Packages changed: MozillaFirefox SDL2 (2.30.6 -> 2.30.7) aaa_base (84.87+git20240821.fbabe1d -> 84.87+git20240906.742565b) expat (2.6.2 -> 2.6.3) gnome-autoar (0.4.4 -> 0.4.5) gnutls (3.8.6 -> 3.8.7) graphviz inxi (3.3.35 -> 3.3.36) iputils (20240117 -> 20240905) kernel-firmware (20240826 -> 20240903) kernel-source (6.10.7 -> 6.10.8) kwalletmanager libXi (1.8.1 -> 1.8.2) libjxl libjxl-gtk libqt5-qtbase (5.15.14+kde143 -> 5.15.15+kde127) libqt5-qtdeclarative (5.15.14+kde28 -> 5.15.15+kde25) libqt5-qtgraphicaleffects (5.15.14+kde0 -> 5.15.15+kde0) libqt5-qtlocation (5.15.14+kde7 -> 5.15.15+kde7) libqt5-qtquickcontrols (5.15.14+kde0 -> 5.15.15+kde0) libqt5-qtquickcontrols2 (5.15.14+kde5 -> 5.15.15+kde5) libqt5-qtspeech (5.15.14+kde1 -> 5.15.15+kde1) libqt5-qtsvg (5.15.14+kde5 -> 5.15.15+kde5) libqt5-qttranslations (5.15.14+kde0 -> 5.15.15+kde0) libqt5-qtwayland (5.15.14+kde57 -> 5.15.15+kde59) libqt5-qtwebchannel (5.15.14+kde3 -> 5.15.15+kde3) libqt5-qtwebengine libqt5-qtx11extras (5.15.14+kde0 -> 5.15.15+kde0) libqt5-qtxmlpatterns (5.15.14+kde0 -> 5.15.15+kde0) libvirt (10.6.0 -> 10.7.0) libwebp (1.3.2 -> 1.4.0) libzypp (17.35.9 -> 17.35.10) llvm18 mariadb (11.4.2 -> 11.5.2) mozilla-nss (3.102.1 -> 3.103) openSUSE-release (20240904 -> 20240908) openssl-3 osinfo-db pam-config (2.11+git.20240620 -> 2.11+git.20240906) power-profiles-daemon (0.21 -> 0.22) procps python-libvirt-python (10.6.0 -> 10.7.0) python-looseversion python-olefile (0.46 -> 0.47) python-zope.event rsync ruby3.3 (3.3.4 -> 3.3.5) salt selinux-policy supermin (5.3.4 -> 5.3.5) timezone u-boot-rpiarm64 vim (9.1.0636 -> 9.1.0718) xen xfsprogs (6.9.0 -> 6.10.1) xxhash zxing-cpp (2.1.0 -> 2.2.1) zypper (1.14.76 -> 1.14.77) === Details === ==== MozillaFirefox ==== - _constraints: increase RAM on s390x to fix the build ==== SDL2 ==== Version update (2.30.6 -> 2.30.7) - Update to release 2.30.7 * Added support for the Retro-bit Controller in PS3 mode * Fixed the cursor becoming visible when using relative mode under XWayland * Fixed Direct Rendering Manager initialization failure on some Linux systems * Fixed a crash when the current mouse capture window is destroyed ==== aaa_base ==== Version update (84.87+git20240821.fbabe1d -> 84.87+git20240906.742565b) Subpackages: aaa_base-extras - Update to version 84.87+git20240906.742565b: * yama-enable-ptrace: enforce changed behavior upon installation (bsc#1221763) * Avoid unnecessary /bin/bash dependency * sysctl: Fixup of not setting kernel.pid_max on 32b archs (bsc#1227117) ==== expat ==== Version update (2.6.2 -> 2.6.3) Subpackages: libexpat1 - Update to 2.6.3: * Security fixes: - CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with len < 0 without noticing and then calling XML_GetBuffer will have XML_ParseBuffer fail to recognize the problem and XML_GetBuffer corrupt memory. With the fix, XML_ParseBuffer now complains with error XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse has been doing since Expat 2.2.1, and now documented. Impact is denial of service to potentially artitrary code execution. - CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. - CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. * Other changes: - Autotools: Sync CMake templates with CMake 3.28 - Autotools: Always provide path to find(1) for portability - Autotools: Ensure that the m4 directory always exists. - Autotools: Simplify handling of SIZEOF_VOID_P - Autotools: Support non-GNU sed - Autotools|CMake: Fix main() to main(void) - Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM - Autotools|CMake: Stop requiring dos2unix - CMake: Fix check for symbols size_t and off_t - docs|tests: Convert README to Markdown and update - Windows: Drop support for Visual Studio <=15.0/2017 - Drop needless XML_DTD guards around is_param access - Fix typo in a code comment - Version info bumped from 10:2:9 (libexpat*.so.1.9.2) to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/ for what these numbers do ==== gnome-autoar ==== Version update (0.4.4 -> 0.4.5) Subpackages: libgnome-autoar-0-0 libgnome-autoar-gtk-0-0 - Update to version 0.4.5: + mime-types: Add tar variant of bzip2 + extractor: Fix source string leak ==== gnutls ==== Version update (3.8.6 -> 3.8.7) Subpackages: libgnutls-dane0 libgnutls30 - Update to 3.8.7: * libgnutls: New configure option to compile out DSA support The --disable-dsa configure option has been added to completely disable DSA algorithm