Packages changed:
MozillaFirefox (130.0.1 -> 131.0)
SDL2 (2.30.7 -> 2.30.8)
apache2
apache2-manual
apache2-prefork
apache2-utils
apparmor (4.0.2 -> 4.0.3)
audit-secondary
autoyast2 (5.0.2 -> 5.0.3)
branding-openSUSE
cpupower (6.10.11 -> 6.11.0)
ell (0.67 -> 0.69)
ffmpeg-7 (7.0.2 -> 7.1)
filesystem
flatpak
glibc
grub2
gtk4 (4.16.2 -> 4.16.2+10)
javapackages-tools (6.2.0 -> 6.3.2)
kernel-firmware (20240913 -> 20241001)
kpipewire6
libapparmor (4.0.2 -> 4.0.3)
libarchive (3.7.4 -> 3.7.6)
libeconf
libgsf (1.14.52 -> 1.14.53)
libproxy-backend (0.5.7 -> 0.5.9)
libproxy-client (0.5.7 -> 0.5.9)
libvirt (10.7.0 -> 10.8.0)
mozjs115
open-iscsi
openSUSE-release (20241001 -> 20241006)
opensc
python-PyYAML (6.0.1 -> 6.0.2)
python-anyio (4.4.0 -> 4.6.0)
python-argcomplete
python-libvirt-python (10.7.0 -> 10.8.0)
python-pycurl
python-urllib3 (2.1.0 -> 2.2.3)
qcoro-qt6 (0.10.0 -> 0.11.0)
qt6-base (6.7.2 -> 6.7.3)
qt6-declarative (6.7.2 -> 6.7.3)
qt6-imageformats (6.7.2 -> 6.7.3)
qt6-multimedia (6.7.2 -> 6.7.3)
qt6-networkauth (6.7.2 -> 6.7.3)
qt6-positioning (6.7.2 -> 6.7.3)
qt6-qt5compat (6.7.2 -> 6.7.3)
qt6-quick3d (6.7.2 -> 6.7.3)
qt6-quicktimeline (6.7.2 -> 6.7.3)
qt6-sensors (6.7.2 -> 6.7.3)
qt6-shadertools (6.7.2 -> 6.7.3)
qt6-speech (6.7.2 -> 6.7.3)
qt6-svg (6.7.2 -> 6.7.3)
qt6-tools (6.7.2 -> 6.7.3)
qt6-translations (6.7.2 -> 6.7.3)
qt6-virtualkeyboard (6.7.2 -> 6.7.3)
qt6-wayland (6.7.2 -> 6.7.3)
qt6-webchannel (6.7.2 -> 6.7.3)
qt6-webengine (6.7.2 -> 6.7.3)
qt6-webview (6.7.2 -> 6.7.3)
systemd-presets-common-SUSE
update-bootloader (1.15 -> 1.16)
virtiofsd
xwayland (24.1.2 -> 24.1.3)
yast2 (5.0.9 -> 5.0.10)
yast2-iscsi-client (5.0.2 -> 5.0.3)
yast2-security (5.0.1 -> 5.0.2)
yast2-users (5.0.2 -> 5.0.3)
=== Details ===
==== MozillaFirefox ====
Version update (130.0.1 -> 131.0)
- Firefox 131.0
https://www.mozilla.org/en-US/firefox/131.0/releasenotes/
MFSA 2024-46 (bsc#1230979)
* CVE-2024-9391 (bmo#1892407)
Prevent users from exiting full-screen mode in Firefox Focus
for Android
* CVE-2024-9392 (bmo#1899154, bmo#1905843)
Compromised content process can bypass site isolation
* CVE-2024-9393 (bmo#1918301)
Cross-origin access to PDF contents through multipart responses
* CVE-2024-9394 (bmo#1918874)
Cross-origin access to JSON contents through multipart responses
* CVE-2024-9395 (bmo#1906024)
Specially crafted filename could be used to obscure download type
* CVE-2024-9396 (bmo#1912471)
Potential memory corruption may occur when cloning certain objects
* CVE-2024-9397 (bmo#1916659)
Potential directory upload bypass via clickjacking
* CVE-2024-9398 (bmo#1881037)
External protocol handlers could be enumerated via popups
* CVE-2024-9399 (bmo#1907726)
Specially crafted WebTransport requests could lead to denial
of service
* CVE-2024-9400 (bmo#1915249)
Potential memory corruption during JIT compilation
* CVE-2024-9401 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476)
Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16,
Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
* CVE-2024-9402 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445,
bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476)
Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3,
Thunderbird 131, and Thunderbird 128.3
* CVE-2024-9403 (bmo#1917807)
Memory safety bugs fixed in Firefox 131 and Thunderbird 131
- requires NSS 3.104
- rebased patches
- Don't use clang18-devel on Leap as they don't have that version.
