Packages changed: 389-ds (3.1.1~git0.aef1668 -> 3.1.1~git13.a9c7ff9) erofs-utils libavif (1.0.4 -> 1.1.1) libfido2 (1.14.0 -> 1.15.0) libpcap (1.10.4 -> 1.10.5) live555 (2024.06.26 -> 2024.08.01) nbdkit (1.40.1 -> 1.40.2) openSUSE-release (20240903 -> 20240904) raspberrypi-firmware (2024.03.27 -> 2024.08.30) raspberrypi-firmware-config (2024.03.27 -> 2024.08.30) zlib-ng-compat (2.1.6 -> 2.2.1) === Details === ==== 389-ds ==== Version update (3.1.1~git0.aef1668 -> 3.1.1~git13.a9c7ff9) Subpackages: lib389 libsvrcore0 - bsc#1229948 - CVE-2024-43806 - rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion - Update to version 3.1.1~git13.a9c7ff9: * Issue 2472 - Add a CI test (#6314) * Issue 6276 - Schema lib389 object is not keeping custom schema data upon editing (#6279) * Issue 3555 - UI - Fix audit issue with npm - micromatch (#6310) * Issue 5843 - Fix size formatting in dscreate output and enhance tests (#6309) * Issue 6301 - Fix long delay when setting replication agreement with dsconf (#6303) * Issue 6280 - Changelog trims updates from a given RID even if a consumer has not received any of them (#6281) * Issue 6296 - basic_test.py::test_conn_limits fails in main branch (#6300) * Issue 6295 - test_password_modify_non_utf8 should set default password storage scheme * Issue 6294 - Nightly copr builds are failing * Issue 6288 - dsidm crash with account policy when alt-state-attr is disabled (#6292) * Issue 2324 - Add a CI test (#6289) * Issue 6284 - BUG - freelist ordering causes high wtime (#6285) * Issue 6282 - BUG - out of tree build fails (#6283) ==== erofs-utils ==== - Enable zstd [boo#1229961] ==== libavif ==== Version update (1.0.4 -> 1.1.1) - update to 1.1.1: * In avif.h, change "AVIF_API AVIF_NODISCARD" back to "AVIF_NODISCARD AVIF_API" to fix clang-cl and MSVC compilation errors in the shared library build on Windows. * Fix -DAVIF_GTEST=SYSTEM * Fix infe_type and codec_config_type wrongly read as byte- aligned fields in the * experimental feature AVIF_ENABLE_EXPERIMENTAL_METAV1. * When building aom as a local dependency, runtime CPU detection (`CONFIG_RUNTIME_CPU_DETECT`) is now always `ON`; * Fix CMake config shared library leaks * Update gain map metadata to current ISO 21496-1 draft. * cmake: Only search for ASM_NASM language on x86_64 platforms. * Fix "No known features for CXX compiler" CMake error. * Fix aom link flags so that transitive library link flags are included when aom is a static library * Fix out-of-order 'dimg' grid associations * Report files with an item used in multiple 'dimg' boxes with * AVIF_RESULT_NOT_IMPLEMENTED instead of AVIF_RESULT_INVALID_IMAGE_GRID. * Add experimental API for reading and writing gain maps in AVIF files. * If enabled at compile time, add `gainMap` field to `avifImage`, * add `qualityGainMap` field to `avifEncoder`, add `gainMapPresent`, `enableDecodingGainMap`, `enableParsingGainMapMetadata` and `ignoreColorAndAlpha` to `avifDecoder`. * Utility functions for working with gain maps are also added. * Gain maps allow readers that support them to display HDR images that look good on both HDR and SDR displays. * Add experimental support for converting jpeg files with gain maps to AVIF files with gain maps. Requires libxml2, and the AVIF_ENABLE_EXPERIMENTAL_GAIN_MAP compilation flag. * Add a --qgain-map flag to control the gain map quality in avifenc. * Add the headerFormat member of new type avifHeaderFormat to avifEncoder. * Add experimental API for reading and writing "mif3"-branded AVIF files behind the compilation flag AVIF_ENABLE_EXPERIMENTAL_METAV1. * Implement avifImageScale() fallback when libyuv is not available. * Partial import of libyuv to third_party/libyuv (new LICENSE). * Add avifenc flag suffixes ":update" and ":u". Quality- relative, tiling-relative and codec-specific flags can now be positional, relative to input files. * Add experimental support for layered AVIF encoding in avifenc. * Use the --layered