Improvements #34.
+ [StepSecurity] ci: Harden GitHub Actions #145.
+ LOGGING-185: Replace custom code with `ServiceLoader` call.
+ Fix possible NPEs in LogFactoryImpl.
+ LOGGING-185: Fix failing tests #180.
+ Deprecate LogConfigurationException.cause in favor of
getCause().
+ Fix SpotBugs [ERROR] High: Found reliance on default encoding
in org.apache.commons.logging.LogFactory.initDiagnostics():
new java.io.PrintStream(OutputStream)
[org.apache.commons.logging.LogFactory] At
LogFactory.java:[line 1205] DM_DEFAULT_ENCODING.
+ Fix SpotBugs [ERROR] Medium: Class
org.apache.commons.logging.impl.WeakHashtable defines
non-transient non-serializable instance field queue
[org.apache.commons.logging.impl.WeakHashtable] In
WeakHashtable.java SE_BAD_FIELD.
+ Set java.logging as optional module #183.
+ Fix SpotBugs [ERROR] Medium: Switch statement found in
org.apache.commons.logging.impl.SimpleLog.log(int, Object,
Throwable) where default case is missing
[org.apache.commons.logging.impl.SimpleLog] At
SimpleLog.java:[lines 505-522] SF_SWITCH_NO_DEFAULT.
+ Deprecate
org.apache.commons.logging.impl.Jdk13LumberjackLogger.dummyLevel
without replacement.
- Remove deprecated patch files:
* commons-logging-1.1.3-src-junit.diff
* commons-logging-1.2-sourcetarget.patch
* commons-logging-manifests.patch
* no-tests.patch
- Reinstate ant build (removed upstream)
* add build.xml
* add build.properties
- Remove unnecessary dependencies
* add commons-logging-1.3.3-dependencies.patch
- Add upstream dev's public key to apache-commons-logging.keyring
==== apache2-mod_php8 ====
Version update (8.3.9 -> 8.3.10)
- version update to 8.3.10
Core:
Fixed bug GH-13922 (Fixed support for systems with sysconf(_SC_GETPW_R_SIZE_MAX) == -1).
Fixed bug GH-14626 (Fix is_zend_ptr() for huge blocks).
Fixed bug GH-14590 (Memory leak in FPM test gh13563-conf-bool-env.phpt.
Fixed OSS-Fuzz #69765.
Fixed bug GH-14741 (Segmentation fault in Zend/zend_types.h).
Fixed bug GH-14969 (Use-after-free in property coercion with __toString()).
Dom:
Fixed bug GH-14702 (DOMDocument::xinclude() crash).
Fileinfo:
Fixed bug GH-14888 (README.REDIST.BINS refers to non-existing LICENSE).
Gd:
ext/gd/tests/gh10614.phpt: skip if no PNG support.
restored warning instead of fata error.
LibXML:
Fixed bug GH-14563 (Build failure with libxml2 v2.13.0).
Opcache:
Fixed bug GH-14550 (No warning message when Zend DTrace is enabled that opcache.jit is implictly disabled).
Output:
Fixed bug GH-14808 (Unexpected null pointer in Zend/zend_string.h with empty output buffer).
PDO:
Fixed bug GH-14712 (Crash with PDORow access to null property).
Phar:
Fixed bug GH-14603 (null string from zip entry).
PHPDBG:
Fixed bug GH-14596 (crashes with ASAN and ZEND_RC_DEBUG=1).
Fixed bug GH-14553 (echo output trimmed at NULL byte).
Shmop:
Fixed bug GH-14537 (shmop Windows 11 crashes the process).
SPL:
Fixed bug GH-14639 (Member access within null pointer in ext/spl/spl_observer.c).
Standard:
Fixed bug GH-14775 (range function overflow with negative step argument).
Fix 32-bit wordwrap test failures.
Fixed bug GH-14774 (time_sleep_until overflow).
Streams:
Fixed bug GH-14930 (Custom stream wrapper dir_readdir output truncated to 255 characters in PHP 8.3).
Tidy:
Fix memory leak in tidy_repair_file().
Treewide:
Fix compatibility with libxml2 2.13.2.
XML:
Move away from to-be-deprecated libxml fields.
Fixed bug GH-14834 (Error installing PHP when --with-pear is used).
==== binutils ====
Version update (2.42 -> 2.43)
Subpackages: libctf-nobfd0 libctf0
- Update to version 2.43:
* new .base64 pseudo-op, allowing base64 encoded data as strings
* Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF
(APX_F now fully supported)
* x86 Intel syntax now warns about more mnemonic suffixes
* macros and .irp/.irpc/.rept bodies can use \+ to get at number
of times the macro/body was executed
* aarch64: support 'armv9.5-a' for -march, add support for LUT
and LUT2
* s390: base register operand in D(X,B) and D(L,B) can now be
omitted (ala 'D(X,)'); warn when register type doesn't match
operand type (use option
'warn-regtype-mismatch=[strict|relaxed|no]' to adjust)
* riscv: support various extensions: Zacas, Zcmp, Zfbfmin,
Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw,
XSfCease, all at version 1.0;
remove support for assembly of privileged spec 1.9.1 (linking
support remains)
* arm: remove support for some old co-processors: Maverick and FPA
* mips: '--trap' now causes either trap or breakpoint instructions
to be emitted as per current ISA, instead of always using trap
insn and failing when current ISA was incompatible with that
* LoongArch: accept .option pseudo-op for fine-grained control
of assembly code options; add support for DT_RELR
* readelf: now displays RELR relocations in full detail;
add -j/--display-section to show just those section(s) content
according to their type
* objdump/readelf now dump also .eh_frame_hdr (when present) when
dumping .eh_frame
* gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake
processors; add minimal support for riscv
* linker:
- put .got and .got.plt into relro segment
- add -z isa-level-report=[none|all|needed|used] to the x86 ELF
linker to report needed and used x86-64 ISA levels
- add --rosegment option which changes the -z separate-code
option so that only one read-only segment is created (instead
of two)
- add --section-ordering-file <FILE> option to add extra
mapping of input sections to output sections
- add -plugin-save-temps to store plugin intermediate files
permanently
- Removed binutils-2.42.tar.bz2, binutils-2.42-branch.diff.gz.
- Added binutils-2.43.tar.bz2, binutils-2.43-branch.diff.gz.
- Removed upstream patch riscv-no-relax.patch.
- Rebased ld-relro.diff and binutils-revert-rela.diff.