support. * libgnutls: Experimental support for X25519Kyber768Draft00 key exchange in TLS. For testing purposes, the hybrid post-quantum key exchange defined in draft-tls-westerbaan-xyber768d00 has been implemented using liboqs. Since the algorithm is still not finalized, the support of this key exchange is disabled by default and can be enabled with the --with-liboqs configure option. * Rebase patches: - gnutls-FIPS-140-3-references.patch - gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch ==== graphviz ==== Subpackages: libcdt5 libcgraph6 libgvc6 libpathplan4 - For bug boo#1225776 add patches * graphviz-2.49.3-boo1225776-gcc14.patch silent warning/error on incompatible pointer type * graphviz-87cc546.patch also fix incompatible pointer type ==== inxi ==== Version update (3.3.35 -> 3.3.36) - Update to version 3.3.36: * Phase 2 of the big CPU upgrade a few years back is now done, I'd left one part inadequate in terms of the data structures, mainly because I did not have data samples to test, but also because no corner cases that required a more robust data structure for die > cluster > core counts showed up during the initial development phase. This led to somewhat predictable issues and bug reports when someone had a CPU that did require that structure to show correct core/die type data. ==== iputils ==== Version update (20240117 -> 20240905) - Update to version 20240905 (mostly ping fixes release) https://github.com/iputils/iputils/releases/tag/20240905 - Fix tarball url ==== kernel-firmware ==== Version update (20240826 -> 20240903) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20240903 (git commit 96af55bd3d0b): * amdgpu: Revert sienna cichlid dmcub firmware update (bsc#1230007) * iwlwifi: add Bz FW for core89-58 release * rtl_nic: add firmware rtl8126a-3 * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) - Update to version 20240830 (git commit d6c600d46981): * amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351 * qcom: vpu: restore compatibility with kernels before 6.6 ==== kernel-source ==== Version update (6.10.7 -> 6.10.8) - Linux 6.10.8 (bsc#1012628). - drm/amdgpu/mes: fix mes ring buffer overflow (bsc#1012628). - erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails (bsc#1012628). - ALSA: seq: Skip event type filtering for UMP events (bsc#1012628). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop 14-ey0xxx (bsc#1012628). - ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED (bsc#1012628). - LoongArch: Remove the unused dma-direct.h (bsc#1012628). - LoongArch: Add ifdefs to fix LSX and LASX related warnings (bsc#1012628). - tpm: ibmvtpm: Call tpm2_sessions_init() to initialize session support (bsc#1012628). - btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() (bsc#1012628). - btrfs: run delayed iputs when flushing delalloc (bsc#1012628). - smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1012628). - pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (bsc#1012628). - pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1012628). - netfs, ceph: Partially revert "netfs: Replace PG_fscache by setting folio->private and marking dirty" (bsc#1012628). - wifi: wfx: repair open network AP mode (bsc#1012628). - wifi: mwifiex: duplicate static structs used in driver instances (bsc#1012628). - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (bsc#1012628). - mptcp: close subflow when receiving TCP+FIN (bsc#1012628). - mptcp: sched: check both backup in retrans (bsc#1012628). - mptcp: pr_debug: add missing \n at the end (bsc#1012628). - mptcp: pm: reuse ID 0 after delete and re-add (bsc#1012628). - mptcp: pm: skip connecting to already established sf (bsc#1012628). - mptcp: pm: reset MPC endp ID when re-added (bsc#1012628). - mptcp: pm: send ACK on an active subflow (bsc#1012628). - mptcp: pm: fix RM_ADDR ID for the initial subflow (bsc#1012628). - mptcp: pm: do not remove already closed subflows (bsc#1012628). - mptcp: pm: fix ID 0 endp usage after multiple re-creations (bsc#1012628). - mptcp: avoid duplicated SUB_CLOSED events (bsc#1012628). - mptcp: pm: ADD_ADDR 0 is not a new address (bsc#1012628). - selftests: mptcp: join: cannot rm sf if closed (bsc#1012628). - selftests: mptcp: join: check removing ID 0 endpoint (bsc#1012628). - selftests: mptcp: join: no extra msg if no counter (bsc#1012628). - selftests: mptcp: join: check re-re-adding ID 0 endp (bsc#1012628). - binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined (bsc#1012628). - drm/v3d: Disable preemption while updating GPU stats (bsc#1012628). - drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict (bsc#1012628). - drm/i915/dp_mst: Fix MST state after a sink reset (bsc#1012628). - drm/amdgpu: align pp_power_profile_mode with kernel docs (bsc#1012628). - drm/amdgpu/swsmu: always force a state reprogram on init (bsc#1012628). - drm/vmwgfx: Prevent unmapping active read buffers (bsc#1012628). - drm/vmwgfx: Fix prime with external buffers (bsc#1012628). - video/aperture: optionally match the device in sysfb_disable() (bsc#1012628). - drm/xe: Prepare display for D3Cold (bsc#1012628). - drm/xe/display: Make display suspend/resume work on discrete (bsc#1012628). - drm/xe/vm: Simplify if condition (bsc#1012628). - drm/xe/exec_queue: Rename xe_exec_queue::compute to xe_exec_queue::lr (bsc#1012628). - drm/xe: prevent UAF around preempt fence (bsc#1012628). - drm/amdgpu: Do not wait for MP0_C2PMSG_33 IFWI init in SRIOV (bsc#1012628). - drm/amdgpu: fix eGPU hotplug regression (bsc#1012628). - pinctrl: qcom: x1e80100: Update PDC hwirq map (bsc#1012628). - ASoC: SOF: amd: move iram-dram fence register programming sequence (bsc#1012628). - ASoC: SOF: amd: Fix for incorrect acp error register offsets (bsc#1012628). - ASoC: amd: acp: fix module autoloading (bsc#1012628). - ASoC: SOF: amd: Fix for acp init sequence (bsc#1012628). - ALSA: hda: cs35l56: Don't use the device index as a calibration index (bsc#1012628). - ASoC: cs-amp-lib-test: Force test calibration blob entries to be valid (bsc#1012628). - ASoC: cs-amp-lib: Ignore empty UEFI calibration entries (bsc#1012628). - backing-file: convert to using fops->splice_write (bsc#1012628). - pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE (bsc#1012628). - pinctrl: qcom: x1e80100: Fix special pin offsets (bsc#1012628). - pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register (bsc#1012628). - nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open (bsc#1012628). - mm: Fix missing folio invalidation calls during truncation ... changelog too long, skipping 178 lines ... - commit 64dc967 ==== kwalletmanager ==== - Add upstream fix (kde#492138): * 0001-Fix-service-file-name.patch ==== libXi ==== Version update (1.8.1 -> 1.8.2) - Update to version 1.8.2 * This release includes fixes for malloc failures and a double alignment issue on some machines. XFreeDeviceInfo can now be called with NULL and XGetFeedbackControl is more robust in the face of a malicious X server sending random data. Plus a typo fix in the man page. ==== libjxl ==== - Update libjxl.spec: Add compiler condition to fix SLE-15-SP7 ppc64le build env. (bsc#1229831) ==== libjxl-gtk ==== Subpackages: gdk-pixbuf-loader-jxl gimp-plugin-jxl - Update libjxl.spec: Add compiler condition to fix SLE-15-SP7 ppc64le build env. (bsc#1229831) ==== libqt5-qtbase ==== Version update (5.15.14+kde143 -> 5.15.15+kde127) Subpackages: libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3 - Update to version 5.15.15+kde127, rebased upstream: * Add LGPL header to qcalendar.cpp * Move some flaky text tests into Lancelot * Update Harfbuzz to 7.2.0 * doc: Make docs for ElideNone a bit more precise * tst_QImageReader: fix missing checks for "newly"-added ImageOptions * tst_QMainWindow: for UB (use of reserved names) * Update bundled libjpeg-turbo to version 3.0.0 * Update to Freetype 2.13.1 * [docs] Link from QtConcurent::run() to QThreadPool::start(Callable&&) * Docs: State that OpenSSL3 is available from 5.15.1 * Simplify (and fix) initialization of a list of time-zones * ODBC/MySQL: fix compilation with MySQL < 5.7.9 * SQLite: Update SQLite to v3.42.0 * tst_QHostInfo: fix mem-leaks in threadSafetyAsynchronousAPI() * tst_QSortFilterProxyModel: fix mem-leaks II: sortStable() * tst_QNetworkDiskCache: fix mem-leak * tst_QAbstractItemModelTester: fix mem-leak * tst_QSortFilterProxyModel: fix mem-leaks * Fix screens not always updating if order changes * Update the list of CLDR-based files * Return TZ time-zone backend's tranCache() as a const reference * tst_QTcpSocket: fix mem-leak * tst_QNetworkCookieJar: fix memleak * tst_QParallelAnimationGroup: fix memleak * tst_QXmlStream::tokenErrorHandling() - register test directory in CMake * Fix transparency in 16 bit and 24 bit ico files * QVariant: always compare floating point with double precision * Doc: Document QMAKE_APPLE_DEVICE_ARCHS * Update bundled libpng to