Packages changed: mariadb meson (1.5.1 -> 1.5.2) ncurses (6.5.20240824 -> 6.5.20240922) openSUSE-release (20240923 -> 20240924) pipewire (1.2.3 -> 1.2.4) python-pip tiff (4.6.0 -> 4.7.0) yast2-storage-ng (5.0.18 -> 5.0.19) === Details === ==== mariadb ==== Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - Read defaults during mysql_upgrade to respect client configuration ==== meson ==== Version update (1.5.1 -> 1.5.2) Subpackages: meson-vim - Update to version 1.5.2: + compilers: do not strip '-isystem' from C build arguments. + Prevent raw exception during project(). + compilers: Pass mode to determine_args, not its string value. + nasm: Use different test sources for x86 and x86_64. - BuildRequire gettext-devel instead of gettext: allow OBS to shortcut through gettext-runtime-mini. ==== ncurses ==== Version update (6.5.20240824 -> 6.5.20240922) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20240922 + add a few null-pointer checks in ncurses + improve test-driver in ncurses/link_test.c + restore background character in manpages as described in X/Open Curses section 3.3.6, and add option "-c" to test programs to illustrate a non-blank character in the window background property. + improve formatting/style of manpages (patches by Branden Robinson). + modify ncurses*-config to add -I option in --cflag where needed for - -disable-overwrite to match ".pc" files. + disallow directories and block/character devices in safe-open. + amend scr_restore() and scr_init() to remove the target window only after validating the source window which will replace the target (report by Zixi Liu). - Add ncurses patch 20240914 + modify _nc_flush() to also flush stderr to help the flash capability to work in bash (patch by Harm te Hennepe, cf: 20201128) + omit -g and -fXXX flags from CFLAGS in misc/ncurses-config.in + improve formatting/style of manpages (patches by Branden Robinson). + improve examples in NCURSES-Programming-HOWTO.html + update comments in terminfo.src -TD - Add ncurses patch 20240831 + build-fix for a case in msys2 where gettimeofday() was available but the fallback was partly configured. > patch by Rafael Kitover: + separate the _NC_WINDOWS platform macro into _NC_WINDOWS_NATIVE, for MinGW and other native Win32 support, and _NC_WINDOWS, to make some Win32 features available under the Cygwin runtime, in this case the term-driver. + make some minor adjustments to allow ./configure --enable-term-driver to also work on Cygwin platforms such as Cygwin and MSYS2. ==== openSUSE-release ==== Version update (20240923 -> 20240924) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== pipewire ==== Version update (1.2.3 -> 1.2.4) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.2.4: + Highlights: - Avoid a crash in cleanup of globals. - Use systemd-logind to scan for new devices in v4l2. - Some more bugfixes and improvements. + PipeWire: - Avoid a crash in cleanup of globals. - Improve RequestProcess dispatch. + Tools: - Improve float parsing. + SPA: - Clear the ringbuffer when stopping in libcamera. - Use systemd-logind to scan for new devices in v4l2. - Queue dropped first buffer in v4l2. - Unlink pcm devices when moving drivers to avoid broken pipe. + JACK: - Emit buffer_size callback in jack_activate() to improve compatibility with GStreamer. ==== python-pip ==== - Adapt disable-ssl-context-in-buildenv.patch to make it compatible with leap ==== tiff ==== Version update (4.6.0 -> 4.7.0) - Update to 4.7.0: * This version restores in the default build the availability of the tools that had been dropped in v4.6.0 See https://libtiff.gitlab.io/libtiff/rfcs/rfc2_restoring_needed_tools.html#rfc2-restoring-needed-tools * Software configuration changes: + autoconf build: configure.ac: avoid -Werror passed to CFLAGS to interfere with feature detection + autoconf build: fix error when running make clean (fixes issue #630) + autoconf build: back off the minimum required automake version to 1.11 + autoconf.ac: fix detection of windows.h for mingw (fixes issue #605) + libtiff-4.pc: Fix Requires.private missing Lerc. It provides a .pc file starting from version 4 (in autoconf builds, we assume that liblerc is at least version 4) + CMake: Fix TIFF_INCLUDE_DIRS + CMake: MinGW compilers don't need a .def file for shared library + CMake: move libdeflate and Lerc to Requires.private + CMake: enable resource compilation on all Windows. * Library changes: + Add TIFFOpenOptionsSetMaxCumulatedMemAlloc(). This function complements TIFFOpenOptionsSetMaxSingleMemAlloc() to define the maximum cumulated memory allocations in byte, for a given TIFF handle, that libtiff internal memory allocation functions are allowed. + TIFFWriteDirectory(): Avoid overwriting following data if an IFD is enlarged. + TIFFXYZToRGB: avoid integer overflow (fixes issue #644) + uv_decode() and uv_encode(): avoid potential out-of-bounds array index (fixes issue #645) + Fix cases where tif_curdir is set incorrectly. Fix cases where the current directory