==== btrfsprogs ====
Version update (6.10 -> 6.10.1)
Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1
- update to 6.10.1
* mkfs: rework --rootdir traversal, skip hardlinks and create new inodes
instead, also warn about them, this did not work as expected and will be
fixed in the future
* receive: search in older trees for UUIDs when detecting clone sources
* libbtrfsutil: bindings available at https://pypi.org/project/btrfsutil
* libbtrfs:
* patchlevel version update 0.1.4
* cleanup in headers, removed unused definitions, no functional changes
* don't ship list.h and rbtree.h
* other: documentation updates
==== bubblewrap ====
Version update (0.9.0 -> 0.10.0)
Subpackages: bubblewrap-zsh-completion
- Update to version v0.10.0:
* New features: Add the --[ro-]bind-fd option, which can be used
to mount a filesystem represented by a file descriptor without
time-of-check/time-of-use attacks. This is needed when
resolving CVE-2024-42472 in Flatpak.
* Other changes: Fix some confusing syntax in SetupOpFlag (no
functional change).
==== curl ====
Version update (8.9.0 -> 8.9.1)
Subpackages: curl-zsh-completion libcurl4
- Fix regression introduced in version 8.9.1:
* sigpipe: init the struct so that first apply ignores
* Add curl-sigpipe.patch
- Update to 8.9.1:
* Security fixes:
- curl: ASN.1 date parser overread [bsc#1228535, CVE-2024-7264]
* Bugfixes:
- cmake: detect 'libssh' via 'pkg-config'
- cmake: detect 'nettle' when building with GnuTLS
- connect: fix connection shutdown for event based processing
- curl: more defensive socket code for --ip-tos
- CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching
- CURLSHOPT_SHARE.md: mention sessions/cookies as not thread-safe
- ftpserver.pl: make POP3 LIST serve content from the test file
- lib: survive some NULL input args
- os400: build cli manual.
- os400: workaround an IBM ASCII run-time library bug
- transfer: speed limiting fix for 32bit systems
- vtls: avoid forward declaration in MultiSSL builds
- x509asn1: unittests and fixes for gtime2str
==== emacs ====
Subpackages: emacs-el emacs-eln emacs-games emacs-info emacs-nox etags
- Set find-function-C-source-directory in site-start so sources
provided by the debugsource package can be found user intervention
inside Emacs
==== ethtool ====
Version update (6.9 -> 6.10)
Subpackages: ethtool-bash-completion
- update to upstream release 6.10
* Feature: suport for PoE in PSE (--show-pse and --set-pse)
* Feature: add statistics support to tsinfo (-T)
* Feature: add JSON output to base command (no option)
* Feature: add JSON output to EEE info (--show-eee)
* Fix: qsfp: better handling on page 03h read failure (-m)
* Fix: handle zero arguments for module eeprom dump (-m)
* Fix: check for missing arguments in do_srxfh() (-X)
* Misc: more descriptive error when JSON output is not available
==== ffmpeg-6 ====
Subpackages: libavcodec60 libavfilter9 libavformat60 libavutil58 libpostproc57 libswresample4 libswscale7
- Remove ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch and
ffmpeg-6-CVE-2024-32228.patch to make the bot happy.
- Renumber patches.
- Disable ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch and
ffmpeg-6-CVE-2024-32228.patch as they brake compilation with
BUILD_ORIG enabled, i.e. Packman.
==== gdm ====
Subpackages: gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0
- Add pam_pkcs11 as Recommends for smartcard login (bsc#1223580).
- Fix applying patches when sle_version is defined
==== gegl ====
Subpackages: gegl-0_4 libgegl-0_4-0
- Add backported 66de8124.patch: Fix build against ffmpeg-7.
==== gnome-bluetooth ====
Version update (46.0 -> 46.1)
Subpackages: libgnome-bluetooth-3_0-13 libgnome-bluetooth-ui-3_0-13 typelib-1_0-GnomeBluetooth-3_0
- Update to version 46.1:
+ This version contains translation updates and a bug fix for
some device icons not appearing correctly.
==== gnome-control-center ====
Version update (46.3 -> 46.4)
Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces gnome-control-center-users
- Update to version 46.4:
+ Accessibility: Fix enum value for follow centered
+ Apps: Fix memory leak for MMManager object in default apps page
+ Network: Don't set empty ignored hosts
+ Privacy: Fix visibility issue of Bolt settings when Bolt isn't
available
+ Users:
- Avoid accidental mnemonics for user name rows
- Show correctly the remaining list of fingerprints to enroll
+ WWAN: Fix crash on Unlock SIM dialog
==== gnome-remote-desktop ====
Version update (46.3 -> 46.4)
- Update to version 46.4:
+ Gracefully handle invalid x224Crq data
+ Fix file descriptor leak
+ Updated translations.
==== gnome-shell ====
Subpackages: gnome-extensions gnome-shell-calendar
- Drop gs-fate318433-prevent-same-account-multi-logins.patch.
Upstream now does this.
==== gnome-software ====
Version update (46.3 -> 46.4)
Subpackages: gnome-software-plugin-packagekit
- Update to version 46.4:
+ Correct broken formatting when using <code> in AppStream
metadata
+ Updated translations.
==== gnome-user-docs ====
Version update (46.1 -> 46.4)
- Update to version 46.4:
+ Updates to GNOME Help.
+ Updated translations.
==== gom ====
Version update (0.5.2 -> 0.5.3)
- Update to version 0.5.3:
+ Automatically ignore read-only properties
+ Add support for GParamSpec which are GBytes
==== gpg2 ====
Subpackages: dirmngr
- Remove explicit runtime library dependency, pick ease of
maintenance in Tumbleweed over mixed project use runtime bugs.
