Packages changed:
Mesa
Mesa-drivers
MozillaFirefox (129.0 -> 129.0.1)
NetworkManager
aaa_base (84.87+git20240809.5d13eb4 -> 84.87+git20240821.fbabe1d)
apparmor
audit-secondary
bind (9.20.0 -> 9.20.1)
bluez (5.71 -> 5.77)
dbus-1
dracut (059+suse.636.g9a22b6b0 -> 059+suse.639.g49307b2a)
ffmpeg-7
fwupd (1.9.23 -> 1.9.24)
gnome-desktop (44.0 -> 44.1)
gstreamer (1.24.6 -> 1.24.7)
gstreamer-plugins-bad (1.24.6 -> 1.24.7)
gstreamer-plugins-base (1.24.6 -> 1.24.7)
gstreamer-plugins-libav (1.24.6 -> 1.24.7)
gstreamer-plugins-ugly (1.24.6 -> 1.24.7)
inn
kmod (32 -> 33)
libapparmor
libheif
liblouis (3.29.0 -> 3.30.0)
libreoffice (24.2.5.2 -> 24.8.0.3)
libtirpc (1.3.4 -> 1.3.5)
nfs-utils
openSUSE-release (20240820 -> 20240825)
openjpeg2
rpcbind (1.2.6 -> 1.2.7)
samba (4.20.2+git.350.4cfcde9cdb -> 4.20.4+git.356.d4a5fa2a818)
selinux-policy (20240816 -> 20240823)
spacenavd (1.2 -> 1.3)
systemd-presets-common-SUSE
yast2-storage-ng (5.0.15 -> 5.0.16)
yast2-users (5.0.1 -> 5.0.2)
=== Details ===
==== Mesa ====
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1
- fix build with current rust-bindgen
* u_fix_rust_bindgen.patch
==== Mesa-drivers ====
Subpackages: Mesa-dri Mesa-gallium Mesa-libva
- fix build with current rust-bindgen
* u_fix_rust_bindgen.patch
==== MozillaFirefox ====
Version update (129.0 -> 129.0.1)
- Mozilla Firefox 129.0.1
* Fixed playback issues on some websites with copyrighted video
served via digital rights management. (bmo#1911283)
* Fixed a crash when dragging a video file onto some websites
(bmo#1910990)
==== NetworkManager ====
Subpackages: NetworkManager-bluetooth NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0
- Add NetworkManager-dont-enforce-ip-cleanup-on-device-deactivating.patch:
device: don't enforce IP cleanup on deactivating state
(bsc#1228154, glfd#NetworkManager/NetworkManager!2016).
==== aaa_base ====
Version update (84.87+git20240809.5d13eb4 -> 84.87+git20240821.fbabe1d)
Subpackages: aaa_base-extras
- Update to version 84.87+git20240821.fbabe1d:
* Add helper service for soft-reboot
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
==== audit-secondary ====
Subpackages: audit python3-audit system-group-audit
- Remove rcaudit symlink [jsc#PED-266]
==== bind ====
Version update (9.20.0 -> 9.20.1)
Subpackages: bind-doc bind-utils
- Update to release 9.20.1
New Features:
* Implement rndc retransfer -force.
* A new optional argument -force has been added to the command
rndc retransfer. When it is specified, named aborts the ongoing
zone transfer (if there is one) and starts a new transfer.
* dig now reports a missing QUESTION section for messages with
opcode QUERY.
* Query responses should contain the QUESTION section, with some
exceptions. dig was not reporting this.
Feature Changes:
* Tighten max-recursion-queries and add max-query-restarts
configuration statement.
* There were cases when the max-recursion-queries quota was
ineffective. It was possible to craft zones that would cause a
resolver to waste resources by sending excessive queries while
attempting to resolve a name. This has been addressed by
correcting errors in the implementation of
max-recursion-queries and by reducing the default value from
100 to 32.
* In addition, a new max-query-restarts configuration statement
has been added, which limits the number of times a recursive
server will follow CNAME or DNAME records before terminating
resolution. This was previously a hard-coded limit of 16 but is
now configurable with a default value of 11.