version 1.6.40 * fbconvenience: use smart pointer for QFbCursor * Doc: Clarify that the rich text engine has limited support for HTML tags * autotest: Blacklist tst_QTableView::columnViewportPosition for winrt * autotest: Blacklist QTimeLine::interpolation for winrt * QFuture: mention the work-stealing algorithm in the docs * QtDoc Global: Add macros for Qt Design Studio in qtdoc * Fix specific overflow in qtextlayout * Remove QEglFSCursor's inheritance of QOpenGLFunctions * tst_QPixmapCache: QVERIFY a failed replace() * tst_QPixmapCache: check insert() reports failure * QPixmapCache: add a comment on how failed insert() invalidates cacheKey * tst_QPixmapCache: rewrite QVERIFY(x != 0) to QVERIFY(x) * QVariant: remove outdated docs about reimplementing clear() * Bump version to 5.15.15 * Update The-Qt-Company-Commercial * Fix crash on QLocale::monthName().simplified() * Android: fix QDir::entryInfoList() with content URIs * Android: fix content url handling of filenames with spaces - Commits dropped by the rebase: * tst_QXmlStream: remove unneeded _ba UDLs * Fix specific overflow in qtextlayout (CVE-2023-32763) ==== libqt5-qtdeclarative ==== Version update (5.15.14+kde28 -> 5.15.15+kde25) - Update to version 5.15.15+kde25, rebased upstream: * QV4::ArrayData: Fix offset calculation for sort() * Fix pointer delivery to child items of items with clip:true * doc: Remove Calendar Example link * PointerHandler: cancel all grabs when item changes scene * qintrusivelvist_p.h: Silence nullpointer subtraction warning * Doc: Fix mislabelled diagram for Context2D.arc() * Bump version to 5.15.15 ==== libqt5-qtgraphicaleffects ==== Version update (5.15.14+kde0 -> 5.15.15+kde0) - Update to version 5.15.15+kde0, rebased upstream: * Bump version to 5.15.15 ==== libqt5-qtlocation ==== Version update (5.15.14+kde7 -> 5.15.15+kde7) - Update to version 5.15.15+kde7, rebased upstream: * Bump version to 5.15.15 * CoreLocation plugin: introduce RequestAlwaysPermission parameter ==== libqt5-qtquickcontrols ==== Version update (5.15.14+kde0 -> 5.15.15+kde0) - Update to version 5.15.15+kde0, rebased upstream: * Bump version to 5.15.15 ==== libqt5-qtquickcontrols2 ==== Version update (5.15.14+kde5 -> 5.15.15+kde5) Subpackages: libQt5QuickControls2-5 libQt5QuickTemplates2-5 - Update to version 5.15.15+kde5, rebased upstream: * Bump version to 5.15.15 * RangeSlider: Don't update position only if mouse/touch is grabbed ==== libqt5-qtspeech ==== Version update (5.15.14+kde1 -> 5.15.15+kde1) Subpackages: libQt5TextToSpeech5 libqt5-qtspeech-plugin-speechd - Update to version 5.15.15+kde1, rebased upstream: * Bump version to 5.15.15 ==== libqt5-qtsvg ==== Version update (5.15.14+kde5 -> 5.15.15+kde5) - Update to version 5.15.15+kde5, rebased upstream: * Bump version to 5.15.15 ==== libqt5-qttranslations ==== Version update (5.15.14+kde0 -> 5.15.15+kde0) - Update to version 5.15.15+kde0, rebased upstream: * Bump version to 5.15.15 ==== libqt5-qtwayland ==== Version update (5.15.14+kde57 -> 5.15.15+kde59) Subpackages: libQt5WaylandClient5 libQt5WaylandCompositor5 - Update to version 5.15.15+kde59, rebased upstream: * Revert "Client: Send release button event on pointer leave" * Fix race condition in drag and drop * client: don't cache one type in QWaylandMimeData * DefaultCompositor: use explcit lambda captures * Fix C++20 deprecated capture of *this in [=] * compositor: Unbind display on close in linux-dmabuf and eglstream * Client: Send release button event on pointer leave * Bump version to 5.15.15 ==== libqt5-qtwebchannel ==== Version update (5.15.14+kde3 -> 5.15.15+kde3) Subpackages: libQt5WebChannel5 libQt5WebChannel5-imports - Update to version 5.15.15+kde3, rebased upstream: * Fix overly generic header include guard name * Bump version to 5.15.15 ==== libqt5-qtwebengine ==== - Disable LTO on %{arm} to fix build ==== libqt5-qtx11extras ==== Version update (5.15.14+kde0 -> 5.15.15+kde0) - Update to version 5.15.15+kde0, rebased upstream: * Bump version to 5.15.15 ==== libqt5-qtxmlpatterns ==== Version update (5.15.14+kde0 -> 5.15.15+kde0) Subpackages: libQt5XmlPatterns5 libqt5-qtxmlpatterns-imports - Update to version 5.15.15+kde0, rebased upstream: * Bump version to 5.15.15 ==== libvirt ==== Version update (10.6.0 -> 10.7.