==== guestfs-tools ====
Version update (1.53.1 -> 1.53.2)
- Update to version 1.53.2 (jsc#PED-6305)
* Implement --inject-blnsvr operation
* mlcustomize: firstboot: Use Linux path for Powershell script path
* mlcustomize: firstboot: Use powershell.exe instead of path
* mlcustomize: firstboot: Use Powershell -NoProfile flag
* mlcustomize: Revert delay installation of qemu-ga MSI
* mldrivers/linux_kernels.ml: Prefix general information with ^info:
* mlcustomize: Use Start-Process -Wait to run qemu-ga installer
* mlcustomize: Add Firstboot.firstboot_dir function
* mlcustomize: Place powershell scripts into <firstboot_dir>\Temp
* mlcustomize: Inject qemu-ga & blnsvr into <firstboot_dir>/Temp
* mlcustomize: Write qemu-ga log file name to log.txt
==== iproute2 ====
Version update (6.9 -> 6.10)
Subpackages: iproute2-bash-completion
- Update to release 6.10
* ip: ipnexthop: Support dumping next hop group stats
* ip: Support filter links with no VF info
* ip: PFCP device support
* ip link: hsr: Add support for passing information about
INTERLINK device
==== kernel-firmware ====
Version update (20240728 -> 20240809)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network
- Update to version 20240809 (git commit 36db650dae03):
* qcom: update path for video firmware for vpu-1/2/3.0
* QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00642
* rtw89: 8852c: add fw format-1 v0.27.97.0
* rtw89: 8852bt: add firmware 0.29.91.0
* amdgpu: Update ISP FW for isp v4.1.1
* mediatek: Update mt8195 SOF firmware
* amdgpu: DMCUB updates for DCN314
* xe: First GuC release v70.29.2 for BMG
* xe: Add GuC v70.29.2 for LNL
* i915: Add GuC v70.29.2 for ADL-P, DG1, DG2, MTL, and TGL
* i915: Update MTL DMC v2.22
* i915: update MTL GSC to v102.0.10.1878
* xe: Add BMG HuC 8.2.10
* xe: Add GSC 104.0.0.1161 for LNL
* xe: Add LNL HuC 9.4.13
* i915: update DG2 HuC to v7.10.16
* amdgpu: Update ISP FW for isp v4.1.1
* QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00641
==== kernel-source ====
Version update (6.10.3 -> 6.10.5)
- Refresh
patches.suse/Revert-ata-libata-scsi-Honor-the-D_SENSE-bit-for-CK_.patch.
Update upstream status.
- commit b7789d6
- netfilter: nfnetlink: Initialise extack before use in ACKs (netlink-crash).
See:
https://github.com/systemd/systemd/actions/runs/10282472628/job/28454253577?pr=33958#step:12:30
- commit da1090b
- btrfs: fix invalid mapping of extent xarray state (git-fixes).
- commit b18d7b9
- Linux 6.10.5 (bsc#1012628).
- drm/amd/display: Refactor function
dm_dp_mst_is_port_support_mode() (bsc#1012628).
- locking/pvqspinlock: Correct the type of "old" variable in
pv_kick_node() (bsc#1012628).
- perf/x86/intel/cstate: Add Arrowlake support (bsc#1012628).
- perf/x86/intel/cstate: Add Lunarlake support (bsc#1012628).
- perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra
Forest (bsc#1012628).
- platform/x86: intel-vbtn: Protect ACPI notify handler against
recursion (bsc#1012628).
- irqchip/mbigen: Fix mbigen node address layout (bsc#1012628).
- platform/x86/intel/ifs: Initialize union ifs_status to zero
(bsc#1012628).
- jump_label: Fix the fix, brown paper bags galore (bsc#1012628).
- perf/x86/amd: Use try_cmpxchg() in events/amd/{un,}core.c
(bsc#1012628).
- perf/x86/intel: Support the PEBS event mask (bsc#1012628).
- perf/x86: Support counter mask (bsc#1012628).
- perf/x86: Fix smp_processor_id()-in-preemptible warnings
(bsc#1012628).
- selftests: ksft: Fix finished() helper exit code on skipped
tests (bsc#1012628).
- x86/mm: Fix pti_clone_pgtable() alignment assumption
(bsc#1012628).
- x86/mm: Fix pti_clone_entry_text() for i386 (bsc#1012628).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support
(bsc#1012628).
- power: supply: rt5033: Bring back i2c_set_clientdata
(bsc#1012628).
- sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1012628).
- net: pse-pd: tps23881: Fix the device ID check (bsc#1012628).
- gve: Fix use of netif_carrier_ok() (bsc#1012628).
- virtio-net: unbreak vq resizing when coalescing is not
negotiated (bsc#1012628).
- net: usb: qmi_wwan: fix memory leak for not ip packets
(bsc#1012628).
- net: bridge: mcast: wait for previous gc cycles when removing
port (bsc#1012628).
- net: linkwatch: use system_unbound_wq (bsc#1012628).
- net: dsa: microchip: Fix Wake-on-LAN check to not return an
error (bsc#1012628).
- ice: Fix reset handler (bsc#1012628).
- Bluetooth: l2cap: always unlock channel in
l2cap_conless_channel() (bsc#1012628).
- Bluetooth: hci_sync: avoid dup filtering when passive scanning
with adv monitor (bsc#1012628).
- net/smc: add the max value of fallback reason count
(bsc#1012628).
- net: dsa: bcm_sf2: Fix a possible memory leak in
bcm_sf2_mdio_register() (bsc#1012628).
- idpf: fix memory leaks and crashes while performing a soft reset
(bsc#1012628).
- idpf: fix UAFs when destroying the queues (bsc#1012628).
- l2tp: fix lockdep splat (bsc#1012628).
- net: bcmgenet: Properly overlay PHY and MAC Wake-on-LAN
capabilities (bsc#1012628).
- net: fec: Stop PPS on driver remove (bsc#1012628).
- net: pse-pd: tps23881: include missing bitfield.h header
(bsc#1012628).
- net: dsa: microchip: disable EEE for
KSZ8567/KSZ9567/KSZ9896/KSZ9897 (bsc#1012628).
- regmap: kunit: Fix memory leaks in gen_regmap() and
gen_raw_regmap() (bsc#1012628).
- gpio: prevent potential speculation leaks in
gpio_device_get_desc() (bsc#1012628).
- hwmon: corsair-psu: add USB id of HX1200i Series 2023 psu
(bsc#1012628).
- Revert "rcu-tasks: Fix synchronize_rcu_tasks() VS
zap_pid_ns_processes()" (bsc#1012628).
- platform/chrome: cros_ec_lpc: Add a new quirk for ACPI id
(bsc#1012628).
- rcutorture: Fix rcu_torture_fwd_cb_cr() data race (bsc#1012628).
- md: do not delete safemode_timer in mddev_suspend (bsc#1012628).
- md: change the return value type of md_write_start to void
(bsc#1012628).
- md/raid5: avoid BUG_ON() while continue reshape after
reassembling (bsc#1012628).
- debugobjects: Annotate racy debug variables (bsc#1012628).
- nvme: apple: fix device reference counting (bsc#1012628).