* ISC would like to thank Huayi Duan, Marco Bearzi, Jodok Vieli,
and Cagin Tanir from NetSec group, ETH Zurich for discovering
and notifying us about the issue.
* Allow shorter resolver-query-timeout configuration.
* The minimum allowed value of resolver-query-timeout was lowered
from its previous value of 10 000 milliseconds (which is still
the default) to 301 milliseconds. Note however that values of 1
to 300 inclusive are interpreted as seconds before applying the
limit. A value of zero is interpreted as the default.
* Raise the log level of priming failures.
* When a priming query is complete, it was previously logged at
level DEBUG(1), regardless of success or failure. It is now
logged to NOTICE in the case of failure.
Bug Fixes:
* Fix a crash caused by valid TSIG signatures with invalid time.
* An assertion failure was triggered when the TSIG had a valid
cryptographic signature but the time was invalid. This could
happen when the times between the primary and secondary servers
were not synchronised. The crash has now been fixed.
* Return SERVFAIL for a too long CNAME chain.
* When following long CNAME chains, named was returning NOERROR
(along with a partial answer) instead of SERVFAIL, if the chain
exceeded the maximum length. This has been fixed.
* Reconfigure catz member zones during named reconfiguration.
* During a reconfiguration, named wasn’t reconfiguring catalog
zones’ member zones. This has been fixed.
* Update key lifetime and metadata after dnssec-policy
reconfiguration.
* Adjust key state and timing metadata if dnssec-policy key
lifetime configuration is updated, so that it also affects
existing keys.
* Fix a crash during zone modification.
* Fix an assertion failure that could happen when an
authoritative zone was modified while the server was generating
an answer from that zone.
* Fix assertion failure when executing named-checkconf -v to
print its version.
* Fix generation of 6to4-self name expansion from IPv4 address.
* The period between the most significant nibble of the encoded
IPv4 address and the 2.0.0.2.IP6.ARPA suffix was missing,
resulting in the wrong name being checked. This has been fixed.
* dig +yaml was producing unexpected and/or invalid YAML. output.
* SVBC ALPN text parsing failed to reject zero-length ALPN.
* Fix false QNAME minimisation error being reported.
* Remove the false positive success resolving log message when
QNAME minimisation is in effect and the final result is an
NXDOMAIN.
* Fix --enable-tracing build on systems without dtrace.
* A missing util/dtrace.sh file prevented builds on systems
without the dtrace utility. This has been corrected.
==== bluez ====
Version update (5.71 -> 5.77)
Subpackages: bluez-auto-enable-devices bluez-cups bluez-obexd bluez-zsh-completion libbluetooth3
- add bluez-no-cups-devel-buildreq.patch to avoid cups-devel
buildrequires which results in an excessive build loop
- update to 5.77:
* Fix issue with storing and handling connection parameters.
* Fix issue with handling device that are marked as temporary.
* Fix issue with HID and special handling for non-keyboards.
* Fix issue with BR/EDR not support when discoverable is off.
* Add support for initial implementation of ASHA profile.
* Fix issue with broadcast channel location and stream
capabilities.
* Fix issue with handling BIS management and synchronization.
* Fix issue with handling Extended Advertising.
* Fix issue with UserspaceHID and replay structures.
* Add support for providing PPCP characteristic.
* Fix issue with build system and header inclusion.
* Fix issue with not enabling Wideband Speech when available.
* Fix issue with UserspaceHID and Bluetooth Classic devices.
* Fix issue with checking for services being connected.
* Fix issue with GATT client connection creation.
* Fix issue with OBEX and small file transfers.
* Fix issue with handling pairing with Apple AirPods.
* Fix issue with BAP and setting up broadcast source.
* Fix issue with BAP and register all endpoints.
* Fix issue with BAP and missing metadata property.
* Fix issue with BAP and not handling out of order responses.
* Fix issue with BAP and attempting to set device as
connectable.
* Add support for CCP plugin for call control profile.
* Fix issue with BAP and handling stream IO linking.
* Fix issue with BAP and setup of multiple streams per
endpoint.
* Fix issue with AVDTP and potential incorrect transaction
label.
* Fix issue with A2DP and handling crash on suspend.
* Fix issue with GATT database and an invalid pointer.
* Add support for AICS service.
