Packages changed: 7zip (22.01 -> 23.01) Mesa (23.1.2 -> 23.1.3) Mesa-drivers (23.1.2 -> 23.1.3) accountsservice (22.08.8 -> 23.13.9) apparmor (3.1.5 -> 3.1.6) bind (9.18.15 -> 9.18.16) brltty crda (4.14 -> 4.15) cups ding-libs health-checker (1.8 -> 1.9) icu (73.1 -> 73.2) installation-images-MicroOS (17.88 -> 17.89) kernel-firmware (20230531 -> 20230620) kernel-source (6.3.7 -> 6.3.9) libapparmor (3.1.5 -> 3.1.6) libevdev (1.13.0 -> 1.13.1) libpng16 (1.6.39 -> 1.6.40) librsvg libstorage-ng (4.5.120 -> 4.5.121) libwebp netpbm (10.96.4 -> 11.2.0) nghttp2 (1.53.0 -> 1.54.0) open-vm-tools python-gobject rubygem-ruby-dbus (0.23.0.beta1 -> 0.23.0.beta2) selinux-policy (20230425 -> 20230622) systemd systemd-rpm-macros (23 -> 24) tiff (4.5.0 -> 4.5.1) util-linux (2.38.1 -> 2.39) util-linux-systemd (2.38.1 -> 2.39) wtmpdb (0.6.0 -> 0.7.0) zlib-ng-compat (2.0.7 -> 2.1.2) === Details === ==== 7zip ==== Version update (22.01 -> 23.01) - Update to version 23.01: * 7-Zip now can use new ARM64 filter for compression to 7z and xz archives. ARM64 filter can increase compression ratio for data containing executable files compiled for ARM64 (AArch64) architecture. * Default section size for BCJ2 filter was changed from 64 MiB to 240 MiB. It can increase compression ratio for executable files larger than 64 MiB. * UDF: support was improved. * cpio: support for hard links. * Some changes and optimizations in WIM creation code. * When new 7-Zip creates multivolume archive, 7-Zip keeps in open state only volumes that still can be changed. Previous versions kept all volumes in open state until the end of the archive creation. * 7-Zip now can reduce the number of simultaneously open files, when 7-Zip opens, extracts or creates multivolume archive. It allows to avoid the failures for cases with big number of volumes, bacause there is a limitation for number of open files allowed for a single program in Linux. * The bugs were fixed: * ZIP archives: if multithreaded zip compression was performed with more than one file to stdout stream (-so switch), 7-zip didn't write "data descriptor" for some files. * ext4 archives: 7-Zip couldn't correctly extract symbolic link to directory from ext4 archives. * HFS and APFS archives: 7-Zip incorrectly decoded uncompressed blocks (64 KiB) in compressed forks. * Some another bugs were fixed. - Refresh fix-compatib-with-p7zip.patch ==== Mesa ==== Version update (23.1.2 -> 23.1.3) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Update to bugfix release 23.1.3 - supersedes U_glx-Remove-pointless-GLX_INTEL_swap_event-paranoia.patch (boo#1209005) - -Dxmlconfig=enabled now also needs -Dexpat=enabled as dependancy ==== Mesa-drivers ==== Version update (23.1.2 -> 23.1.3) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Update to bugfix release 23.1.3 - supersedes U_glx-Remove-pointless-GLX_INTEL_swap_event-paranoia.patch (boo#1209005) - -Dxmlconfig=enabled now also needs -Dexpat=enabled as dependancy ==== accountsservice ==== Version update (22.08.8 -> 23.13.9) Subpackages: libaccountsservice0 typelib-1_0-AccountsService-1_0 - Add accountsservice-assume-gdm.patch: assume gdm when not being able to detect the used display manager. This is basically the same as was in place before we gained support for multiple DMs (boo#1212675). - Update to version 23.13.9: + daemon: Fix boot delay + user-manager: - Add cancellable to fetch user requests - Track non-existent users - Changes from version 23.11.69: + Add lightdm autologin support + user: - Return an error when setting invalid language - Throw a warning for invalid locales - Support new LocalAccount property in cache file - Replace usermod -p with chpasswd -e + main: - Use new overridable USERDIR - Use new overridable ICONDIR - Use new overridable sysconfdir + daemon: - Add GetUsersLanguages() function - Don't crash if /etc/shadow doesn't exist + Updated translations. - Rebase patches: + accountsservice-sysconfig.patch + accountsservice-filter-suse-accounts.patch ==== apparmor ==== Version update (3.1.5 -> 3.1.6) Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - update to AppArmor 3.1.6 - fix regression in mount rules (boo#1211989) - some additions to the base and authentification abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6 for the full upstream changelog ==== bind ==== Version update (9.18.15 -> 9.18.16) - Update to release 9.18.16 Security Fixes: * The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. (CVE-2023-2828) * A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for named to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) New Features: * The system test suite can now be executed with pytest (along with pytest-xdist for parallel execution). Removed Features: * TKEY mode 2 (Diffie-Hellman Exchanged Keying) is now deprecated, and will be removed in a future release. A warning will be logged when the tkey-dhkey option is used in named.conf. Bug Fixes: * BIND could get stuck on reconfiguration when a listen-on statement for HTTP is removed from the configuration. That has been fixed. * Previously, it was possible for a delegation from cache to be returned to the client after the stale-answer-client-timeout duration. This has been fixed. * BIND could allocate too big buffers when sending data via stream-based DNS transports, leading to increased memory usage. This has been fixed. * When the stale-answer-enable option was enabled and the stale-answer-client-timeout option was enabled and larger than 0, named previously allocated two slots from the clients-per-query limit for each client and failed to gradually auto-tune its value, as configured. This has been fixed. ==== brltty ==== Subpackages: brltty-driver-at-spi2 brltty-driver-brlapi brltty-driver-speech-dispatcher brltty-driver-xwindow libbrlapi0_8 python3-brlapi system-user-brltty xbrlapi - Use conditionals for sysusers_requires to allow quilt setup - Remove workarounds for old TCL - Enable parallel build again - Don't use %tmpfiles_create_package anymore. This macro cannot work on transactional systems. However this macro was supposed to be used only when the tmpfiles stuff was needed in advance, which doesn't seem to be the case for brltty. ==== crda ==== Version update (4.14 -> 4.15) - Update to crda 4.15 - Remove patches now upstream * crda-67f1e6ddbdfade357e234c9d58a30fe0a283fe60.patch * crda-f4ef2531698fb9ba006e8b31a223b3269be8bc7c.patch - Port patch crda-python3.patch ==== cups ==== Subpackages: cups-client cups-config libcups2 libcupsimage2 - cups-2.4.2-CVE-2023-34241.patch fixes CVE-2023-34241 "use-after-free in cupsdAcceptClient()" https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25 bsc#1212230 ==== ding-libs ==== Subpackages: libbasicobjects0 libcollection4 libdhash1 libini_config5 libpath_utils1 libref_array1 - Update to 0.6.2: * Minor maintenance update: INI: Silent ini_argument match failures INI: Fix detection of error message - Remove patches fixed upstream * INI-Fix-detection-of-error-messages.patch * INI-Silence-ini_augment-match-failures.patch * TEST-validators_ut_check-Fix-fail-with-new-glibc.patch * INI-Remove-definiton-of-TRACE_LEVEL.patch - Use github sources ==== health-checker ==== Version update (1.8 -> 1.9) Subpackages: health-checker-plugins-MicroOS - Update to version 1.9 * Fix failing subvolume mount checks with certain characters in mount point [gh#openSUSE/health-checker#14]. ==== icu ==== Version update (73.1 -> 73.2) Subpackages: libicu73 libicu73-ledata - Update to release 73.2 * CLDR extends the support for “short” Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. - Delete icu-UCHAR-uint16t.patch (merged) ==== installation-images-MicroOS ==== Version update (17.88 -> 17.89) - merge gh#openSUSE/installation-images#649 - add shim, mokutil, and grub2-i386-efi to rescue system (bsc#1209985) - add shim and grub2-i386-efi to rescue system (bsc#1209985) - 17.89 ==== kernel-firmware ==== Version update (20230531 -> 20230620) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20230620 (git commit 045b2136a619): * amdgpu: update DMCUB to v0.0.172.0 for various AMDGPU ASICs * fix broken cirrus firmware symlinks * qcom: Update the microcode files for Adreno a630 GPUs. * qcom: sdm845: rename the modem firmware * qcom: sdm845: update remoteproc firmware * rtl_bt: Update RTL8852A BT USB firmware to 0xDAC7_480D * rtl_bt: Update RTL8852C BT USB firmware to 0x040D_7225 * amdgpu: DMCUB updates for various AMDGPU asics * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * i915: Add HuC v8.5.0 for MTL * mediatek: Update mt8195 SCP firmware to support hevc - Drop obsoleted patch for WHENCE: cirrus-WHENCE-link-fixes.patch - Update aliases ==== kernel-source ==== Version update (6.3.7 -> 6.3.9) - Linux 6.3.9 (bsc#1012628). - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (bsc#1012628). - cgroup: bpf: use cgroup_lock()/cgroup_unlock() wrappers (bsc#1012628). - cgroup: always put cset in cgroup_css_set_put_fork (bsc#1012628). - cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1012628). - qcom: llcc/edac: Fix the base address used for accessing LLCC banks (bsc#1012628). - EDAC/qcom: Get rid of hardcoded register offsets (bsc#1012628). - ksmbd: validate smb request protocol id (bsc#1012628). - of: overlay: Fix missing of_node_put() in error case of init_overlay_changeset() (bsc#1012628). - power: supply: ab8500: Fix external_power_changed race (bsc#1012628). - power: supply: sc27xx: Fix external_power_changed race (bsc#1012628). - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (bsc#1012628). - ARM: dts: vexpress: add missing cache properties (bsc#1012628). - arm64: dts: arm: add missing cache properties (bsc#1012628). - tools: gpio: fix debounce_period_us output of lsgpio (bsc#1012628). - selftests: gpio: gpio-sim: Fix BUG: test FAILED due to recent change (bsc#1012628). - power: supply: Ratelimit no data debug output (bsc#1012628). - PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (bsc#1012628). - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (bsc#1012628). - regulator: Fix error checking for debugfs_create_dir (bsc#1012628). - irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/ firmware issues (bsc#1012628). - irqchip/meson-gpio: Mark OF related data as maybe unused (bsc#1012628). - power: supply: Fix logic checking if system is running from battery (bsc#1012628). - drm: panel-orientation-quirks: Change Air's quirk to support Air Plus (bsc#1012628). - btrfs: scrub: try harder to mark RAID56 block groups read-only (bsc#1012628). - btrfs: handle memory allocation failure in btrfs_csum_one_bio (bsc#1012628). - ASoC: soc-pcm: test if a BE can be prepared (bsc#1012628). - sfc: fix devlink info error handling (bsc#1012628). - ASoC: Intel: avs: Account for UID of ACPI device (bsc#1012628). - ASoC: Intel: avs: Fix avs_path_module::instance_id size (bsc#1012628). - ASoC: Intel: avs: Add missing checks on FE startup (bsc#1012628). - parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu() (bsc#1012628). - parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory() (bsc#1012628). - erofs: use HIPRI by default if per-cpu kthreads are enabled (bsc#1012628). - MIPS: unhide PATA_PLATFORM (bsc#1012628). - MIPS: Restore Au1300 support (bsc#1012628). - MIPS: Alchemy: fix dbdma2 (bsc#1012628). - mips: Move initrd_start check after initrd address sanitisation (bsc#1012628). - ASoC: cs35l41: Fix default regmap values for some registers (bsc#1012628). - ASoC: dwc: move DMA init to snd_soc_dai_driver probe() (bsc#1012628). - xen/blkfront: Only check REQ_FUA for writes (bsc#1012628). - drm:amd:amdgpu: Fix missing buffer object unlock in failure path (bsc#1012628). - io_uring: unlock sqd->lock before sq thread release CPU (bsc#1012628). - NVMe: Add MAXIO 1602 to bogus nid list (bsc#1012628). - irqchip/gic: Correctly validate OF quirk descriptors (bsc#1012628). - wifi: cfg80211: fix locking in regulatory