- block: change rq_integrity_vec to respect the iterator
(bsc#1012628).
- rcu: Fix rcu_barrier() VS post CPUHP_TEARDOWN_CPU invocation
(bsc#1012628).
- clocksource/drivers/sh_cmt: Address race condition for clock
events (bsc#1012628).
- ACPI: battery: create alarm sysfs attribute atomically
(bsc#1012628).
- ACPI: SBS: manage alarm sysfs attribute through psy core
... changelog too long, skipping 636 lines ...
- commit b60be3e
==== kexec-tools ====
Version update (2.0.28 -> 2.0.29)
- update to 2.0.29:
* update man and --help
* powerpc/kexec_load: add hotplug support
* kexec_load: Use new kexec flag for hotplug support
* x86-linux-setup.c: Use POSIX basename API
* LoongArch: fix load command line segment error
* LoongArch: add multi crash kernel segment support
* LoongArch: fix kernel image size error
* Arm: Fix add_buffer_phys_virt() align issue
* Fix incorrect Free Software Foundation address in the license
* util_lib/elf_info.c: fix a warning
* kexec_file: add kexec_file flag to support debug printing
* workflow: update to use checkout@v4
- drop kexec-dont-use-kexec_file_load-on-xen.patch, upstream
- drop fix-building-on-x86_64-with-binutils-2.41.patch, upstream
- kexec-tools-riscv-hotplug.patch: Fix build for riscv64.
==== lib2geom ====
- Add skip_failing_tests_gcc14.diff to fix more instable
intersection tests. This allows the 32bit version of the package
to be built with GCC14.
==== libadwaita ====
Version update (1.5.2 -> 1.5.3)
Subpackages: libadwaita-1-0 typelib-1_0-Adw-1
- Update to version 1.5.3:
+ AdwAlertDialog: Expose body text as a11y description
+ AdwDialog:
- Fix a memory leak
- Speed up switching presentation
+ AdwPreferencesPage: Add an a11y relation to the description
+ AdwSpinRow: Set accessible role to presentation
+ AdwSwitchRow: Set accessible role to switch
+ AdwTabBar/Overview: Fix a use after free when closing tabs
+ Stylesheet: Fix a specificity issue with scrolled windows in
popovers
+ Docs:
- Don't annotate user_data params with closure
- Fix typos in migrating to breakpoints page
+ Updated translations.
==== libass ====
Version update (0.17.1 -> 0.17.3)
- Update to 0.17.3:
* Fix 0.17.2 regression in the fontconfig fontprovider leading to
undesirable widths being chosen from large typographic families
* Fix configure generated with slibtool-provided autoconf macros
* Fix make check for shared-only builds
* Constify some API parameters in a backwards-compatible manner
* Add new ass_malloc and ass_free API functions
* Tweak default optimization flags
* Speed up parsing of events with very long override blocks
* Improve handling of HarfBuzz-related failures
- reintroduce 'make check' as the issue has been fixed upstream
- Update to 0.17.2:
* This release brings optimized assembly routines for aarch64,
as well as numerous individual improvements and fixes.
* Detailed Changes:
- Fix rendering of \h in certain cases
- Fix a minor memory leak in the CoreText and DirectWrite font provider
- Fix wrong ASS_Image dimensions for huge BorderStyle=4 backgrounds
potentially leading to out of bound reads by API users
- Improve quality of animated rectangular clips
- Improve accuracy of cache limits
- Full-Unicode cmaps are now always preferred
- Improve font selection compatibility in the DirectWrite font provider
- Improved documentation
- Updating selective overrides now forces a cache clear to avoid issues
with outdated caches
- Frame and storage resolutions are now limited to what a single ASS_Image
can represent
- make check now runs checkasm if assembly is enabled
- CoreText can now be used on Mac OS X 10.5
- Meson/muon is now offered as a secondary build system bringing back
first-party MSVC support
- Note however it is not at feature parity with autotools in all cases
- aarch64: add optimized assembly routines covering the same set as on x86;
they work on both little and big endian systems
- x86: add SSSE3 versions of some assembly routines to help CPUs without
AVX2
- x86: it is now possible to build binaries with optimized assembly an
SHSTK support
- Improve VSFilter compatibility
- 'make check' is broken for --disable-static builds because checkasm needs to
access symbols that aren't part of the public API, so just disable it.
- Require libunibreak during build for better linebreaking of
unicode text.
==== libei ====
Version update (1.2.1 -> 1.3.0)
- Update to release 1.3.0
* Devices without regions or with multiple regions previously
failed region checks for touch events and absolute pointer
events (now fixed).
* liboeffis's ConnectToEIS dbus call is now async to avoid stalling
the client.
* many clarifications for ambiguity in the protocol documentation.
==== libgphoto2 ====
Subpackages: libgphoto2-6 libgphoto2_port12
- Adding libgphoto2-c99.patch so that the package builds for 32bit
with GCC 14.
- Using %autosetup -p1 because this is the prefered way to apply
patches.
==== libheif ====
Version update (1.18.1 -> 1.18.2)
Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openjpeg libheif-rav1e libheif-svtenc libheif1
- update to 1.18.2:
* fix regression that Exif orientation was not correctly reset when
converting rotated HEIF (heif-dec)
* swap Exif width/height when rotating image by 90 degrees
* fix memory leak in OpenJPEG decoding plugin
* pay attention to DESTDIR variable when installing heif-convert symlink
==== liblc3 ====
Version update (1.0.4 -> 1.1.1)
- Update to version 1.1.1:
+ Wasm Compilation cleanup
+ build: fix rpath issue
+ Add build-macos-meson job
+ Bluetooth Conformance test updated for LC3
- Changes from version 1.1.0:
+ LC3 Plus features
+ Python library wrapper
+ Add WASM compilation target
==== libnftnl ====
Version update (1.2.6 -> 1.2.7)
- Update to release 1.2.7
* Avoid potential use-after-free when clearing set's expression
list
* Avoid misc buffer overflows in attribute setters
* Implement nftnl_obj_unset symbol already exported in
libnftnl.map
* Remove unimplemented symbols from libnftnl.map
* Validate per-expression and per-object attribute value and
data length
* Fix synproxy object setter with unaligned data
==== libqt5-qtwebengine ====
- Add ffmpeg 7 compatibility patch (Picked from Arch):
* qt5-webengine-ffmpeg7.patch
==== libshumate ====
Version update (1.2.2 -> 1.2.3)
Subpackages: libshumate-1_0-1 typelib-1_0-Shumate-1_0
- Update to version 1.2.3:
+ Fix build with -Dvector_renderer=false
==== liburing ====
- Skip test buf-ring-nommap.t if ENOMEM appears (happens in ppc64le arch).