- drop bluez-test-2to3.diff, bluez-cups-libexec.patch:
upstream has different solutions for ages, use those instead
- drop fix-link-key-address-type.patch,
fix-a2dp-suspend-crash.patch: upstream
- add fix-a2dp-suspend-crash.patch (Issue #701 in upstream)
==== dbus-1 ====
Subpackages: dbus-1-common dbus-1-daemon dbus-1-tools libdbus-1-3
- Drop feature-suse-auto-socket-target-wants.patch and use the
filesystem instead, this works more consistenly with dbus-broker
- Add RH/Fedora compat provides dbus-libs to library package
needed by Mullvad
- Add feature-suse-auto-socket-target-wants.patch: move
from static enable symlinks to systemd created symlinks otherwise
it can't be enabled by systemd-presets-common-SUSE
- Update feature-suse-refuse-manual-start-stop.patch: prevent
killing the socket or user service aswell
- common: dbus.socket still gets used after migration to
dbus-broker so keep pre/post/postun scriptlets
- Explicitly require /usr/bin/cmp for the post scripts instead of
diffutils: allow other implementations like busybox-diffutils to
be acceptable.
- No longer start or offer starting dbus as a system service
dbus-broker will be the only supported system dbus. Although
the existing daemon will stay as some things (gdm) require
dbus-run-session
==== dracut ====
Version update (059+suse.636.g9a22b6b0 -> 059+suse.639.g49307b2a)
- Update to version 059+suse.639.g49307b2a:
* feat(systemd*): include systemd config files from /usr/lib/systemd (bsc#1228398)
==== ffmpeg-7 ====
Subpackages: libavcodec61 libavfilter10 libavformat61 libavutil59 libpostproc58 libswresample5 libswscale8
- Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch
to resolve build failure on armv7 [boo#1229338]
==== fwupd ====
Version update (1.9.23 -> 1.9.24)
Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0
- Update to version 1.9.24:
+ This release fixes the following bugs:
- Add support for capsule on disk for Dell systems
- Do not re-use the connection cache to fix Redfish BMC restart
- Exclude known recovery partitions when choosing an ESP volume
- Fix the VLI usb3 private flag registration
+ This release adds support for the following hardware:
- More Mediatek scaler devices
- Parade USB hubs
==== gnome-desktop ====
Version update (44.0 -> 44.1)
Subpackages: libgnome-desktop-3-20 libgnome-desktop-3_0-common libgnome-desktop-4-2 typelib-1_0-GnomeBG-4_0 typelib-1_0-GnomeDesktop-4_0
- Update to version 44.1:
+ Fix compatibility with muslc
+ Fix GNOME_DESKTOP_IS_THUMBNAIL_FACTORY
+ Update default Indic input methods
+ Use ibus-chewing as the default input source for zh_TW
+ Updated translations.
- Rebase gnome-desktop-switch-Japanese-default-input-to-mozc.patch
==== gstreamer ====
Version update (1.24.6 -> 1.24.7)
Subpackages: gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0
- Update to version 1.24.7:
+ Highlighted bugfixes:
- Fix APE and Musepack audio file and GIF playback with FFmpeg
7.0
- playbin3: Fix potential deadlock with multiple playbin3s with
glimagesink used in parallel
- qt6: various qmlgl6src and qmlgl6sink fixes and improvements
- rtspsrc: expose property to force usage of non-compliant
setup URLs for RTSP servers where the automatic fallback
doesn't work
- urisourcebin: gapless playback and program switching fixes
- v4l2: various fixes
- va: Fix potential deadlock with multiple va elements used in
parallel
- meson: option to disable gst-full for static-library build
configurations that do not need this
- Various bug fixes, memory leak fixes, and other stability and
reliability improvements
+ gstreamer:
- bin: Don't keep the object lock while setting a GstContext
when handling NEED_CONTEXT
- core: Log pad name, not just the pointer
==== gstreamer-plugins-bad ====
Version update (1.24.6 -> 1.24.7)
Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0
- Update to version 1.24.7:
+ aom: av1enc: restrict allowed input width and height
+ h264parse:
- bypass check for length_size_minus_one
- Reject FD received before SPS
+ msdk: replace strcmp with g_strcmp0
+ msdkvc1dec crashes (segfault)
+ rsvgoverlay: add debug category
+ va:
- don't use GST_ELEMENT_WARNING in set_context() vmethod to fix
potential deadlock
- deadlock when playing two videos at once
+ webrtc: Add missing G_BEGIN/END_DECLS in header for C++
+ wpe: initialize threading.ready before reading it
- Drop 85b4fbf40b1d53a4141941abf70d2d4d83eb140e.patch: Fixed
upstream.