disconnect (bsc#1012628). - wifi: cfg80211: fix double lock bug in reg_wdev_chan_valid() (bsc#1012628). - epoll: ep_autoremove_wake_function should use list_del_init_careful (bsc#1012628). - ocfs2: fix use-after-free when unmounting read-only filesystem (bsc#1012628). - ocfs2: check new file size on fallocate call (bsc#1012628). - zswap: do not shrink if cgroup may not zswap (bsc#1012628). - mm/damon/core: fix divide error in damon_nr_accesses_to_accesses_bp() (bsc#1012628). - nios2: dts: Fix tse_mac "max-frame-size" property (bsc#1012628). - mm/uffd: fix vma operation where start addr cuts part of vma (bsc#1012628). - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (bsc#1012628). - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (bsc#1012628). - nilfs2: reject devices with insufficient block count (bsc#1012628). - LoongArch: Fix debugfs_create_dir() error checking (bsc#1012628). ... changelog too long, skipping 511 lines ... - commit c0cd722 ==== libapparmor ==== Version update (3.1.5 -> 3.1.6) - update to AppArmor 3.1.6 - fix regression in mount rules (boo#1211989) - some additions to the base and authentification abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6 for the full upstream changelog ==== libevdev ==== Version update (1.13.0 -> 1.13.1) - update to 1.13.1: * include: sync event codes with kernel 6.2 * CI fixes ==== libpng16 ==== Version update (1.6.39 -> 1.6.40) - Update to version 1.6.40: * Fixed the eXIf chunk multiplicity checks. * Fixed a memory leak in pCAL processing. * Corrected the validity report about tRNS inside png_get_valid(). * Fixed various build issues on *BSD, Mac and Windows. * Updated the configurations and the scripts for continuous integration. * Cleaned up the code, the build scripts, and the documentation. ==== librsvg ==== Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Use %build_rustflags instead of the deprecated %__default_rustflags macro. Requires at least cargo-packaging 1.2.0+3 (boo#1212333). ==== libstorage-ng ==== Version update (4.5.120 -> 4.5.121) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#937 - query version of lsscsi (preparation for using json output) - coding style - extended documentation - 4.5.121 ==== libwebp ==== Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3 - Add libwebp-double-free.patch: Avoid a double free, upstream commit a486d800 (bsc#1210212 CVE-2023-1999). ==== netpbm ==== Version update (10.96.4 -> 11.2.0) Subpackages: libnetpbm11 - version update to 11.2.0 * jpegtopnm: Add -traceexif * pbmtextps: Add -asciihex, -ascii85. * pcdovtoppm: remove dependency on obsolete 'tempfile' program. * jpegtopnm: Many fixes to -dumpexif. Always broken. (-dumpexif was new in Netpbm 9.18 (September 2001)) * pamtopng: fix -chroma option: always rejected. Always broken. (pamtopng was new in Netpbm 10.70 (June 2015)). * pnmtopng: fix -rgb option: always rejected. Always broken (-rgb was new in Netpbm 10.30 (October 2005)). * build: change the way you add the separately distributed 'hpcdtoppm' code to the build. * lot of changes since last version update, see https://sourceforge.net/p/netpbm/code/HEAD/tree/advanced/doc/HISTORY - modified patches % netpbm-gcc-warnings.patch (refreshed) % netpbm-security-code.patch (refreshed) % netpbm-security-scripts.patch (refreshed) - deleted patches - netpbm-tmpfile.patch (upstreamed) - ppmforge-fix-overflow.patch (upstreamed) - signed-char.patch (upstreamed) ==== nghttp2 ==== Version update (1.53.0 -> 1.54.0) - update to 1.54.0: * nghttpx: Consistent error handling and use of high-level API * h2load: Fix http3 upload stall * h2load: Use std::chrono::steady_clock for quic timestamp ==== open-vm-tools ==== Subpackages: libvmtools0 open-vm-tools-desktop - Fix (bsc#1212143) - (CVE-2023-20867) - VUL-0: CVE-2023-20867: open-vm-tools: Authentication Bypass vulnerability in the vgauth module + Add patch: 2023-20867-Remove-some-dead-code.patch ==== python-gobject ==== Subpackages: python311-gobject python311-gobject-Gdk python311-gobject-cairo - Add %{?sle15_python_module_pythons}: build additional python flavors besides the 'default' when building for SLE15. ==== rubygem-ruby-dbus ==== Version update (0.23.0.beta1 -> 0.23.0.beta2) - 0.23.0.beta2 License: * clarified to be LGPL-2.1-or-later API: * DBus::Object#object_server replaces @service (which still works) and the short-lived @connection * ObjectServer#export will raise if the path is already taken by an object * ObjectServer#unexport now also accepts an object path * Connection#object_server can export objects even without requesting any service name (gh#mvidner/ruby-dbus#49, in beta1 already). * Add PeerConnection for connections without a bus, useful for PulseAudio. Fix listening for signals there (gh#mvidner/ruby-dbus##44). * Moved from Connection to BusConnection: #unique_name, #proxy, #service. Call send_hello in BusConnection#initialize already. Bug fixes: * Fixed a refactoring crasher bug in ProxyService#introspect (oops). * Fix crash on #unexport of /child_of_root or even / ==== selinux-policy ==== Version update (20230425 -> 20230622) Subpackages: selinux-policy-targeted - Update to version 20230622: * Allow keyutils_dns_resolver_exec_t be an entrypoint * Allow collectd_t read network state symlinks * Revert "Allow collectd_t read proc_net link files" * Allow nfsd_t to list exports_t dirs * Allow cupsd dbus chat with xdm * Allow haproxy read hardware state information * Label /dev/userfaultfd with userfaultfd_t * Allow blueman send general signals to unprivileged user domains * Allow dkim-milter domain transition to sendmail ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-coredump systemd-doc udev - Make sure to pre-install the groups systemd and udev rely on. This is needed when the tmpfiles are run at package installation time. Theoretically with only "Requires(pre): group()", rpm is allowed to drop the group at the end of the package installations hence let's keep "Requires: group()" dep. Note: this is also needed when (post)file-triggers are enabled due to the current limitation of the default libzypp transaction backend. - file-triggers: fix lua trigger priority for sysusers (bsc#1212376) A single digit in the priority used for sysusers got dropped somehow and upstream commit cd621954ed643c6ee0d869132293e26056a48826 forgot to restore it in the lua implementation. - file-triggers: skip the call to systemd-tmpfiles in chroot too. That way we ensure that packages that really need the tmpfiles in advance use the right API which is %tmpfiles_create_package. - file-triggers: to be consistent with what we already does with tmpfiles, we skip the call to systemd-sysusers and delay system user creations until the next reboot. - Temporarily add 5002-Revert-core-service-when-resetting-PID-also-reset-kn.patch until it's backported to the next stable release See https://github.com/systemd/systemd/pull/28000 ==== systemd-rpm-macros ==== Version update (23 -> 24) - Bump to version 24 - Drop %tmpfiles_create_package It can't work during transactional updates because the paths that systemd-tmpfiles usually operates on (such as /var) can't be changed. It appears that the only user of this macro doesn't really need this macro so let's drop it. - Drop %sysusers_create_inline It's deprecated and the only user of this macro is being converted to %sysusers_create_package. So drop it now before the deprecated macro attracts more users. - Unlike systemd-tmpfiles call in %tmpfiles_create_package(), systemd-sysusers must always be called by %sysusers_create_package() even on transactional systems since it's part of the macro contract. Writing to /etc is not recommended on such systems but it has to work anyways. ==== tiff ==== Version update (4.5.0 -> 4.5.1) - Update to version 4.5.1: * Definition of tags reformatted (clang-format off) for better readability of tag comments in tiff.h and tif_dirinfo.c * Do not install libtiff-4.pc