* test-buf-ring-nommap-skip-the-test-on-queue-init-ENO.patch
==== libxml++30 ====
Version update (3.2.4 -> 3.2.5)
- Update to version 3.2.5:
+ Documentation:
- Update Visual Studio build docs
- Parser docs: Add a link to parser options
+ Meson build:
- Detect if we build from a git subtree
- Don't copy files with configure_file()
- Fix the evaluation of is_git_build on Windows
- Backport libxml2 CMake support from libxml++-5.0
- Don't fail if warning_level=everything
- Don't require the 'dot' command to build the documentation
- Add the build-manual option
- Add bcrypt dependency when libxml2 is a subproject
+ Build: Make it compatible with libxml2 >= 2.12.0 by modifying
[#]include directives
- Add check section and run meson_test macro.
==== lvm2 ====
Subpackages: liblvm2cmd2_03
- lvm2-monitor.service fails to start (boo#1228854)
+ bug-1228854_lvm2-monitor-service-start-after-system-fully-booted.patch
==== lvm2-device-mapper ====
Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03
- lvm2-monitor.service fails to start (boo#1228854)
+ bug-1228854_lvm2-monitor-service-start-after-system-fully-booted.patch
==== lz4 ====
- Switch to cmake build system: Creates extra cmake modules for
consuming projects
==== makedumpfile ====
- add (bsc#1226183)
* make-reserve_diskspace-do-nothing-for-flattened-form.patch
==== mutter ====
- Fix build if sle_version is defined: Patch3 no longer exists, and
add back Patch4 for SLE builds that was mistakenly removed in
last change.
==== ncurses ====
Version update (6.5.20240713 -> 6.5.20240810)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen
- Add patch fix-20240810.patch
* Workaround for changes in last patch 20240810 that is provide
GLOB_FULLPATH_POSIX and GLOB_FULLPATH_OTHER in status script
- Add ncurses patch 20240810
+ modify misc/Makefile.in and misc/run_tic.in so that $DESTDIR is set
and used only in the makefile.
+ modify CF_WITH_PKG_CONFIG_LIBDIR to allow for pkg-config using
DOS/Windows pathname syntax (report by Eli Zaretskii).
+ improve glob-expressions in configure script
+ remove unused Get_Menu_Screen() macro from menu.priv.h
+ update config.guess, config.sub
- Add ncurses patch 20240727
+ improve formatting/style of manpages (patches by Branden Robinson).
+ fixes for compiler warnings/cppcheck.
+ modify wattron/wattroff calls in form/m_post.c to call wattr_on and
wattr_off to omit cast used in the former for X/Open compatibility
(patch by Bill Gray).
+ modify wezterm, omitting its broken left/right margin feature (report
by Thayne McCombs) -TD
- Modify patch ncurses-6.4.dif to get offsets correct
- Add ncurses patch 20240720
+ improve formatting/style of manpages (patches by Branden Robinson).
+ modify configure script and misc/Makefile to accept glob expressions
that include Windows/DOS drive-letters (report by Eli Zaretskii).
+ fix misspelled ifdef and correct return-value of _nc_mingw_tcflush in
win_driver.c (report/patch by Eli Zaretskii).
==== openSUSE-release ====
Version update (20240812 -> 20240818)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== ovmf ====
Subpackages: qemu-uefi-aarch64
- Add ovmf-x86_64-sev flavor to X64 against AMD SEV.
- Moved "-D SECURE_BOOT_ENABLE" from OVMF_FLAGS to EXTRA_FLAGS_X64,
, BUILD_OPTIONS_X86, BUILD_OPTIONS_AA64 and BUILD_OPTIONS_RV64
because SEV can NOT work with secure boot.
- Removed ovmf-Revert-OvmfPkg-PlatformPei-Update-ReserveEmuVariable.patch
because the SEV ovmf be separated from X64 ovmf as an independent flavor.
- The original patch reverts "58eb8517ad OvmfPkg/PlatformPei: Update
ReserveEmuVariableNvStore" which affects all ovmf flavor.
- The secure boot be disabled in SEV flavor, so we do not need revert
58eb8517ad anymore. (bsc#1209266)
- Add 50-ovmf-x86_64-sev.json to descriptors.tar.xz for SEV flavor
- Removed features tag:
"acpi-s3", "requires-smm", "secure-boot", "enrolled-keys"
- Add features tag:
"amd-sev", "amd-sev-es", "amd-sev-snp"
==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced
- Remove nfsidmap, package got dropped
- Remove nfs-client and autofs: in most scenarios, especially
desktops, no longer used, but pull in many "deprecated" packages
==== patterns-media ====
Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd
- Ensure autofs is on the DVD: it is tested by openQA in staging.
==== pcre2 ====
Version update (10.43 -> 10.44)
Subpackages: libpcre2-16-0 libpcre2-32-0 libpcre2-8-0
- Fix GitHub issue #415: Test suite fails when targeting i686.
The fix is taken straight from PR #418, also on GitHub.
- Add patch file:
* pcre2-10.44-github-issue-415.patch
- update to 10.44:
* This is mostly a bug-fix and tidying release. There is one
new function, to set a maximum size for a compiled pattern.
The maximum name length for groups is increased to 128.
* Some auxiliary files for building under VMS are added.
==== php8 ====
Version update (8.3.9 -> 8.3.10)
Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter
- version update to 8.3.10
Core:
Fixed bug GH-13922 (Fixed support for systems with sysconf(_SC_GETPW_R_SIZE_MAX) == -1).
Fixed bug GH-14626 (Fix is_zend_ptr() for huge blocks).
Fixed bug GH-14590 (Memory leak in FPM test gh13563-conf-bool-env.phpt.
Fixed OSS-Fuzz #69765.
Fixed bug GH-14741 (Segmentation fault in Zend/zend_types.h).
Fixed bug GH-14969 (Use-after-free in property coercion with __toString()).
Dom:
Fixed bug GH-14702 (DOMDocument::xinclude() crash).
Fileinfo:
Fixed bug GH-14888 (README.REDIST.BINS refers to non-existing LICENSE).
Gd:
ext/gd/tests/gh10614.phpt: skip if no PNG support.
restored warning instead of fata error.