==== gstreamer-plugins-base ====
Version update (1.24.6 -> 1.24.7)
Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0
- Update to version 1.24.7:
+ pbutils: descriptions: use subsampling factor to get YUV
subsampling
+ rtspconnection: Handle invalid argument properly
+ urisourcebin:
- Actually drop EOS on old-school pad switch
- Don't hold lock when emitting about-to-finish
+ gst-launch deadlock with two playbin3s
+ xvimagesink: Fix crash in pool on error
- Add gst-plugins-base-decodebin3-collection-identity-check.patch:
- Fixes a assertion causing crash on track change. Upstream bug:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3742
==== gstreamer-plugins-libav ====
Version update (1.24.6 -> 1.24.7)
- Update to version 1.24.7:
+ avdemux: Fix deadlock with FFmpeg 7.x when serialized events
are received from upstream while opening, such as e.g. APE
files with tags
+ libav: return EOF when stream is out of data
+ avdemux: Never return 0 from read function, which would lead to
infinite loops
==== gstreamer-plugins-ugly ====
Version update (1.24.6 -> 1.24.7)
- Update to version 1.24.7:
+ No changes, stable version bump only.
==== inn ====
- replace /var/run/news with /run/news in /usr/lib/tmpfiles.d/inn.conf
* avoid warning: Line references path below legacy directory /var/run
==== kmod ====
Version update (32 -> 33)
Subpackages: kmod-bash-completion libkmod2
- Update to release 33
* Add weak dependencies
* Stop parsing .alias files from modprobe.d directories
- Delete no-stylesheet-download.patch (merged)
- Add 0001-testsuite-fix-path-for-test-user.patch
==== libapparmor ====
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
==== libheif ====
Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openjpeg libheif-rav1e libheif-svtenc libheif1
- Add heif-convert to the files list of the heif-examples sub-package
==== liblouis ====
Version update (3.29.0 -> 3.30.0)
Subpackages: liblouis-data liblouis20 python3-louis
- Update to version 3.30.0:
+ Many changes. See NEWS.
- Drop s390x-support.patch: fixed upstream.
- Add m4 to BuildRequires. It is needed to build some of the
translation tables.
==== libreoffice ====
Version update (24.2.5.2 -> 24.8.0.3)
Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-en libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-qt6 libreoffice-writer libreofficekit
- Make the libassuan requirement more generic (bsc#1229103)
- Update to 24.8.0.3 (24.8.0 final)
https://wiki.documentfoundation.org/Releases/24.8.0/Beta1,
https://wiki.documentfoundation.org/Releases/24.8.0/RC1,
https://wiki.documentfoundation.org/Releases/24.8.0/RC2 and
https://wiki.documentfoundation.org/Releases/24.8.0/RC3
- Removed patches:
* cve-2024-5261.patch
* icu-74-compatibility.patch
* pdfium-optional.patch
* use-fixmath-shared-library.patch
+ not needed with this version
==== libtirpc ====
Version update (1.3.4 -> 1.3.5)
Subpackages: libtirpc-netconfig libtirpc3
- update to 1.3.5:
* Try using a new abstract address when connecting to rpcbind
* Change local_rpcb() to take a targaddr pointer.
* Allow working with abstract AF_UNIX addresses.
* rpcb_clnt.c: memory leak in destroy_addr
* _rpc_dtablesize: Decrease the value of size.
* netconfig: remove tcp6, udp6 on --disable-ipv6
* gssapi: fix rpc_gss_seccreate passed in cred
* Revert commit f5b6e6fdb1e6 "gss-api: expose gss major/minor
error in authgss_refresh()".