==== SDL2 ====
Version update (2.30.7 -> 2.30.8)
- Update to release 2.30.8
* Fixed a crash in XInput code at startup
* Fixed flooding the OS with I/O when a PS4/PS5 controller is
disconnected
* Added SDL_VIDEO_DOUBLE_BUFFER support to the Wayland backend
* SDL_WINDOWEVENT_EXPOSED is sent appropriately when using
Wayland
* Fixed hang at startup in audio code when the application has
large stack usage on Linux
* Fixed initializing KMSDRM on older Linux systems
==== apache2 ====
- Add /srv/www directories to filelist [bsc#1231027]
(apache2 will not start since default config uses this directory)
==== apache2-manual ====
- Add /srv/www directories to filelist [bsc#1231027]
(apache2 will not start since default config uses this directory)
==== apache2-prefork ====
- Add /srv/www directories to filelist [bsc#1231027]
(apache2 will not start since default config uses this directory)
==== apache2-utils ====
- Add /srv/www directories to filelist [bsc#1231027]
(apache2 will not start since default config uses this directory)
==== apparmor ====
Version update (4.0.2 -> 4.0.3)
Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- add mesa-cachedir.diff: new cachedir in Mesa 24.2.2
- update to AppArmor 4.0.3
- several small bugfixes
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.3
for the full release notes
==== audit-secondary ====
Subpackages: audit audit-rules python3-audit system-group-audit
- Readd audit-allow-manual-stop.patch (removed by mistake)
- Fix plugin termination when using systemd service units (bsc#1215377)
* add auditd.service-fix-plugin-termination.patch
==== autoyast2 ====
Version update (5.0.2 -> 5.0.3)
Subpackages: autoyast2-installation
- Removed obsolete USERADD_CMD, USERDEL_PRECMD, USERDEL_POSTCMD
(bsc#1231006)
- 5.0.3
==== branding-openSUSE ====
Subpackages: grub2-branding-openSUSE libreoffice-branding-openSUSE plymouth-branding-openSUSE wallpaper-branding-openSUSE yast2-qt-branding-openSUSE
- Install the grub2 branding if grub2-common is present
==== cpupower ====
Version update (6.10.11 -> 6.11.0)
Subpackages: cpupower-bash-completion libcpupower1
- Upstream fixed lib default installation path in 3a5bb5066f4c
[- cpupower_exclude_kernel_Makefile.patch]
==== ell ====
Version update (0.67 -> 0.69)
- Update to version 0.69
* Add support for getting remaining microseconds left on a
timer.
* Add support for setting link MTU on a network interface.
version 0.68:
* Fix issue with string allocation growth strategy.
* Add support for netlink helper functions.
==== ffmpeg-7 ====
Version update (7.0.2 -> 7.1)
Subpackages: libavcodec61 libavfilter10 libavformat61 libavutil59 libpostproc58 libswresample5 libswscale8
- Update to release 7.1
* ffmpeg CLI filtergraph chaining
* pad_vaapi, drawbox_vaapi filters
* vf_scale supports secondary ref input and framesync options
* vf_scale2ref deprecated
* removed DEC Alpha DSP and support code
* perlin video source
* Cropping metadata parsing and writing in Matroska and MP4/MOV
de/muxers
* YUV colorspace negotiation for codecs and filters, obsoleting
the YUVJ pixel format
* Vulkan H.264 and H.265 encoders
* stream specifiers in fftools can now match by stream
disposition
* LCEVC enhancement data exporting in H.26x and MP4/ISOBMFF
* LCEVC filter
- Delete patches/ffmpeg-7-fix-crashes.patch,
0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch (merged)
- Fix assertion due to missing priv_data cleanup on failed VAAPI
acceleration with 11013-avcodec-decode-clean-up-if-get_hw_frames_parameters-.patch
(ffmpeg#11013, vlc#28811)
- no longer build against libmfx; build also 15.5 against libvpl
(boo#1230983)
==== filesystem ====
- Move /srv/www hierachy to the packages which use them
[bsc#1231027]
==== flatpak ====
Subpackages: flatpak-remote-flathub flatpak-selinux flatpak-zsh-completion libflatpak0 system-user-flatpak
- Explicitly BuildRequire selinux-policy-targeted to allow
selinux_relabel_* in scriptlets to work on other codestreams
==== glibc ====
Subpackages: glibc-devel glibc-extra glibc-gconv-modules-extra glibc-locale glibc-locale-base nscd
- langpacks are no more used. Drop glibc-2.3.90-langpackdir.diff.