LibXML:
Fixed bug GH-14563 (Build failure with libxml2 v2.13.0).
Opcache:
Fixed bug GH-14550 (No warning message when Zend DTrace is enabled that opcache.jit is implictly disabled).
Output:
Fixed bug GH-14808 (Unexpected null pointer in Zend/zend_string.h with empty output buffer).
PDO:
Fixed bug GH-14712 (Crash with PDORow access to null property).
Phar:
Fixed bug GH-14603 (null string from zip entry).
PHPDBG:
Fixed bug GH-14596 (crashes with ASAN and ZEND_RC_DEBUG=1).
Fixed bug GH-14553 (echo output trimmed at NULL byte).
Shmop:
Fixed bug GH-14537 (shmop Windows 11 crashes the process).
SPL:
Fixed bug GH-14639 (Member access within null pointer in ext/spl/spl_observer.c).
Standard:
Fixed bug GH-14775 (range function overflow with negative step argument).
Fix 32-bit wordwrap test failures.
Fixed bug GH-14774 (time_sleep_until overflow).
Streams:
Fixed bug GH-14930 (Custom stream wrapper dir_readdir output truncated to 255 characters in PHP 8.3).
Tidy:
Fix memory leak in tidy_repair_file().
Treewide:
Fix compatibility with libxml2 2.13.2.
XML:
Move away from to-be-deprecated libxml fields.
Fixed bug GH-14834 (Error installing PHP when --with-pear is used).
==== polkit ====
Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 pkexec typelib-1_0-Polkit-1_0
- BuildRequire gettext-devel instead of gettext: Allows OBS to
shortcut throught gettext-runtime-mini.
==== protobuf ====
Subpackages: libprotobuf-lite25_4_0 libprotobuf25_4_0
- tweak and correct how minimum version of abseil is specified
(20230125 to 20230125.3)
- Remove explicit requirements of the protobuf-devel package, as
the they are autogenerated when needed
==== protobuf-c ====
- BuildRequire a C++ compiler, previously pulled in via protobuf
==== ptools ====
- Added fix-32bit-cast.diff which replaces a cast which is OK for
64bit targets but not for 32 bit targets to make the package
buildable with GCC 14 on i586.
==== python-M2Crypto ====
Version update (0.40.0 -> 0.42.0)
- Update 0.42.0:
- allow ASN1_{Integer,String} be initialized directly
- minimal infrastructure for type hints for a C extension and
some type hints for some basic modules
- time_t on 32bit Linux is 32bit (integer) not 64bit (long)
- EOS for CentOS 7
- correct checking for OpenSSL version number on Windows
- make compatible with Python 3.13 (replace PyEval_CallObject
with PyObject_CallObject)
- fix typo in extern function signature (and proper type of
engine_ctrl_cmd_string())
- move the package to Sorucehut
- setup CI to use Sourcehut CI
- setup CI on GitLab for Windows as well (remove Appveyor)
- initial draft of documentation for migration to
pyca/cryptography
- fix Read the Docs configuration (contributed kindly by Facundo
Tuesca)
- Remove upstreamed 32bit_ASN1_Time.patch
- Remove python-M2Crypto.keyring, because PyPI broke GPG support
==== python-anyio ====
Version update (4.3.0 -> 4.4.0)
- update to 4.4.0:
* Added the BlockingPortalProvider class to aid with
constructing synchronous counterparts to asynchronous
interfaces that would otherwise require multiple blocking
portals
* Added __slots__ to AsyncResource so that child classes can
use __slots__
* Added the TaskInfo.has_pending_cancellation() method
* Fixed erroneous RuntimeError: called 'started' twice on the
same task status when cancelling a task in a TaskGroup
created with the start() method before the first checkpoint
is reached after calling task_status.started()
* Fixed two bugs with TaskGroup.start() on asyncio: Fixed
erroneous RuntimeError: called 'started' twice on the same
task status when cancelling a task in a TaskGroup created
with the start() method before the first checkpoint is
reached after calling task_status.started() (#706; PR by
Dominik Schwabe) Fixed the entire task group being cancelled
if a TaskGroup.start() call gets cancelled (#685, #710)
* Fixed erroneous RuntimeError: called 'started' twice on the
same task status when cancelling a task in a TaskGroup
created with the start() method before the first checkpoint
is reached after calling task_status.started()
* Fixed the entire task group being cancelled if a
TaskGroup.start() call gets cancelled
* Fixed a race condition that caused crashes when multiple
event loops of the same backend were running in separate
threads and simultaneously attempted to use AnyIO for their
first time
* Fixed cancellation delivery on asyncio incrementing the wrong
cancel scope's cancellation counter when cascading a cancel
operation to a child scope, thus failing to uncancel the host
task
* Fixed erroneous TypedAttributeLookupError if a typed
attribute getter raises KeyError
* Fixed the asyncio backend not respecting the
PYTHONASYNCIODEBUG environment variable when setting the
debug flag in anyio.run()
* Fixed SocketStream.receive() not detecting EOF on asyncio if
there is also data in the read buffer
* Fixed MemoryObjectStream dropping an item if the item is
delivered to a recipient that is waiting to receive an item
but has a cancellation pending
* Emit a ResourceWarning for MemoryObjectReceiveStream and
MemoryObjectSendStream that were garbage collected without
being closed (PR by Andrey Kazantcev)
* Fixed MemoryObjectSendStream.send() not raising
BrokenResourceError when the last corresponding
MemoryObjectReceiveStream is closed while waiting to send a
falsey item
==== python-argcomplete ====
- require ca-certificates-mozilla for the pip >= 24.2
==== python-cryptography ====
- Fix building optimized binaries with debuginfo.
- Update building of Rust modules to use modern cargo_vendor
service
- Remove unneeded use-offline-build.patch
==== qt6-webengine ====
Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports
- Add patch to build qtwebengine with ffmpeg 7 (picked from Arch)
* qtwebengine-ffmpeg-7.patch
==== rdma-core ====
Version update (52.0 -> 53.0)
Subpackages: libefa1 libhns1 libibverbs libibverbs1 libmana1 libmlx4-1 libmlx5-1 librdmacm1 rdma-ndd
- Update to rdma-core v53.0
- No release notes available
- Remove Added-suffix-libdrm-to-CMakeLists.txt-for-drm.patch
as it was merged upstream.