number (tif_curdir) is set inconsistently or incorrectly, depending on the previous history. + TIFFRead[Scanline/EncodedStrip/EncodeTile]: 0-initialize output buffer if setupdecode fails ; most codecs: zero-initialize (not-yet-written parts of) output buffer if failure (fixes issue #375) + OJPEG: reset subsampling_convert_state=0 in OJPEGPreDecode (fixes issue #183) + ThunderRLE: fix failure when decoding last run. Bug seen with GhostPDL + LERC codec: deal with issues with multi-band PlanarConfig=Contig and NaN values + tif_fax3.c: error out after a number of times end-of-file has been reached (fixes issue #583) + LZW: avoid warning about misaligned address with UBSAN (fixes issue #616) + TIFFReadRGBAStrip/TIFFReadRGBATile: add more validation of col/row (fixes issue #622, CVE-2023-52356) + tif_dirread.c: only issue TIFFGetFileSize() for large enough RAM requests + Avoid FPEs (division by zero) in tif_getimage.c. + Avoiding FPE (division by zero) for TIFFhowmany_32() and TIFFhowmany_64() macros by checking for denominator not zero before macros are executed. (fixes issue #628) + Add non-zero check before division in TIFFComputeStrip() + Fix wrong return of TIFFIsBigTIFF() in case byte-swapping is active + Setting the TIFFFieldInfo field set_field_type should consider field_writecount not field_readcount + Avoid memory leaks when using TIFFCreateDirectory() by releasing the allocated memory in the tif-structure. + For non-terminated ASCII arrays, the buffer is first enlarged before a NULL is set at the end to avoid deleting the last character. (fixes issue #579) + Check return value of _TIFFCreateAnonField(). (fixes issue #624, CVE-2024-7006) + Prevent some out-of-memory attacks (https://gitlab.com/libtiff/libtiff/-/issues/614#note_1602683857) + Ensure absolute seeking is forced independent of TIFFReadDirectory success. (fixes issue #618) + tif_dirinfo.c: re-enable TIFFTAG_EP_CFAREPEATPATTERNDIM and TIFFTAG_EP_CFAPATTERN tags (fixes issue #608) + Fix warnings with GCC 14 + tif_dir.c: Log source file, line number, and input tif for directory count error (fixes issue #627) + Last usage of get_field_type of TIFFField structure at TIFFWriteDirectorySec() changed to using set_field_type. + tif_jpeg.c/tif_ojpeg.c: remove likely ifdef tricks related to old compilers or unusual setups + Remove _TIFFUInt64ToFloat() and _TIFFUInt64ToDouble() + Remove support for _MSC_VER < 1500. + Use #ifdef _WIN32 to test for Windows, and tiffio.h: remove definition of __WIN32__ * Documentation: + Amend manpages for changes in current directory index behaviour + Note on using TIFFFlush() before TIFFClose() to check that the data has been successfully written to the file. (fixes issue #506) + Update TIFF documentation about TIFFOpenOptions.rst and TIFFOpenOptionsSetMaxSingleMemAlloc() usage and some other small fixes (relates to CVE-2024-7006) * Re-added tools: + fax2ps + fax2tiff + pal2rgb + ppm2tiff + raw2tiff + rgb2ycbcr (not installed) + thumbnail (not installed) + tiff2bw + tiff2rgba + tiffcmp + tiffcrop + tiffdither + tiffgt + tiffmedian + tiff2ps + tiff2pdf * New/improved functionality: + tiff2rgba: Add background gradient option for alpha compositing + tiffcp: -i flag restored * Bug fixes for tools: + tiffcrop: address Coverity scan issues 1605444, 1605445, and 16054 + tiffcrop: Apply "Fix heap-buffer-overflow in function extractImageSection" + tiffcrop: fix buffer overflows, use after free (fixes issue #542, issue #550, issue #552) + tiff2pdf: address Coverity scan issues + tiff2pdf: fix inconsistent PLANARCONFIG value for the input and output TIFF + tiff2pdf: fix issue with JPEG restart-interval marker when converting from JPEG-compressed files (fixes issue #539) + tiff2pdf: red and blue were being swapped for RGBA decoding (fixes issue #253) + tiff2pdf: fixes issue #596 + thumbnail: address Coverity scan issues + tiffcp: Add check for limitMalloc return to fix Coverity 1603334 + tiffcp: preserve TIFFTAG_REFERENCEBLACKWHITE when doing YCbCr JPEG -> YCbCr JPEG + tiffcp: replace PHOTOMETRIC_YCBCR with PHOTOMETRIC_RGB when outputing to compression != JPEG (refs issue #571) + tiffcp: do not copy tags YCBCRCOEFFICIENTS, YCBCRSUBSAMPLING, YCBCRPOSITIONING, REFERENCEBLACKWHITE. Only set YCBCRSUBSAMPLING when generating YCbCr JPEG + tiffcp: Check also codec of input image, not only from output image (fixes issue #606) + Add some basic sanity checks for tiffcp and tiffcrop RGB->YCbCr JPEG conversions. + fax2ps and fax2tiff: memory leak fixes (fixes issue #476) + tiffmedian: memory leak fixes (fixes issue #599) + fax2tiff: fix EOFB interpretation (fixes issue #191) + fax2tiff: fix issue with unreasonable width input (fixes issue #249) + tiffcp and tiffcrop: fixes issue #228 ... changelog too long, skipping 10 lines ... - Tools are not built for now due to test failure: `FAIL: tiffcp-32bpp-None-jpeg.sh` ==== yast2-storage-ng ==== Version update (5.0.18 -> 5.0.19) - Use the newer exfatprogs instead of exfat-utils (bsc#1187854) - 5.0.19