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs - Update to libvirt 10.7.0 - CVE-2024-8235, bsc#1230024 - Unconditionally disable building the interface driver - Remove SysV rc* compatibility symlinks - jsc#PED-8909 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v10-7-0-2024-09-02 ==== libwebp ==== Version update (1.3.2 -> 1.4.0) Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3 - Update to 1.4.0 & fix libwebp.changes header from previous commit: * further security related hardening in libwebp & examples * some minor optimizations in the lossless encoder * added WEBP_NODISCARD to report unused result warnings; enable with - DWEBP_ENABLE_NODISCARD=1 * improvements and corrections in webp-container-spec.txt and webp-lossless-bitstream-spec.txt (#611) * miscellaneous warning, bug & build fixes - Remove 0001-Fix-invalid-incremental-decoding-check.patch ==== libzypp ==== Version update (17.35.9 -> 17.35.10) - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - Conflicts: zypper <= 1.14.76 - version 17.35.10 (35) ==== llvm18 ==== Subpackages: clang-tools clang18 libLLVM18 libclang-cpp18 libclang13 libclang_rt18 llvm18-gold - Enable zstd compression support again. ==== mariadb ==== Version update (11.4.2 -> 11.5.2) Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - Update to 11.5.2: https://mariadb.com/kb/en/mariadb-11-5-2-release-notes/ https://mariadb.com/kb/en/mariadb-11-5-2-changelog/ - Update list of skipped tests ==== mozilla-nss ==== Version update (3.102.1 -> 3.103) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools - update to NSS 3.103 * bmo#1908623 - move list size check after lock acquisition in sftk_PutObjectToList. * bmo#1899542: Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH, * bmo#1909638 - Follow-up to fix test for presence of file nspr.patch. * bmo#1903783: Adjust libFuzzer size limits * bmo#1899542: Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk * bmo#1899542: Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION - Add nss-reproducible-builds.patch to make the rpms reproducible, by using a hardcoded, static key to generate the checksums (*.chk-files) - Updated nss-fips-approved-crypto-non-ec.patch to enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). ==== openSUSE-release ==== Version update (20240904 -> 20240908) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openssl-3 ==== Subpackages: libopenssl3 - Security fix: [bsc#1229465, CVE-2024-6119] * possible denial of service in X.509 name checks * openssl-CVE-2024-6119.patch ==== osinfo-db ==== - Add support for openSUSE Leap 15.7 (jsc#PED-8910) add-opensuse-leap-15.7-support.patch - Add support for SLE-15-SP7 (jsc#PED-8910) (bsc#1230160) add-sle15sp7-support.patch ==== pam-config ==== Version update (2.11+git.20240620 -> 2.11+git.20240906) - Update to version 2.11+git.20240906: * Move pam_limits before pam_systemd ==== power-profiles-daemon ==== Version update (0.21 -> 0.22) Subpackages: powerprofilesctl-bash-completion powerprofilesctl-zsh-completion - Update to version 0.22: * power-profiles-daemon is now battery-level aware: some drivers use this value for better optimizations * AMD p-state improvements: + supports core performance boost when not in power-saver mode + uses minimum frequency to lowest non-linear frequency + more impervious to faulty firmware and kernel bugs * support for changing DPM clocks on amdgpu: explicitly set the DPM clocks down to "low" when in power-saver mode * powerprofilesctl can disable logind and upower integration * fix handling of turbo_pct, now assumed as not present by default * power-profiles-daemon.service further lockdown restrictions * start power-profiles-daemon.service after multi-user.target AND display-manager.target to avoid conflicts with module loading ==== procps ==== Subpackages: libproc2-0 - procps-ng-4.0.4-idletime-no-tty.patch: don't print idle time without tty - procps-ng-4.0.4-w-array-bounds.patch: fix array bounds violation ==== python-libvirt-python ==== Version update (10.6.0 -> 10.7.0) - Update to 10.7.0 - Add all new APIs and constants in libvirt 10.7.0 - jsc#PED-8909 ==== python-looseversion ==== - Add %{?sle15_python_module_pythons} ==== python-olefile ==== Version update (0.46 -> 0.47) - Update to 0.47 * Now distributed as wheel package * Added VT_VECTOR support for properties * Added get_userdefined_properties * Fixed bugs in isOleFile and write_sect * Improved file closure - Drop README.html from %doc section - Drop README.rst from %doc section - Drop support for older Python versions - Limit Python files matched in %files section - Remove obsolete sed invocation