==== selinux-policy ====
Version update (20240809 -> 20240814)
Subpackages: selinux-policy-targeted
- Update to version 20240814:
* Dontaudit dac_override of fstab generator (bsc#1229127)
- Drop varrun-convert.sh script as it causes issues with
container-selinux update (bsc#1228951)
- Update to version 20240812:
* Update libvirt policy
* Add port 80/udp and 443/udp to http_port_t definition
* Additional updates stalld policy for bpf usage
* Label systemd-pcrextend and systemd-pcrlock properly
* Allow coreos_installer_t work with partitions
* Revert "Allow coreos-installer-generator work with partitions"
* Add policy for systemd-pcrextend
* Update policy for systemd-getty-generator
* Allow ip command write to ipsec's logs
* Allow virt_driver_domain read virtd-lxc files in /proc
* Revert "Allow svirt read virtqemud fifo files"
* Update virtqemud policy for libguestfs usage
* Allow virtproxyd create and use its private tmp files
* Allow virtproxyd read network state
* Allow virt_driver_domain create and use log files in /var/log
* Allow samba-dcerpcd work with ctdb cluster
* Allow NetworkManager_dispatcher_t send SIGKILL to plugins
* Allow setroubleshootd execute sendmail with a domain transition
* Allow key.dns_resolve set attributes on the kernel key ring
* Update qatlib policy for v24.02 with new features
* Label /var/lib/systemd/sleep with systemd_sleep_var_lib_t
* Allow tlp status power services
* Allow virtqemud domain transition on passt execution
* Allow virt_driver_domain connect to systemd-userdbd over a unix socket
* Allow boothd connect to systemd-userdbd over a unix socket
* Update policy for awstats scripts
* Allow bitlbee execute generic programs in system bin directories
* Allow login_userdomain read aliases file
* Allow login_userdomain read ipsec config files
* Allow login_userdomain read all pid files
* Allow rsyslog read systemd-logind session files
* Allow libvirt-dbus stream connect to virtlxcd
==== sensors ====
Subpackages: libsensors4
- Drop lm_sensors-revert-6b5a19b708.patch because the previously
incompatible types have been changed in the callee in package
rrdtool too, which means that there is a type incompatibility again.
Because the other change reportedly makes more sense, I'm dropping
this one.
==== shadow ====
Subpackages: libsubid5 login_defs
- Disable flushing sssd caches. The sssd's files provider is no
longer available.
==== suse-module-tools ====
Version update (16.0.48 -> 16.0.49)
Subpackages: suse-module-tools-scriptlets
- Update to version 16.0.49:
* Require sdbootutil if already installed
==== sysvinit ====
Version update (3.08 -> 3.10)
- Add patch killproc-2.23.dif
* Fix shell command in Makefile to get detection statx declaration correct
- Update to sysvinit 3.10
* When the user executes "machinectl stop", systemd sends SIGRTMIN+4 to PID 1
in the container, and expects that to initiate a graceful shutdown (power-off).
SysV init now catches this signal and initiates a shutdown (shutdown -hP now).
- floppym provided patch to accomplish this.
* Fix issue in bootlogd which could cause the service to enter an endless loop
(and use too much CPU) when it is able to open a device for writing, but not actually
able to write to it. This resulted in bootlogd closing and re-opening the device over
and over. Now bootlogd should simply fail gracefully when it cannot write to an open
file/device.
* Fix formatting in shutdown.8 manual page. Cleaned up whitespace and special characters.
* Patch for man/Makefile to fix the clean recipe.
Provided by Lucas Nussabaum and Mark Hindley
* On Linux systems, allow reboot command to pass a message
to the system firmware during the restart. This is
accomplished with the -m flag.
* Patch from kraj which allows hddown to compile
when musl is the C library.
==== texlive ====
- Add patch source-pdftex-gcc14.patch
* Add fix in change file pdftex.ch to really fix boo#1228342
(Thanks goes to Andreas Scherer)
- Remove former work around
- Added -Wno-error=incompatible-pointer-types to optflags to work
around boo#1228342 and enable build with GCC 14 on 32bit
architectures.
==== totem-pl-parser ====
Version update (3.26.6 -> 3.26.6+30)
Subpackages: libtotem-plparser-mini18 libtotem-plparser18 typelib-1_0-TotemPlParser-1_0
- Update to version 3.26.6+30:
+ plparser:
- Fix guard return type.
- Fix TotemPlParserMetadata in bindings.
- Fix return value from cancelled calls.
- Fix retval when guard are triggered.
+ Various test fixes.
+ Updated translations.
- Add pkgconfig(uchardet) BuildRequires and pass
enable-uchardet=yes to meson, build ucharded support.
- Use ldconfig_scriptlets macro for post(un) handling.
==== unbound ====
Version update (1.20.0 -> 1.21.0)
Subpackages: libunbound8 unbound-anchor
- Update to 1.21.0:
Security Fixes:
* Merge #1073: fix null pointer dereference issue in function
ub_ctx_set_fwd.
[CVE-2024-43167, bsc#1229068]
Features:
* Fix #1071: [FR] Clear both in-memory and cachedb module cache
with `unbound-control flush*` commands.
* Fix #144: Port ipset to BSD pf tables.
* Add dnstap-sample-rate that logs only 1/N messages, for high
volume server environments. Thanks Dan Luther.
* Add root key 38696 from 2024 for DNSSEC validation. It is added
to the default root keys in unbound-anchor. The content can be
inspected with `unbound-anchor -l`.
* Merge #1090: Cookie secret file. Adds `cookie-secret-file:
"unbound_cookiesecrets.txt"` option to store cookie secrets for
EDNS COOKIE secret rollover. The remote control
add_cookie_secret, activate_cookie_secret and
drop_cookie_secret commands can be used for rollover, the
command print_cookie_secrets shows the values in use.
Bug Fixes:
* Fix CAMP issues with global quota. Thanks to Huayi
Duan, Marco Bearzi, Jodok Vieli, and Cagin Tanir from NetSec
group, ETH Zurich.
* Fix CacheFlush issues with limit on NS RRs. Thanks to Yehuda
Afek, Anat Bremler-Barr, Shoham Danino and Yuval Shavitt
(Tel-Aviv University and Reichman University).
* Merge #1062: Fix potential overflow bug while parsing port in
function cfg_mark_ports.
* Fix for #1062: declaration before statement, avoid print of
null, and redundant check for array size.
* Fix to squelch udp connect errors in the log at low verbosity
about invalid argument for IPv6 link local addresses.