when tiff-install is reset. * Add versioninfo resource files for DLL and tools compiled with Windows MSVC and MINGW. * Disable clang-formatting for tif_config.h.cmake.in and tiffconf.h.cmake.in because sensitive for CMake scripts. * CMake: make WebP component name compatible with upstream ConfigWebP.cmake * CMake: make Findliblzma with upstream CMake config file * CMake: FindDeflate.cmake: fix several errors (issue #526). * CMake: FindLERC.cmake: version string return added. * CMake: export TiffConfig.cmake and TiffConfigVersion.cmake files * CMake: fix export of INTERFACE_INCLUDE_DIRECTORIES * Hardcode HOST_FILLORDER to FILLORDER_LSB2MSB and make 'H' flag of TIFFOpen() to warn and an alias of FILLORDER_MSB2LSB. tif_lerc.c: use WORDS_BIGENDIAN instead of HOST_BIGENDIAN. * Optimize relative seeking within TIFFSetDirectory() by using the learned list of IFD offsets. * Improve internal IFD offset and directory number map handling. * Behavior of TIFFOpen() mode "r+" in the Windows implementation adjusted to that of Linux. * TIFFDirectory td_fieldsset type changed from unsigned long, which can be 32 or 64 bits, to uint32_t (fixes issue #484). * tif_ojpeg.c: checking for division by zero (fixes issue #554). * LZWDecode(): avoid crash when trying to read again from a strip whith a missing end-of-information marker (fixes issue #548). * Fixed runtime error: applying zero offset to null pointer in countInkNamesString(). * Fixing crash in TIFFUnlinkDirectory() when called with directory number zero ("TIFFUnlinkDirectory(0)") as well as fixing incorrect behaviour when unlinking the first directory. * tif_luv: check and correct for NaN data in uv_encode() (issue #530). * TIFFClose() avoid NULL pointer dereferencing (issue #515). * tif_hash_set.c: include tif_hash_set.h after tif_config.h to let a chance for GDAL symbol renaming trick. * Fax3: fix failure to decode some fax3 number_of_images and add test for Fax3 decoding issues (issue #513). * TIFFSetDirectory() and TIFFWriteDirectorySec() avoid harmless unsigned-integer-overflow (due to gdal oss-fuzz #54311 and #54343). * tif_ojpeg.c: fix issue #554 by checking for division by zero in OJPEGWriteHeaderInfo(). * LZWDecode(): avoid crash when trying to read again from a strip whith a missing end-of-information marker (issue #548). - Drop no longer needed patches: * tiff-CVE-2023-0795,CVE-2023-0796,CVE-2023-0797,CVE-2023-0798,CVE-2023-0799.patch * tiff-CVE-2022-48281.patch * tiff-CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804.patch ==== util-linux ==== Version update (2.38.1 -> 2.39) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Add patch to fix regression with mount options handling (gh#util-linux/util-linux#2326): * 0001-libmount-fix-sync-options-between-context-and-fs-str.patch - Set --disable-libmount-mountfd-support, it's very broken and needs both util-linux and kernel fixes (gh#util-linux/util-linux#2287) - UTIL_LINUX_FOUND_SYSTEMD_DEPS: make grep more robust - util-linux-tty-tools: build together with systemd in preparation of util-linux 2.40 together with systemd v254 - Upgrade to version 2.39: * blkpr: New command to run persistent reservations ioctls on a device. * pipesz: New command to set or examine pipe and FIFO buffer sizes. * waitpid: New command to wait for arbitrary processes. * mount, libmount: Supports new file descriptors based mount kernel API. * mount, libmount: New mount options X-mount.idmap=, X-mount.auto-fstypes, X-mount.