to fix line endings - Switch build system from setuptools to pyproject.toml * Add python-pip and python-wheel to BuildRequires * Replace %python_build with %pyproject_wheel * Replace %python_install with %pyproject_install ==== python-zope.event ==== - Add patch intersphinx.patch for compatibility with recent version of Sphinx ==== rsync ==== - rsync-gcc14.patch: fixed the ipv6 configure check (bsc#1230156) ==== ruby3.3 ==== Version update (3.3.4 -> 3.3.5) Subpackages: libruby3_3-3_3 - Added 7939.diff Cleanup binstub lock files https://github.com/rubygems/rubygems/issues/7997 https://github.com/rubygems/rubygems/pull/7939 - Update to 3.3.5 This is a routine update that includes minor bug fixes. We recommend upgrading your Ruby version at your earliest convenience. https://github.com/ruby/ruby/releases/tag/v3_3_5 ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-transactional-update - Set contextvars as a build requirement for package - Increase warn_until_date date for code we still support - The test_debian test now uses port 80 for ubuntu keyserver - Fix too frequent systemd service restart in test_system test - Added: * fix-test_debian-to-work-in-our-infrastructure-676.patch * fix-test_system-flaky-setup_teardown-fn.patch * fix-deprecated-code-677.patch ==== selinux-policy ==== Subpackages: selinux-policy-targeted - Fix macros.selinux-policy (bsc#1229132) - %selinux_modules_install and %selinux_modules_uninstall will now only execute load_policy if $TRANSACTIONAL_UPDATE is not set (aka only if they are not in a transactional system) - $TRANSACTIONAL_UPDATE is set here: https://github.com/openSUSE/transactional-update/blob/bd524d3ddfcd9aeebb7b90d3e0e8eed09b796a86/lib/Transaction.cpp#L428 ==== supermin ==== Version update (5.3.4 -> 5.3.5) - Update to version 5.3.5 (jsc#PED-8910) * Fix qemu-kvm example command ==== timezone ==== - Split tzselect script into a subpackage to prevent awk getting into minimal containers and recommend tzselect by the main package Fixes bsc#1230054 ==== u-boot-rpiarm64 ==== Subpackages: u-boot-rpiarm64-doc - Install u-boot-dtb.bin for milkvduo flavor ==== vim ==== Version update (9.1.0636 -> 9.1.0718) Subpackages: vim-data vim-data-common xxd - Update to 9.1.0718: * v9.1.0718: hard to know the users personal Vim Runtime Directory * v9.1.0717: Unnecessary nextcmd NULL checks in parse_command_modifiers() Maintainers: fix typo in author name * v9.1.0716: resetting setcellwidth( doesn't update the screen runtime(hcl,terraform): Add runtime files for HCL and Terraform runtime(tmux): Update syntax script * v9.1.0715: Not correctly parsing color names (after v9.1.0709) * v9.1.0714: GuiEnter_Turkish test may fail * v9.1.0713: Newline causes E749 in Ex mode * v9.1.0712: missing dependency of Test_gettext_makefile * v9.1.0711: test_xxd may file when using different xxd * v9.1.0710: popup window may hide part of Command line runtime(vim): Update syntax, improve user-command matching * v9.1.0709: GUIEnter event not found in Turkish locale runtime(sudoers): improve recognized Runas_Spec and Tag_Spec items * v9.1.0708: Recursive window update does not account for reset skipcol runtime(nu): include filetype plugin * v9.1.0707: invalid cursor position may cause a crash * v9.1.0706: test_gettext fails when using shadow dir CI: Install locales-all package * v9.1.0705: Sorting of fuzzy filename completion is not stable translation(pt): update Portuguese/Brazilian menu translation runtime(vim): Update base-syntax, match bracket mark ranges runtime(doc): Update :help :command-complete list * v9.1.0704: inserting with a count is inefficient runtime(doc): use mkdir -p to save a command * v9.1.0703: crash with 2byte encoding and glob2regpat() runtime(hollywood): update syn highlight for If-Then statements and For-In-Loops * v9.1.0702: Patch 9.1.0700 broke CI * v9.1.0701: crash with NFA regex engine when searching for composing chars * v9.1.0700: crash with 2byte encoding and glob2regpat() * v9.1.0699: "dvgo" is not always an inclusive motion runtime(java): Provide support for syntax preview features * v9.1.0698: "Untitled" file not removed when running Test_crash1_3 alone * v9.1.0697: heap-buffer-overflow in ins_typebuf * v9.1.0696: installing runtime files fails when using SHADOWDIR runtime(doc): fix typo * v9.1.0695: test_crash leaves Untitled file around translation(br): Update Brazilian translation translation(pt): Update menu_pt_br * v9.1.0694: matchparen is slow on a long line * v9.1.0693: Configure doesn't show result when not using python3 stable abi * v9.1.0692: Wrong patlen value in ex_substitute() * v9.1.0691: stable-abi may cause segfault on Python 3.11 runtime(vim): Update base-syntax, match :loadkeymap after colon and bar runtime(mane): Improve ManBS mapping * v9.1.0690: cannot set special highlight kind in popupmenu translation(pt): Revert and fix wrong Portuguese menu translation files translation(pt): revert Portuguese menu translation translation(br): Update Brazilian translations runtime(vim): Update base-syntax, improve :let-heredoc highlighting * v9.1.0689: buffer-overflow in do_search( with 'rightleft' runtime(vim): Improve heredoc handling for all embedded scripts * v9.1.0688: dereferences NULL pointer in check_type_is_value() * v9.1.0687: Makefile may not install desktop files runtime(man): Fix ManBS runtime(java): Make the bundled &foldtext function optional runtime(netrw): Change line on `mx` if command output exists runtime(netrw): Fix `mf`-selected entry highlighting runtime(htmlangular): add html syntax highlighting translation(it): Fix filemode of Italian manpages runtime(doc): Update outdated man.vim plugin information runtime(zip): simplify condition to detect MS-Windows * v9.1.0686: zip-plugin has problems with special characters runtime(pandoc): escape quotes in &errorformat for pandoc translation(it): updated Italian manpage * v9.1.0685: too many strlen( calls in usercmd.c runtime(doc): fix grammar in :h :keeppatterns runtime(pandoc): refine pandoc compiler settings * v9.1.0684: completion is inserted on Enter with "noselect" translation(ru): update man pages * v9.1.0683: mode( returns wrong value with mapping runtime(doc): remove trailing whitespace in cmdline.txt * v9.1.0682: Segfault with uninitialized funcref * v9.1.0681: Analyzing failed screendumps is hard runtime(doc): more clarification for the :keeppatterns needed * v9.1.0680: VMS does not have defined uintptr_t runtime(doc): improve typedchar documentation for KeyInputPre autocmd runtime(dist): verify that executable is in $PATH translation(it): update Italian manpages runtime(doc): clarify the effect of :keeppatterns after * v9.1.0677 runtime(doc): update Makefile and make it portable between GNU and BSD * v9.1.0679: Rename from w_closing to w_locked is incomplete runtime(colors): update colorschemes runtime(vim): Update base-syntax, improve :let-heredoc highlighting runtime(doc): Updating the examples in the xxd manpage translation(ru): Updated uganda.rux runtime(yaml): do not re-indent when commenting out lines * v9.1.0678: use-after-free in alist_add() * v9.1.0677 :keepp does not retain the substitute pattern translation(ja): Update Japanese translations to latest release runtime(netrw): Drop committed trace lines runtime(netrw): Error popup not always used ... changelog too long, skipping 97 lines ... - add support for "all" and "userns" rules, and new profile flags ==== xen ==== Subpackages: xen-libs xen-tools-domU - Fix build on aarch64 with gcc14 (bsc#1225953) 66d02b69-Arm64-adjust-irq_to_desc-to-fix-build-with-gcc14.patch ==== xfsprogs ==== Version update (6.9.0 -> 6.10.1) Subpackages: libhandle1 - update to 6.10.1 - fix C++ compilation errors in xfs_fs.h - ------------------------------------------------------------------ - update to 6.10.0 - debian: enable xfs_scrub_all systemd timer services by default - mkfs: set autofsck filesystem property - xfs_scrub: use the autofsck fsproperty to select mode - xfs_scrub: allow sysadmin to control background scrubs - xfs_property: add a new tool to administer fs properties - xfs_db: add a command to list xattrs - xfs_db: improve getting and setting extended attributes - xfs_io: edit filesystem properties - xfs_scrub: defer phase5 file scans if dirloop fails - xfs_repair: wipe ondisk parent pointers when there are none - xfs_scrub: detect and repair directory tree corruptions - xfs_repair: update ondisk parent pointer records - xfs_spaceman: report directory tree corruption in the health information - xfsprogs: support vectored scrub - man: document vectored scrub mode - man2: update ioctl_xfs_scrub_metadata.2 for parent pointers - mkfs: enable formatting with parent pointers - mkfs: Add parent pointers during protofile creation - xfs_repair: check parent pointers - xfs_db: compute hashes of parent pointers - xfs_db: add link and unlink expert commands - xfs_repair: build a parent pointer index - xfs_db: add a parents command to list the parents of a file - xfs_db: obfuscate dirent and parent pointer names consistently - xfs_db: report parent pointers embedded in xattrs - xfs_db: report parent bit on xattrs - xfs_db: report parent pointers in version command - xfs_scrub: use parent pointers to report lost file data - xfs_scrub: use parent pointers when possible to report file operations - xfs_logprint: decode parent pointers in ATTRI items fully - xfs_io: Add i, n and f flags to parent command - xfs_io: adapt parent command to new parent pointer ioctls - libfrog: report parent pointers to userspace - libfrog: add parent pointer support code - man: document the XFS_IOC_GETPARENTS ioctl - xfs_logprint: dump new attr log item fields - xfs_scrub_all: failure reporting for the xfs_scrub_all job - xfs_repair: check free space requirements before allowing upgrades - xfs_scrub_all: convert systemctl calls to dbus - xfs_scrub_all: trigger automatic media scans once per month - xfs_scrub: add an optimization-only mode - xfs_scrub_all: add CLI option for easier debugging - xfs_scrub_all: enable periodic file data scrubs automatically - xfs_scrub: automatic downgrades to dry-run mode in service mode - xfs_scrub_all: support metadata+media scans of all filesystems - xfs_scrub_all: fail fast on masked units - xfs_scrub_all: remove journalctl background process - xfs_scrub_all: only use the xfs_scrub@ systemd services in service mode - xfs_scrub: tune fstrim minlen parameter based on free space histograms - xfs_scrub: improve responsiveness while trimming the filesystem - xfs_scrub: tighten up the security on the background systemd service - xfs_scrub: don't call FITRIM after runtime errors - xfs_scrub: use dynamic users when running as a systemd service - xfs_scrub: report FITRIM errors properly - xfs_scrub.service: reduce background CPU usage to less than one core if possible - xfs_scrub: don't close stdout when closing the progress bar - xfs_scrub: fix the work estimation for phase 8 - libfrog: print cdf of free space buckets - libfrog: print wider columns for free space histogram - xfs_scrub: ignore phase 8 if the user disabled fstrim - xfs_scrub: move FITRIM to phase 8 - xfs_scrub: improve thread scheduling repair items during phase 4 - xfs_scrub: avoid potential UAF after freeing a duplicate name entry - xfs_scrub: enable users to bump information messages to warnings - xfs_scrub: retry incomplete repairs - xfs_scrub: warn about difficult repairs to rt and quota metadata - xfs_scrub: any inconsistency in metadata should trigger difficulty warnings - mkfs: add a formatting option for exchange-range - xfs_repair: add exchange-range to file systems - xfs_scrub: fix missing scrub coverage for broken inodes - xfs_scrub: log when a repair was unnecessary - libfrog: advertise exchange-range support - xfs_io: create exchangerange command to test file range exchange ioctl - xfs_fsr: skip the xattr/forkoff levering with the newer swapext implementations - xfs_fsr: convert to bulkstat v5 ioctls - xfs_logprint: support dumping exchmaps log items - xfs_db: advertise exchange-range in the version command - libfrog: add support for exchange range ioctl family - libhandle: add support for bulkstat v5 - man: document XFS_FSOP_GEOM_FLAGS_EXCHRANGE - man: document the exchange-range ioctl - xfs_repair: don't crash on -vv - xfsprogs: Remove support for split-/usr installs - libxfs: kernel sync - ------------------------------------------------------------------ ==== xxhash ==== - Add inline.patch to resolve FTBFS on gcc-14 + -Og. ==== zxing-cpp ==== Version update (2.1.0 -> 2.2.1) - Update to 2.2.1. Changes: * Fix ABI breakage from 2.2.0. - Changes from 2.2.0: * Rename DecodeHints to ReaderOptions. The old name is still available for backward API compatibility but deprecated. Since the C-API and the Qt wrapper code are not officially part of the library, they changed without backward compatibility. * WASM: bytes in ReadResult. * DataMatrix: use charset for encoding. * QRCode: Support QR Code Model1. * rMQR Code: Support Rectangular Micro QR Code. - Refresh patch: * cmake.patch ==== zypper ==== Version update (1.14.76 -> 1.14.77) Subpackages: zypper-log zypper-needs-restarting - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - BuildRequires: libzypp-devel >= 17.35.10. - Fix wrong numbers used in CommitSummary skipped/failed messages. - version 1.14.77