* Fix when the mesh jostle is exceeded that nameserver targets
are marked as resolved, so that the lookup is not stuck on the
requestlist.
* Add missing common functions to tdir tests.
* Merge #1070: Fix rtt assignement for low values of
infra-cache-max-rtt.
* Merge #1069: Fix unbound-control stdin commands for
multi-process Unbounds.
* Fix unbound-control commands that read stdin in multi-process
operation (local_zones_remove, local_zones, local_datas_remove,
local_datas, view_local_datas_remove, view_local_datas). They
will be properly distributed to all processes. dump_cache and
load_cache are no longer supported in multi-process operation.
* Remove testdata/remote-threaded.tdir.
testdata/09-unbound-control.tdir now checks both single and
multi process/thread operation.
* Fix to print a parse error when config is read with no name for
a forward-zone, stub-zone or view.
* Fix for parse end of forward-zone, stub-zone and view.
* Fix for #1064: Fix that cachedb expired messages are considered
insecure, and thus can be served to clients when dnssec is
enabled.
* Fix #1059: Intermittent DNS blocking failure with local-zone
and always_nxdomain. Addition of local_zones dynamically via
unbound-control was not finding the zone's parent correctly.
* Fix #1064: Unbound 1.20 Cachedb broken?
* Fix unused variable warning on compilation with no thread
support.
* unbound-control-setup: check openssl availability before doing
anything, patch from Michael Tokarev.
* Update patch to remove 'command' shell builtin and update error
text.
* Fix to enable that SERVFAIL is cached, for a short period, for
more cases. In the cases where limits are exceeded.
* Fix spelling of tcp-idle-timeout docs, from Michael Tokarev.
* Merge #1078: Only check old pid if no username.
* Fix #1079: tags from tagged rpz zones are no longer honored
after upgrade from 1.19.3 to 1.20.0.
* Fix for #1079: fix RPZ taglist in iterator callback that no
client info is like no taglist intersection.
* Fix to squelch connection reset by peer errors from log. And
fix that the tcp read errors are labeled as initial for the
first calls.
* Merge #1080: AddressSanitizer detection in tdir tests and
memory leak fixes.
* Fix memory leak when reload_keep_cache is used and num-threads
changes.
* Fix memory leak on exit for unbound-dnstap-socket; creates
false negatives during testing.
* Fix memory leak in setup of dsa sig.
* Fix typos for 'the the' in text.
* Fix validation for repeated use of a DNAME record.
* Add unit test for validation of repeated use of a DNAME record.
* Fix #1091: Build fails with OpenSSL >= 3.0 built with
OPENSSL_NO_DEPRECATED.
* Fix #1092: Ubuntu 22.04 Jammy fails to compile unbound 1.20.0;
by adding helpful text for the Python interpreter version and
allowing the default pkg-config unavailability error message to
be shown.
* Fix pkg-config availability check in dnstap/dnstap.m4 and
systemd.m4.
* Explicitly set the RD bit for the mesh query flags when
prefetching. These queries have no waiting client but they need
to be treated as recursive.
* Fix ip-ratelimit-cookie setting, it was not applied.
* Fix to remove unused include from the readzone test program.
... changelog too long, skipping 91 lines ...
example.conf.
==== virt-v2v ====
Version update (2.5.5 -> 2.5.6)
Subpackages: virt-v2v-bash-completion
- Update to virt-v2v 2.5.6 (jsc#PED-6305)
* -i ova: Ignore dot-underscore-files in OVA files
* mlcustomize: firstboot: Use Linux path for Powershell script path
* mlcustomize: firstboot: Use powershell.exe instead of path
* mlcustomize: firstboot: Use Powershell -NoProfile flag
* mlcustomize: Revert delay installation of qemu-ga MSI
* --mac: Allow gw and len fields to be empty
* Debugging enhancements
==== webkit2gtk3 ====
Version update (2.44.2 -> 2.44.3)
Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles
- Update to version 2.44.3:
+ Fix web process cache suspend/resume when sandbox is enabled.
+ Fix accelerated images dissapearing after scrolling.
+ Fix video flickering with DMA-BUF sink.
+ Fix pointer lock on X11.
+ Fix movement delta on mouse events in GTK3.
+ Undeprecate console message API and make it available in 2022
API.
+ Fix several crashes and rendering issues.
- Drop patches now upstream:
9d5844679af8f84036f1b800307e799bd7ab73ba.patch
webkit2gtk3-CVE-2024-40776.patch
webkit2gtk3-CVE-2024-40779.patch
webkit2gtk3-CVE-2024-40780.patch
webkit2gtk3-CVE-2024-40782.patch
==== wtmpdb ====
Version update (0.13.0+git.20240726 -> 0.13.0+git.20240814)
Subpackages: libwtmpdb0
- Update to version 0.13.0+git.20240814:
* wtmpdb-update-boot service requires dbus
==== xdm ====
- sysconfig/windowmanager is deprecated since 7 years, don't
read it if it does not exist.
==== xfce4-notifyd ====
Version update (0.9.4 -> 0.9.6)
Subpackages: xfce4-notifyd-lang
- update to 0.9.6:
* Use shared_module() for panel plugin meson build
* Fix menu being destroyed before item activation handlers running
* Translation Updates
- update to 0.9.5:
* Add an option to set the minimum width of notification windows
* Fix include issue with meson build
* Only emblem the panel plugin icon when theme lacks the 'new' variant
* Destroy and recreate the panel menu every time it's popped up
* Add meson build files
* Fix uninitialized field warning
* Move NOTIFICATIONS_SPEC_VERSION out of the build system
* Remove redundant positioning code from Wayland path
* Use different layer-shell anchors on Wayland
* build: clang: Silence -Wcast-align
* common: Explicitly depend on gio-unix-2.0
* Fix positioning on Wayland in multi-monitor setups
* Set output on layer-shell surface on Wayland
* Fix active-monitor notification positioning on Wayland
* Translation Updates
- Rebase xfce4-notifyd-relax-x11-version.patch
==== xfwm4 ====
Subpackages: xfwm4-lang
- Fix user-after-free in tabwinRemoveClient with
ce9f6e1187867c4fbb7935e08a9ab4d9d8dea8c3.patch (bsc#1228524)
==== yast2-bootloader ====
Version update (5.0.10 -> 5.0.11)
- add arm and riscv64 as not supported for secure boot
(bsc#1229070)
- 5.0.11
- Rename menue_timeout (menĂ¼) to menu_timeout
- Reference in text messages to menu