{owner,group,mode}=, rootcontext=@target. * renice: Supports posix-compliant -n (via POSIXLY_CORRECT) and add a new option --relative. * dmesg: Supports subsecond granularity for --since and --until. * dmesg: Option --level accepts '+' prefix or postfix for a level name to specify all higher or all lower levels. * blkid, libblkid: Supports bcachefs. * fstrim: New option --types to filter out by filesystem types. * lsblk: --nvme and --virtio are new options to filter out devices. * lsblk: Improves detection of hotplug and removable status. * nsenter: New option --env for allowing environment variables inheritance. * namei: New option -Z to report SELinux contexts. * Many other new features and fixes. For complete list see https://kernel.org/pub/linux/utils/util-linux/v2.39/v2.39-ReleaseNotes - Dropped upstreamed patches: * fix-lib-internal-cache-size.patch * util-linux-fix-tests-when-at-symbol-in-path.patch * util-linux-honor-noclear-when-reprint-issue.patch - Add upstream patch util-linux-fix-tests-with-64k-pagesize.patch * Fixes fadvise tests for ppc64 ==== util-linux-systemd ==== Version update (2.38.1 -> 2.39) - Add patch to fix regression with mount options handling (gh#util-linux/util-linux#2326): * 0001-libmount-fix-sync-options-between-context-and-fs-str.patch - Set --disable-libmount-mountfd-support, it's very broken and needs both util-linux and kernel fixes (gh#util-linux/util-linux#2287) - UTIL_LINUX_FOUND_SYSTEMD_DEPS: make grep more robust - util-linux-tty-tools: build together with systemd in preparation of util-linux 2.40 together with systemd v254 - Upgrade to version 2.39: * blkpr: New command to run persistent reservations ioctls on a device. * pipesz: New command to set or examine pipe and FIFO buffer sizes. * waitpid: New command to wait for arbitrary processes. * mount, libmount: Supports new file descriptors based mount kernel API. * mount, libmount: New mount options X-mount.idmap=, X-mount.auto-fstypes, X-mount.{owner,group,mode}=, rootcontext=@target. * renice: Supports posix-compliant -n (via POSIXLY_CORRECT) and add a new option --relative. * dmesg: Supports subsecond granularity for --since and --until. * dmesg: Option --level accepts '+' prefix or postfix for a level name to specify all higher or all lower levels. * blkid, libblkid: Supports bcachefs. * fstrim: New option --types to filter out by filesystem types. * lsblk: --nvme and --virtio are new options to filter out devices. * lsblk: Improves detection of hotplug and removable status. * nsenter: New option --env for allowing environment variables inheritance. * namei: New option -Z to report SELinux contexts. * Many other new features and fixes. For complete list see https://kernel.org/pub/linux/utils/util-linux/v2.39/v2.39-ReleaseNotes - Dropped upstreamed patches: * fix-lib-internal-cache-size.patch * util-linux-fix-tests-when-at-symbol-in-path.patch * util-linux-honor-noclear-when-reprint-issue.patch - Add upstream patch util-linux-fix-tests-with-64k-pagesize.patch * Fixes fadvise tests for ppc64 ==== wtmpdb ==== Version update (0.6.0 -> 0.7.0) Subpackages: libwtmpdb0 - Update to version 0.7.0 - wtmpdb rotate: use sqlite3_bind_* internal - wtmpdb last: Implement -x, -d, -i and -w options ==== zlib-ng-compat ==== Version update (2.0.7 -> 2.1.2) - Update to version 2.1.2: * Many improvements to the CMake scripts. * Improved support for detecting memory alignment functions. * Improved support for unaligned access by letting the compiler promote code to unaligned if supported by the CPU. * Remove x86 cpu feature detection for TZCNT, safely fallback to BSF. * Enable using AVX512 intrinsics with GCC <9. * Decompression is a lot faster (56% faster measured on AVX2-capable x86-64) * Compresson is improved for Level 9, at the cost of a little performance. * Compression is improved for Level 3, by switching from deflate_fast to deflate_medium. * Levels 3 and 4 have been reconfigured to provide a better gradual tradeoff for speed/compression between levels 2 and 5. * Deflate_quick (Level 1) has been improved to default to a bigger windowsize and support changing the window size like the other levels. * Deflate_rle has been optimized with its own compare_256 implementation. * Adler32 implementation using AVX512, AVX512-VNNI, VMX. * CRC32-B implementation using VPCLMULQDQ & IBM-Z. * Slide hash implementation using VMX. * Compare256 implementations using SSE2, Neon, & POWER9. * Inflate chunk copying using SSSE3 & VSX.