- gen-tempname-randomness.patch: Fix missing randomness in __gen_tempname
(bsc#1230965, BZ #32214)
- Use nss-systemd by default also in SLE (bsc#1230638)
==== grub2 ====
Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin
- Fix missng menu entry "Start bootloader from a read-only snapshot" by
ensuring grub2-snapper-plugin is installed when both snapper and grub2-common
are installed (bsc#1231271)
- Fix OOM error in loading loopback file (bsc#1230840)
* 0001-tpm-Skip-loopback-image-measurement.patch
- Fix UEFI PXE boot failure on tagged VLAN network (bsc#1230263)
* 0001-efinet-Skip-virtual-VLAN-devices-during-card-enumera.patch
- Fix grub screen is filled with artifects from earlier post menu (bsc#1224465)
* grub2-SUSE-Add-the-t-hotkey.patch
* 0001-fix-grub-screen-filled-with-post-screen-artifects.patch
- Introduces a new package, grub2-x86_64-efi-bls, which includes a
straightforward grubbls.efi file. This file can be copied to the EFI System
Partition (ESP) along with boot fragments in the Boot Loader Specification
(BLS) format
* 0001-Streamline-BLS-and-improve-PCR-stability.patch
- Fix crash in bli module (bsc#1226497)
* 0001-bli-Fix-crash-in-get_part_uuid.patch
- Rework package dependencies: grub2-common now includes common userland
utilities and is required by grub2 platform packages. grub2 is now a meta
package that pulls in the default platform package.
==== gtk4 ====
Version update (4.16.2 -> 4.16.2+10)
Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0
- Update to version 4.16.2+10:
* wayland: Look for default cursor theme in XDG directories
* wayland: Clear settings_portal when going to fallback with no
portal settings
* wayland: Use the same default cursor size as gsettings schema
* Updated translations.
==== javapackages-tools ====
Version update (6.2.0 -> 6.3.2)
Subpackages: javapackages-filesystem
- Upgrade to upstream version 6.3.2
* Changes
+ spec: Update Obsoletes versions
+ Search for JAVACMD under JAVA_HOME only if it's set
+ Obsolete set_jvm and set_jvm_dirs functions
+ Drop unneeded _set_java_home function
+ Remove JAVA_HOME check from check_java_env function
+ Bump codecov/codecov-action from 2.0.2 to 4.6.0
+ Bump actions/setup-python from 4 to 5
+ Bump actions/checkout from 2 to 4
+ Add custom dependabot config
+ Remove the test for JAVA_HOME and error if it is not set
+ java-functions: Remove unneeded local variables
+ Fix build status shield
- Removed patch:
* 0001-Double-quote-to-avoid-substitution-during-build.patch
+ Fixed differently in this version
- Upgrade to upstream version 6.3.1
* Changes:
+ Allow missing components with abs2rel
+ Fix tests with python 3.4
+ Sync spec file from Fedora
+ Drop default JRE/JDK
+ Fix the use of java-functions in scripts
+ Update RPM spec file
+ Reproducible builds: constant timestamp for pom.properties
+ Test that we don't bomb on <relativePath/>
+ Test variable expansion in artifactId
+ Interpolate properties also in the current artifact
+ Rewrite abs2rel in shell
+ Use asciidoctor instead of asciidoc
+ Fix incompatibility with RPM 4.20
+ Don't define %topdir macro
+ coverage: use usercustomize
+ Reproducible builds: keep order of aliases and dependencies
+ Reproducible exclusions order in maven metadata
+ Do not bomb on <relativePath/> construct
+ Make maven_depmap order of aliases reproducible
- Removed patches:
* 0001-Make-maven_depmap-order-of-aliases-reproducible.patch
* 0002-Do-not-bomb-on-relativePath-construct.patch
* 0003-Reproducible-exclusions-order-in-maven-metadata.patch
* 0004-Reproducible-builds-keep-order-of-aliases-and-depend.patch
* 0005-Interpolate-properties-also-in-the-current-artifact.patch
* 0006-Test-variable-expansion-in-artifactId.patch
* 0007-Test-that-we-don-t-bomb-on-relativePath.patch
* 0008-Reproducible-builds-constant-timestamp-for-pom.prope.patch
+ Integrated in this version
- Added patch:
* 0001-Double-quote-to-avoid-substitution-during-build.patch
+ Double-quote a macro in macros.jpackages to avoid value
substitution during the build
==== kernel-firmware ====
Version update (20240913 -> 20241001)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network
- Update to version 20241001 (git commit 51e5af813eaf):
* linux-firmware: add firmware for MediaTek Bluetooth chip (MT7920)
* linux-firmware: add firmware for MT7920
* amdgpu: update raven firmware
* amdgpu: update SMU 13.0.10 firmware
* amdgpu: update PSP 13.0.10 firmware