flag to enable layered AVIF encoding. * Layered AVIF has multiple layers, which works like frame of animated AVIF, and layers can be rendered in progressive manner on supported viewers * Only aom supports layered AVIF encoding at the time of writing. * Add --scaling-mode flag to set scaling mode of each layer. * This part of AV1 encoder is not as thoroughly tested, so there are higher possibility encoder may crash when given certain configuration or input. * Add imageSequenceTrackPresent flag to the avifDecoder struct. * avifImageScale() function was made part of the public ABI. * Add avif_cxx.h as a C++ header with basic functionality. * Add enum aliases AVIF_COLOR_PRIMARIES_SRGB, AVIF_COLOR_PRIMARIES_BT2100, * AVIF_COLOR_PRIMARIES_DCI_P3, AVIF_TRANSFER_CHARACTERISTICS_PQ. * Add avifResult enum entry AVIF_RESULT_INTERNAL_ERROR. * Require libyuv by default (but it can still be disabled with * -DAVIF_LIBYUV=OFF). * Add avifdec --icc flag to override the output color profile. * Add experimental API for reading and writing 16-bit AVIF files behind the * compilation flag AVIF_ENABLE_EXPERIMENTAL_SAMPLE_TRANSFORM. * Add AVIF_CHROMA_SAMPLE_POSITION_RESERVED to avifChromaSamplePosition enum. ==== libfido2 ==== Version update (1.14.0 -> 1.15.0) Subpackages: libfido2-1 libfido2-udev - update to 1.15.0: * bio, credman: improved CTAP 2.1 support. * hid_osx: fix issue where fido_hid_read() may block unnecessarily; gh#757. * fido2-token -I: print maxcredbloblen. * hid_linux: improved support for uhid devices. * New API calls: - fido_cred_set_attobj; - fido_cred_x5c_list_count; - fido_cred_x5c_list_len; - fido_cred_x5c_list_ptr. ==== libpcap ==== Version update (1.10.4 -> 1.10.5) - Update to 1.10.5: * Security fixes: - [bsc#1230020, CVE-2023-7256] double free via addrinfo in sock_initaddress() - [bsc#1230034, CVE-2024-8006] null pointer derefence in pcap_findalldevs_ex() * Thread safety: Make some static variables thread-local * Packet filtering: - Return an error from pcap_compile() if the scanner fails to initialize. - Optimizer fix from Archit Shah to recompute dominators after moving code; (although the resulting filter isn't empty). - Optimizer fix from Archit Shah to mark value as unknown when store of that value is deleted. * Linux: - Don't use DLT_LINUX_SLL2 for anything other than the "any" device. - Avoid 32-bit unsigned integer overflow in USB captures. - Fix a file descriptor leak. - Fix DLT_CAN_SOCKETCAN handling of CAN FD. - Add CAN XL support to DLT_CAN_SOCKETCAN. - Clean up the code that sets the "real" ("original") length for isochronous USB transfers. - Avoid unnecessary blocking on recvmsg() in the Bluetooth monitor and Bluetoth modules. * Haiku: - Report non-existent devices correctly. - Fix handling of packet statistics. - Fix packet timestamping. - Fix packet filtering with low snaplen. - Improve connection status reporting. - Add support for promiscuous mode. - Detect DLTs and loopback capture support at run time. - Report IEEE 802.11 as PCAP_IF_WIRELESS. * BSD, macOS, AIX, Solaris 11, Linux: - Add a new error PCAP_ERROR_CAPTURE_NOTSUP, for use if a capture mechanism is not present, in the hopes that, for example, attempts to capture on Windows Services for Linux 1, in which the NT kernel attempts to simulate Linux system calls but does not support packet sockets, can get an error that better indicates the underlying problem. * AirPcap: Format an error message if we run out of memory. * nflog: Make sure we don't overflow when rounding up the TLV length. * rpcap: - Handle routines removed in at least some OpenSSL libraries. - CVE-2023-7256: Clean up sock_initaddress() and its callers to avoid double frees in some cases. - Don't define SOCKET ourselves; instead, define PCAP_SOCKET as int on UN*Xes and as SOCKET on Windows. - CVE-2024-8006: Fix pcap_findalldevs_ex() not to crash if passed a file:// URL with a path to a directory that cannot be opened. * Savefiles: - Handle DLT_/LINKTYPE_ mapping better, to handle some OpenBSD-specific link types better. - Treat if_tsoffset as signed in pcapng files, as the spec says. - Don't try to fix the "real" length for isochronous USB transfers if the number of USB descriptors is too large. - Reject pcap files where one of the reserved fields in the "link-layer type plus other stuff" is non-zero. * Rebase libpcap-1.0.0-s390.patch ==== live555 ==== Version update (2024.06.26 -> 2024.08.01) Subpackages: libBasicUsageEnvironment2 libUsageEnvironment3 libgroupsock30 libliveMedia112 - update to 2024-08-01: * Updated "ServerMediaSession::generateSDPDescription()" to treat "time_t" as (long long). ==== nbdkit ==== Version update (1.40.1 -> 1.40.2) Subpackages: nbdkit-basic-filters nbdkit-basic-plugins nbdkit-curl-plugin nbdkit-nbd-plugin nbdkit-python-plugin nbdkit-server nbdkit-ssh-plugin - Update to version 1.40.2: * Version 1.40.2. * tests/dummy-vddk.c: Stop the background thread in dummy _Exit function * vddk: Check create-size is aligned to VIXDISKLIB_SECTOR_SIZE * vddk: Detect possible VDDK crash and warn * docs: Refresh nbdkit-service(1) page - Enable bzip2 filter ==== openSUSE-release ==== Version update (20240903 -> 20240904) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== raspberrypi-firmware ==== Version update (2024.03.27 -> 2024.08.30) - Update to bf12222 (2024-08-30): * firmware: arm_dt: Delay power property handling * firmware: AI Camera Support * firmware: video_encode: Add colourspace support See: #1885 * firmware: arm_loader: SET_POWER_STATE should only consider bit 0 See: #1905 * firmware: filesystem: Prevent any sdcard modifications See: #1893 * firmware: filesystem: Accept 0xf (W95 Ext) as an extended partition type * firmware: arm_dt: Support HAT EEPROM dtparams * firmware: arm_display: Add support for changing the pixel order via the mailbox See: #1320 * firmware: di_fast: Avoid green line at bottom of image See: https://forum.libreelec.tv/thread/28367-green-pulsing-line-rpi4 * firmware: arm_dt: On 2711, force otg_mode=1 if xhci is enabled See: raspberrypi/linux#6062 * firmware: arm_dt: Improve power HAT+ support * firmware: arm_loader: Add user otp read and write functions See: raspberrypi/linux#6014 * firmware: dtoverlay: Use %u when converting u32s to strings See: raspberrypi/linux#6039 * firmware: video_decode: CONFIGCHANGED not wanted with lack of aspect ratio in new frame See: https://forum.libreelec.tv/thread/28391-cvideoplayeraudio-process-stream-stalled/?postID=190597#post190597 ==== raspberrypi-firmware-config ==== Version update (2024.03.27 -> 2024.08.30) - Update to bf12222 (2024-08-30): * firmware: arm_dt: Delay power property handling * firmware: AI Camera Support * firmware: video_encode: Add colourspace support See: #1885 * firmware: arm_loader: SET_POWER_STATE should only consider bit 0 See: #1905 * firmware: filesystem: Prevent any sdcard modifications See: #1893 * firmware: filesystem: Accept 0xf (W95 Ext) as an extended partition type * firmware: arm_dt: Support HAT EEPROM dtparams * firmware: arm_display: Add support for changing the pixel order via the mailbox See: #1320 * firmware: di_fast: Avoid green line at bottom of image See: https://forum.libreelec.tv/thread/28367-green-pulsing-line-rpi4 * firmware: arm_dt: On 2711, force otg_mode=1 if xhci is enabled See: raspberrypi/linux#6062 * firmware: arm_dt: Improve power HAT+ support * firmware: arm_loader: Add user otp read and write functions See: raspberrypi/linux#6014 * firmware: dtoverlay: Use %u when converting u32s to strings See: raspberrypi/linux#6039 * firmware: video_decode: CONFIGCHANGED not wanted with lack of aspect ratio in new frame See: https://forum.libreelec.tv/thread/28391-cvideoplayeraudio-process-stream-stalled/?postID=190597#post190597 ==== zlib-ng-compat ==== Version update (2.1.6 -> 2.2.1) - Update to 2.2.1: * Changelog at https://github.com/zlib-ng/zlib-ng/releases/tag/2.2.1