==== nfs-utils ====
Subpackages: libnfsidmap1 nfs-client nfs-kernel-server
- add 0001-gssd-revert-commit-a5f3b7ccb01c.patch,
0002-gssd-revert-commit-513630d720bd.patch,
0003-gssd-switch-to-using-rpc_gss_seccreate.patch,
0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch,
0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch,
0006-configure-check-for-rpc_gss_seccreate.patch: fixes for
libtirpc 1.3.5
==== openSUSE-release ====
Version update (20240820 -> 20240825)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== openjpeg2 ====
- Make version check for the work around reliable to not silently
match Factory/Tumbleweed.
- Work around a bug by cmake installing docs into the wrong
directory when building for openSUSE Leap 15.5
==== rpcbind ====
Version update (1.2.6 -> 1.2.7)
- Update to rpcbind 1.2.7
https://sourceforge.net/projects/rpcbind/files/rpcbind/1.2.7/1.2.7-ChangeLog/download
* rpcinfo: try connecting using abstract address
* Listen on an AF_UNIX abstract address if supported
* autotools/systemd: call rpcbind with -w only on enabled warm starts
* rpcbind: fix double free in init_transport
- Refresh and rename patches (while turning them into git patches)
* 0001-systemd-unit-files.patch -> 0001-systemd-rpcbind.service-Fix-ordering-add-etc-sysconf.patch
* harden_rpcbind.service.patch -> 0001-systemd-rpcbind.service-Add-hardening-bsc-1181400.patch
==== samba ====
Version update (4.20.2+git.350.4cfcde9cdb -> 4.20.4+git.356.d4a5fa2a818)
Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-libs samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs
- Fix a crash when joining offline and 'kerberos method' includes
keytab; (bsc#1228732).
- Update to 4.20.4
* --version-* options are still not ergonomic, and they reject
tilde characters; (bso#15673).
- Update to 4.20.3
* Running samba-bgqd a a standalone systemd service does not
work; (bso#15683).
* When claims enabled with heimdal kerberos, unable to log on
to a Windows computer when user account need to change their
own password; (bso#15655).
* Invalid client warning about command line passwords;
(bso#15671).
* Version string is truncated in manpages; (bso#15672).
* cmdline_burn does not always burn secrets; (bso#15674).
* Samba does not parse SDDL found in defaultSecurityDescriptor
in AD_DS_Classes_Windows_Server_v1903.ldf; (bso#15685).
* The images don\'t build after the git security release and
CentOS 8 Stream is EOL; (bso#15660).
* Fix clock skew error message and memory cache clock skew
recovery; (bso#15676).
* Heimdal ignores _gsskrb5_decapsulate errors in
init_sec_context/repl_mutual; (bso#15603).
* s4:ldap_server: does not support tls channel bindings for
sasl binds; (bso#15621).
* CTDB socket output queues may suffer unbounded delays under
some special conditions; (bso#15678).
==== selinux-policy ====
Version update (20240816 -> 20240823)
Subpackages: selinux-policy-targeted
- Update to version 20240823:
* Allow rasdaemon write access to sysfs (bsc#1229587)
==== spacenavd ====
Version update (1.2 -> 1.3)
- Version 1.3
* Support for dominant axis mode. Dominant axis toggle can be bound as
a button action.
* Fixed device detection for some serial Spaceballs which were misdetected
due to spurious data arriving before the "@reset".
* Normalized default axis mapping/sign for CadMan USB and Spaceball 5000 USB.
* Linux: stop using the evdev time field, which was dropped in 32bit linux
for year 2038 compatibility.
* Protocol: added missing set/get requests for the repeat interval.
* Updated device blacklists to ignore 3Dconnexion keyboards/mice.
* Build improvements and fixes for various platforms.
- Add libXext as a build requires
==== systemd-presets-common-SUSE ====
- Add presets to enable dbus-broker.service for both system and user
due to naming socket activation doesn't work directly.
- Order .presets file alphabetically via service.
==== yast2-storage-ng ====
Version update (5.0.15 -> 5.0.16)
- Tiny internal code reorganization to ease Agama development at
gh#openSUSE/agama#1448.
- 5.0.16
==== yast2-users ====
Version update (5.0.1 -> 5.0.2)
- Relax check in GECOS field (bsc#1228149):
Allow any data except colons
- 5.0.2