* amdgpu: update GC 11.0.3 firmware
* amdgpu: update VCN 3.1.2 firmware
* amdgpu: update PSP 13.0.5 firmware
* amdgpu: update PSP 13.0.8 firmware
* amdgpu: update vega12 firmware
* amdgpu: update PSP 14.0.4 firmware
* amdgpu: update GC 11.5.2 firmware
* amdgpu: update vega10 firmware
* amdgpu: update VCN 4.0.0 firmware
* amdgpu: update PSP 13.0.0 firmware
* amdgpu: update GC 11.0.0 firmware
* amdgpu: update picasso firmware
* amdgpu: update beige goby firmware
* amdgpu: update vangogh firmware
* amdgpu: update dimgrey cavefish firmware
* amdgpu: update navy flounder firmware
* amdgpu: update green sardine firmware
* amdgpu: update VCN 4.0.2 firmware
* amdgpu: update PSP 13.0.4 firmware
* amdgpu: update GC 11.0.1 firmware
* amdgpu: update sienna cichlid firmware
* amdgpu: update VCN 4.0.6 firmware
* amdgpu: update PSP 14.0.1 firmware
* amdgpu: update GC 11.5.1 firmware
* amdgpu: update VCN 4.0.5 firmware
* amdgpu: update PSP 14.0.0 firmware
* amdgpu: update GC 11.5.0 firmware
* amdgpu: update navi14 firmware
* amdgpu: update renoir firmware
* amdgpu: update navi12 firmware
* amdgpu: update SMU 13.0.6 firmware
* amdgpu: update SDMA 4.4.2 firmware
* amdgpu: update PSP 13.0.6 firmware
* amdgpu: update GC 9.4.3 firmware
* amdgpu: update yellow carp firmware
* amdgpu: update VCN 4.0.4 firmware
* amdgpu: update PSP 13.0.7 firmware
* amdgpu: update GC 11.0.2 firmware
* amdgpu: update navi10 firmware
* amdgpu: update aldebaran firmware
* qcom: update gpu firmwares for qcm6490 chipset
* mt76: mt7996: add firmware files for mt7992 chipset
* mt76: mt7996: add firmware files for mt7996 chipset variants
* qcom: add gpu firmwares for sa8775p chipset
* rtw89: 8922a: add fw format-2 v0.35.42.1
- Pick up the fixed ath12k firmware from
https://git.codelinaro.org/clo/ath-firmware/ath12k-firmware
(bsc#1230596)
- Update aliases from 6.11.x and 6.12-rc1
==== kpipewire6 ====
Subpackages: kpipewire6-imports libKPipeWire6 libKPipeWireDmaBuf6 libKPipeWireRecord6
- Add ffmpeg 7.1 compatibility patch:
* 0001-h264vaapi-Use-the-proper-getter-for-getting-the-hard.patch
==== libapparmor ====
Version update (4.0.2 -> 4.0.3)
- add mesa-cachedir.diff: new cachedir in Mesa 24.2.2
- update to AppArmor 4.0.3
- several small bugfixes
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.3
for the full release notes
==== libarchive ====
Version update (3.7.4 -> 3.7.6)
- Update to 3.7.6:
* tar: clean up linkpath between entries
* tar: fix memory leaks when processing symlinks or parsing pax headers
* iso: be more cautious about parsing ISO-9660 timestamps
- Version 3.7.5 changes:
* fix multiple vulnerabilities identified by SAST
* cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
* lzop: prevent integer overflow
* rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696, bsc#1225971)
* rar4: fix CVE-2024-26256 (CVE-2024-26256, bsc#1225972)
* rar4: fix OOB in delta and audio filter
* rar4: fix out of boundary access with large files
* rar4: add boundary checks to rgb filter
* rar4: fix OOB access with unicode filenames
* rar5: clear 'data ready' cache on window buffer reallocs
* rpm: calculate huge header sizes correctly
* unzip: unify EOF handling
* util: fix out of boundary access in mktemp functions
* uu: stop processing if lines are too long
* 7zip: fix issue when skipping first file in 7zip archive that is a multiple
of 65536 bytes
* ar: fix archive entries having no type
* lha: do not allow negative file sizes
* lha: fix integer truncation on 32-bit systems
* shar: check strdup return value
* rar5: don't try to read rediculously long names
* xar: fix another infinite loop and expat error handling
* many Windows fixes, cleanups and improvements
- Drop fix-soversion.patch, fix-bsdunzip-test.patch
* Fixed upstream
==== libeconf ====
- Updated license in the spec file to MIT.
==== libgsf ====
Version update (1.14.52 -> 1.14.53)
Subpackages: gsf-office-thumbnailer libgsf-1-114
- Update to version 1.14.53:
+ Compilation fixes for libxml 2.13
+ Fix ABR in gsf-vba-dump.
+ Teach gsf (the tool) to handle odf properties.
+ Fix integer overflows affecting memory allocation.
+ Add missing "DocumentStatus" ole2 property.
+ Avoid some undefined C behaviour in overflow checks.
==== libproxy-backend ====
Version update (0.5.7 -> 0.5.9)
- Update to version 0.5.9:
+ Ignore invalid proxy URL.
+ Memleak fixes.
+ kde: Add ReversedException support.
+ Fix memory leak using PX_FORCE_CONFIG.
+ Update msys2 build steps.
+ Remove white space in key value.
- Changes from version 0.5.8:
+ Update repology list.
+ Properly handle empty proxy ignore entry.
+ Add support for direct keyword in PAC.
==== libproxy-client ====
Version update (0.5.7 -> 0.5.9)
- Update to version 0.5.9:
+ Ignore invalid proxy URL.
+ Memleak fixes.
+ kde: Add ReversedException support.
+ Fix memory leak using PX_FORCE_CONFIG.
+ Update msys2 build steps.
+ Remove white space in key value.
- Changes from version 0.5.8:
+ Update repology list.
+ Properly handle empty proxy ignore entry.
+ Add support for direct keyword in PAC.
==== libvirt ====
Version update (10.7.0 -> 10.8.0)
Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs
- Update to libvirt 10.8.0
- libvirt-daemon-driver-storage-core: Change dependency on
nfs-utils from Requires to Recommends
- Switch from YAJL to json-c for JSON parsing and formatting
- jsc#PED-8909
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html#v10-8-0-2024-10-01
==== mozjs115 ====
- Add mozjs115-CVE-2024-45492.patch:
Backporting 9bf0f2c1 from libexpat upstream, Detect integer
overflow in function nextScaffoldPart.
(CVE-2024-45492, bsc#1230038)
- Add mozjs115-CVE-2024-45491.patch:
Backporting 8e439a99 from libexpat upstream, Detect integer
overflow in dtdCopy.
(CVE-2024-45491, bsc#1230037)
- Add mozjs115-CVE-2024-45490-part01-5c1a3164.patch:
Backporting 5c1a3164 from libexpat upstream, Reject negative len
for XML_ParseBuffer.
CVE-2024-45490's fixes including 3 parts: 5c1a3164 for libexpat
sources; c12f039b for libexpat tests; 2db23301 for libexpat docs;
Because mozjs only embeds libexpat sources, so unnecessary to
port prart02 and part03.
(CVE-2024-45490, bsc#1230036)
==== open-iscsi ====
Subpackages: libopeniscsiusr0
- Update to version 2.1.10.suse+51.fea0fde82ed1:
* Incudes upstream version 2.1.10 plus some fixes
* Fix firmware targets startup to always be "onboot" (#482)
(bsc#1228084)
* Change a discovery function to void return type (#481)
* Fix gcc issues (#480)
* Bugfix read specific sysfs value "off" of session attribute (#466)
* Fix bug where abort_tmo read failures were ignored. (#467)
* grammar nitpicks (#464)
* Fix memory leak in iscsi_check_session_use_count (#465)
* improve the comments in idbm_lock() (#458)
* Make it visible when memory allocation failure (#457)
* Better handle multiple iscsiadm commands (#453)
* iscsiadm: allow hostnames in node-mode commands (#451)
* Modify how workqueue priority is set (#445)
* Fix authmethod check by printing a warning message when CHAP used and authmethod=None (#443)
* iscsid: Rescan devices on relogin (#444)
* Adds missing characters in README. (#440)
* Turn off iSCSI NOP-Outs, by default.
* fix: add usr/iscsid_req.h missinig underline (#431) (#436)
==== openSUSE-release ====
Version update (20241001 -> 20241006)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== opensc ====
Subpackages: opensc-bash-completion
- - Security fix: [CVE-2024-8443, bsc#1230364]
* opensc: heap buffer overflow in OpenPGP driver when generating key
* Added patch: opensc-CVE-2024-8443.patch
- Security fix: [opensc-CVE-2024-45620, bsc#1230076]
- Security fix: [opensc-CVE-2024-45619, bsc#1230075]
- Security fix: [opensc-CVE-2024-45618, bsc#1230074]
- Security fix: [opensc-CVE-2024-45617, bsc#1230073]
- Security fix: [opensc-CVE-2024-45616, bsc#1230072]
- Security fix: [opensc-CVE-2024-45615, bsc#1230071]
* opensc: pkcs15init: Usage of uninitialized values in libopensc and pkcs15init
* opensc: Uninitialized values after incorrect check or usage of APDU response values in libopensc
* opensc: Uninitialized values after incorrect or missing checking return values of functions in libopensc
* opensc: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init
* opensc: Incorrect handling length of buffers or files in libopensc
* opensc: Incorrect handling of the length of buffers or files in pkcs15init
* Added patches:
- opensc-CVE-2024-45615.patch
- opensc-CVE-2024-45616.patch
- opensc-CVE-2024-45617.patch
- opensc-CVE-2024-45618.patch
- opensc-CVE-2024-45619.patch
- opensc-CVE-2024-45620.patch
==== python-PyYAML ====
Version update (6.0.1 -> 6.0.2)
- Update to 6.0.2
* Support for Cython 3.x and Python 3.13
- Adjust invocation path for testsuite
- Adjust upstream source name in spec file
- Drop build-with-cython3.patch, merged upstream
==== python-anyio ====
Version update (4.4.0 -> 4.6.0)
- update to 4.6.0:
* Dropped support for Python 3.8 (as #698 cannot be resolved
without cancel message support)
* Fixed 100% CPU use on asyncio while waiting for an exiting task
group to finish while said task group is within a cancelled
cancel scope (#695)
* Fixed cancel scopes on asyncio not propagating CancelledError
on exit when the enclosing cancel scope has been effectively
cancelled (#698)
* Fixed asyncio task groups not yielding control to the event
loop at exit if there were no child tasks to wait on
* Fixed inconsistent task uncancellation with asyncio cancel
scopes belonging to a task group when said task group has child
tasks running
- update to 4.5.0:
* Improved the performance of anyio.Lock and anyio.Semaphore on
asyncio (even up to 50 %)
* Added the fast_acquire parameter to anyio.Lock and
anyio.Semaphore to further boost performance at the expense of
safety (acquire() will not yield control back if there is no
contention)
* Added support for the from_uri(), full_match(), parser
methods/properties in anyio.Path, newly added in Python 3.13
(#737)
* Added support for more keyword arguments for run_process() and
open_process(): startupinfo, creationflags, pass_fds, user,
group, extra_groups and umask (#742)
* Improved the type annotations and support for PathLike in
run_process() and open_process() to allow for path-like
arguments, just like subprocess.Popen
* Changed the ResourceWarning from an unclosed memory object
stream to include its address for easier identification
* Changed start_blocking_portal() to always use daemonic threads,
to accommodate the "loitering event loop" use case
* Bumped the minimum version of Trio to v0.26.1
* Fixed __repr__() of MemoryObjectItemReceiver, when item is not
defined (#767; PR by @Danipulok)
* Fixed to_process.run_sync() failing to initialize if
__main__.__file__ pointed to a file in a nonexistent directory
(#696)
* Fixed AssertionError: feed_data after feed_eof on asyncio when
a subprocess is closed early, before its output has been read
(#490)
* Fixed TaskInfo.has_pending_cancellation() on asyncio not
respecting shielded scopes (#771; PR by @gschaffner)
* Fixed SocketStream.receive() returning bytearray instead of
bytes when using asyncio with ProactorEventLoop (Windows)
(#776)
* Fixed quitting the debugger in a pytest test session while in
an active task group failing the test instead of exiting the
test session (because the exit exception arrives in an
exception group)
* Fixed support for Linux abstract namespaces in UNIX sockets
that was broken in v4.2 (#781; PR by @tapetersen)
* Fixed KeyboardInterrupt (ctrl+c) hanging the asyncio pytest
runner
==== python-argcomplete ====
- Add skip-failing-tests-3_12_7.patch as a temporary workaround,
skip failing tests (gh#kislyuk/argcomplete#507).
==== python-libvirt-python ====
Version update (10.7.0 -> 10.8.0)
- Update to 10.8.0
- Add all new APIs and constants in libvirt 10.8.0
- jsc#PED-8909
==== python-pycurl ====
- Switching off test_multi_ tests, they are just too
unrealiable. When running the test cycle in cycle I have never
managed to make it pass ten times without this change.
==== python-urllib3 ====
Version update (2.1.0 -> 2.2.3)
- Update to 2.2.3:
* Features
+ Added support for Python 3.13.
* Bugfixes
+ Fixed the default encoding of chunked request bodies to be UTF-8
instead of ISO-8859-1. All other methods of supplying a request body
already use UTF-8 starting in urllib3 v2.0.
+ Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting
python/cpython#103472.
+ Fixed a crash where certain standard library hash functions were absent
in restricted environments.
+ Added the Proxy-Authorization header to the list of headers to strip
from requests when redirecting to a different host. As before,
different headers can be set via Retry.remove_headers_on_redirect.
+ Allowed passing negative integers as amt to read methods of
http.client.HTTPResponse as an alternative to None.
+ Fixed issue where InsecureRequestWarning was emitted for HTTPS
connections when using Emscripten.
+ Fixed HTTPConnectionPool.urlopen to stop automatically casting
non-proxy headers to HTTPHeaderDict. This change was premature as it
did not apply to proxy headers and HTTPHeaderDict does not handle byte
header values correctly yet.
+ Changed InvalidChunkLength to ProtocolError when response terminates
before the chunk length is sent.
+ Changed ProtocolError to be more verbose on incomplete reads with
excess content.
+ Added support for HTTPResponse.read1() method.
+ Fixed issue where requests against urls with trailing dots were
failing due to SSL errors when using proxy.
+ Fixed HTTPConnection.proxy_is_verified and
HTTPSConnection.proxy_is_verified to be always set to a boolean after
connecting to a proxy. It could be None in some cases previously.
+ Fixed an issue where headers passed in a request with json= would be
mutated
+ Fixed HTTPSConnection.is_verified to be set to False when connecting
from a HTTPS proxy to an HTTP target. It was set to True previously.
+ Fixed handling of new error message from OpenSSL 3.2.0 when configuring
an HTTP proxy as HTTPS
+ Fixed TLS 1.3 post-handshake auth when the server certificate
validation is disabled
* HTTP/2 (experimental)
+ Excluded Transfer-Encoding: chunked from HTTP/2 request body
+ Added a probing mechanism for determining whether a given target
origin supports HTTP/2 via ALPN.
+ Add support for sending a request body with HTTP/2
* Removals
+ Drop support for end-of-life PyPy3.8 and PyPy3.9.
- Drop patches, they are now included upstream:
* CVE-2024-37891.patch
* openssl-3.2.patch
- Included patched hypercorn, which is only unpacked and used for the test
suite.
==== qcoro-qt6 ====
Version update (0.10.0 -> 0.11.0)
Subpackages: libQCoro6Core0 libQCoro6DBus0
- Update to 0.11.0
* Suppress Clang error when building against Android NDK <= 25
* Add QtGui dependency if QCORO_WITH_QTQUICK=ON
* Fix wrong result of QCoroIODevice::write()
* Add override to fix build failure due to -Werror -Wsuggest-override
* Fix coroutine being resumed on a wrong thread after timeout
* Implement QCoroFuture::takeResult
* #include , needed by std::exception_ptr
* waitFor(QCoro::Task): Do not require T to be default
constructible
* Add QCORO_BUILD_TESTING to allow overriding BUILD_TESTING
* Use refcount to track when to destroy coroutine
* Drop support for older compilers
* Implement LazyTask
* Use QueuedConnection for signals in QCoroNetworkReply
* Awaiting a default-constructed or moved-from Task will hang
* Add a backround task example
==== qt6-base ====
Version update (6.7.2 -> 6.7.3)
Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6Widgets6 libQt6Xml6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-platformtheme-gtk3 qt6-printsupport-cups qt6-sql-mysql qt6-sql-sqlite
- Add upstream fix:
* 0001-Revert-xcb-handle-XI2-input-button-and-motion-events.patch
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
- Drop patches, merged upstream:
* gcc14.patch
* 0001-HTTP2-Delay-any-communication-until-encrypted-can-be.patch
==== qt6-declarative ====
Version update (6.7.2 -> 6.7.3)
Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickWidgets6 qt6-declarative-imports
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
==== qt6-imageformats ====
Version update (6.7.2 -> 6.7.3)
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
==== qt6-multimedia ====
Version update (6.7.2 -> 6.7.3)
Subpackages: libQt6Multimedia6 libQt6MultimediaQuick6 libQt6MultimediaWidgets6 libQt6Quick3DSpatialAudio6 libQt6SpatialAudio6 qt6-multimedia-imports
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
==== qt6-networkauth ====
Version update (6.7.2 -> 6.7.3)
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
==== qt6-positioning ====
Version update (6.7.2 -> 6.7.3)
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
==== qt6-qt5compat ====
Version update (6.7.2 -> 6.7.3)
Subpackages: libQt6Core5Compat6 qt6-qt5compat-imports
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
==== qt6-quick3d ====
Version update (6.7.2 -> 6.7.3)
Subpackages: libQt6Quick3D6 libQt6Quick3DAssetImport6 libQt6Quick3DAssetUtils6 libQt6Quick3DEffects6 libQt6Quick3DHelpers6 libQt6Quick3DHelpersImpl6 libQt6Quick3DParticleEffects6 libQt6Quick3DParticles6 libQt6Quick3DRuntimeRender6 libQt6Quick3DUtils6 qt6-quick3d-imports
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
==== qt6-quicktimeline ====
Version update (6.7.2 -> 6.7.3)
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
==== qt6-sensors ====
Version update (6.7.2 -> 6.7.3)
Subpackages: libQt6Sensors6
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
==== qt6-shadertools ====
Version update (6.7.2 -> 6.7.3)
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
==== qt6-speech ====
Version update (6.7.2 -> 6.7.3)
Subpackages: libQt6TextToSpeech6 qt6-texttospeech
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
==== qt6-svg ====
Version update (6.7.2 -> 6.7.3)
Subpackages: libQt6Svg6 libQt6SvgWidgets6
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
==== qt6-tools ====
Version update (6.7.2 -> 6.7.3)
Subpackages: libQt6Designer6 libQt6Help6 libQt6UiTools6 qt6-tools-qdbus
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
- Add fix-llvm19-build.patch to fix build with LLVM 19. Upstream
report is at https://bugreports.qt.io/browse/QTBUG-129146.
==== qt6-translations ====
Version update (6.7.2 -> 6.7.3)
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
==== qt6-virtualkeyboard ====
Version update (6.7.2 -> 6.7.3)
Subpackages: libQt6HunspellInputMethod6 libQt6VirtualKeyboard6 qt6-virtualkeyboard-imports
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
==== qt6-wayland ====
Version update (6.7.2 -> 6.7.3)
Subpackages: libQt6WaylandClient6 libQt6WaylandCompositor6 libQt6WaylandEglClientHwIntegration6 libQt6WaylandEglCompositorHwIntegration6 libQt6WlShellIntegration6
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
- Drop patches, merged upstream:
* 0001-Client-Ensure-that-guessed-popup-parent-has-a-shell-.patch
* 0001-client-Guard-against-windows-being-on-a-null-screen.patch
* 0002-Client-Improve-thread-safety-determining-window-size.patch
==== qt6-webchannel ====
Version update (6.7.2 -> 6.7.3)
Subpackages: libQt6WebChannel6 libQt6WebChannelQuick6 qt6-webchannel-imports
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
==== qt6-webengine ====
Version update (6.7.2 -> 6.7.3)
Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
==== qt6-webview ====
Version update (6.7.2 -> 6.7.3)
- Update to 6.7.3
* https://www.qt.io/blog/qt-6.7.3-released
==== systemd-presets-common-SUSE ====
- Enable audit-rules: audit-rules has been split form audit with
version 4.0 in order to be able to load rules earlier.
From audit changelog: One of the main features is the separation
of loading rules and logging events into separate services,
audit-rules.service and auditd.service.
==== update-bootloader ====
Version update (1.15 -> 1.16)
- merge gh#openSUSE/perl-bootloader#173
- grub2-bls: adjust config script test
- grub2-bls: adjust install script test
- grub2-bls: prefer sdbootutil over bootctl in install script
- adjust test environment
- grub2-bls: add default script
- grub2-bls, systemd-boot: add default script test
- grub2-bls: use bootctl to get default settings
- adjust default-settings tests
- update test result data
- add emacs config
- log efi boot manager config after install
- adjust test data
- support new grub2-bls package
- 1.16
==== virtiofsd ====
- Spec: Add direct dependency on cargo in addition to cargo-packaging.
This fixes build errors on 15SP7 where the inherited version of Rust
is too old
==== xwayland ====
Version update (24.1.2 -> 24.1.3)
- Update to bugfix release 24.1.3
* dix: check for calloc() failure in Xi event conversion routines
* dix: PolyText: fully initialize local_closure
* dix: SetFontPath: don't set errorValue on Success
* dix: enterleave.c: fix implicit fallthrough warnings
* dix: CreateScratchGC: avoid dereference of pointer we just set to NULL
* dix: InitPredictableAccelerationScheme: avoid memory leak on failure
* dix: dixChangeWindowProperty: don't call memcpy if malloc failed
* dix: ProcListProperties: skip unneeded work if numProps is 0
* dix: HashResourceID: use unsigned integers for bit shifting
* dix: GetPairedDevice: check if GetMaster returned NULL
* dix: FindBestPixel: fix implicit fallthrough warning
* CI: clone libdecor from fd.o instead of gnome.org
* CI: update libdecor from 0.1.0 to 0.1.1
* Don't crash if the client argv or argv[0] is NULL.
* Return NULL in *cmdname if the client argv or argv[0] is NULL
* xwayland: connect to the wl display before calling into EGL
* xwayland: Report correct mode size when rootful
* build: Move epoll dependency check
* build: Add epoll to Xwayland for DragonFly and OpenBSD
* build: Fix DRI3 on DragonFly and OpenBSD
* os: Fix NULL pointer dereference
* dix: don't push the XKB state to a non-existing master keyboard
* Xi: when removing a master search for a disabled paired device
==== yast2 ====
Version update (5.0.9 -> 5.0.10)
Subpackages: yast2-logs
- Removed obsolete USERADD_CMD, USERDEL_PRECMD, USERDEL_POSTCMD,
GROUPADD_CMD (bsc#1231006)
- 5.0.10
==== yast2-iscsi-client ====
Version update (5.0.2 -> 5.0.3)
- Fixes for bsc#1228084:
- Inst client: Read sessions just after auto login in order to
enable services at the end of the installation if needed
- Finish client: enable iscsiuio.service instead of the socket
- Use ip for reading the ip address of a given device instead of
the deprecated ifconfig command
- 5.0.3
==== yast2-security ====
Version update (5.0.1 -> 5.0.2)
- Drop obsolete USERADD_CMD, USERDEL_PRECMD, USERDEL_POSTCMD in
/etc/login.defs.d/70-yast.defs (bsc#1231006)
- 5.0.2
==== yast2-users ====
Version update (5.0.2 -> 5.0.3)
- Removed obsolete USERADD_CMD, USERDEL_PRECMD, USERDEL_POSTCMD,
GROUPADD_CMD (bsc#1231006)
- 5.0.3