Packages changed: MozillaFirefox (122.0.1 -> 123.0) apparmor c-ares (1.26.0 -> 1.27.0) cdparanoia chrony (4.4 -> 4.5) cloud-init containerd cpio cronie cups dhcp distribution-logos-openSUSE dmidecode docbook-xsl docbook_4 docker dracut (059+suse.554.g6144bf71 -> 059+suse.557.g8a62bf73) dump fcoe-utils file fltk fwupd (1.9.13 -> 1.9.14) gdb giflib (5.2.1 -> 5.2.2) git (2.43.2 -> 2.44.0) gnutls gpsd icewm libapparmor libgpg-error (1.47 -> 1.48) libimobiledevice-glue (1.0.0+git3.20230513 -> 1.1.0+git0.20240222) libksba (1.6.5 -> 1.6.6) libstorage-ng (4.5.191 -> 4.5.193) libunistring (1.1 -> 1.2) mokutil mozilla-nss multipath-tools (0.9.8~1+82+suse.dcd98a3 -> 0.9.8+83+suse.bcae610) ncurses (6.4.20240210 -> 6.4.20240224) npth (1.6 -> 1.7) open-vm-tools openssh (9.3p2 -> 9.6p1) openssh-askpass-gnome (9.3p2 -> 9.6p1) openvpn podman python-PyYAML setserial sha1collisiondetection slang sof-firmware sord soundtouch speex susepaste switcheroo-control syslogd system-config-printer sysvinit thin-provisioning-tools (1.0.11 -> 1.0.12) tigervnc upower (1.90.2 -> 1.90.2+15) usbutils vlc xauth xdm xf86-input-evdev xf86-input-wacom xf86-video-vesa xinit xkeyboard-config xmlsec1 xorg-x11-server xrandr zlib (1.3 -> 1.3.1) === Details === ==== MozillaFirefox ==== Version update (122.0.1 -> 123.0) - Mozilla Firefox 123.0 https://www.mozilla.org/en-US/firefox/123.0/releasenotes/ MFSA 2024-05 (bsc#1220048) * CVE-2024-1546 (bmo#1843752) Out-of-bounds memory read in networking channels * CVE-2024-1547 (bmo#1877879) Alert dialog could have been spoofed on another site * CVE-2024-1554 (bmo#1816390) fetch could be used to effect cache poisoning * CVE-2024-1548 (bmo#1832627) Fullscreen Notification could have been hidden by select element * CVE-2024-1549 (bmo#1833814) Custom cursor could obscure the permission dialog * CVE-2024-1550 (bmo#1860065) Mouse cursor re-positioned unexpectedly could have led to unintended permission grants * CVE-2024-1551 (bmo#1864385) Multipart HTTP Responses would accept the Set-Cookie header in response parts * CVE-2024-1555 (bmo#1873223) SameSite cookies were not properly respected when opening a website from an external browser * CVE-2024-1556 (bmo#1870414) Invalid memory access in the built-in profiler * CVE-2024-1552 (bmo#1874502) Incorrect code generation on 32-bit ARM devices * CVE-2024-1553 (bmo#1855686, bmo#1867982, bmo#1871498, bmo#1872296, bmo#1873521, bmo#1873577, bmo#1873597, bmo#1873866, bmo#1874080, bmo#1874740, bmo#1875795, bmo#1875906, bmo#1876425, bmo#1878211, bmo#1878286) Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 * CVE-2024-1557 (bmo#1746471, bmo#1848829, bmo#1864011, bmo#1869175, bmo#1869455, bmo#1869938, bmo#1871606) Memory safety bugs fixed in Firefox 123 - requires NSS 3.97 ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - Fix systemd userdb access in unix-chkpwd ==== c-ares ==== Version update (1.26.0 -> 1.27.0) - c-ares 1.27.0 Security: * Moderate. CVE-2024-25629. Reading malformatted /etc/resolv.conf, /etc/nsswitch.conf or the HOSTALIASES file could result in a crash. GHSA-mg26-v6qh-x48q (CVE-2024-25629, bsc#1220279) Features: * New function ares_queue_active_queries() to retrieve number of in-flight queries. PR #712 * New function ares_queue_wait_empty() to wait for the number of in-flight queries to reach zero. PR #710 * New ARES_FLAG_NO_DEFLT_SVR for ares_init_options() to return a failure if no DNS servers can be found rather than attempting to use 127.0.0.1. This also introduces a new ares status code of ARES_ENOSERVER. PR #713 Changes: * EDNS Packet size should be 1232 as per DNS Flag Day. PR #705 Bugfixes: * Fix warning due to ignoring return code of write(). PR #709 * CMake: don't override target output locations if not top-level. Issue #708 * Fix building c-ares without thread support. PR #700 ==== cdparanoia ==== Subpackages: libcdda_interface0 libcdda_paranoia0 - Use %patch -P N instead of deprecated %patchN. ==== chrony ==== Version update (4.4 -> 4.5) Subpackages: chrony-pool-openSUSE - Use %patch -P N instead of deprecated %patchN. - Update to version 4.5: * Add support for AES-GCM-SIV in GnuTLS * Add support for corrections from PTP transparent clocks * Add support for systemd socket activation * Fix presend in interleaved mode * Fix reloading of modified sources from sourcedir ==== cloud-init ==== - Prepare for RPM 4.20 switch patch syntax ==== containerd ==== - Use %patch -P N instead of deprecated %patchN. ==== cpio ==== Subpackages: cpio-mt - Use %autopatch instead of deprecated %patchN. ==== cronie ==== Subpackages: cron - Use %patch -P N instead of deprecated %patchN. ==== cups ==== Subpackages: cups-client cups-config libcups2 libcupsimage2 - Use %patch -P N instead of deprecated %patchN. ==== dhcp ==== Subpackages: dhcp-client - Use %patch -P N instead of deprecated %patchN. ==== distribution-logos-openSUSE ==== Subpackages: distribution-logos-openSUSE-MicroOS distribution-logos-openSUSE-icons - Add handling for Leap Micro 6.X and Leap 16.X ==== dmidecode ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN. ==== docbook-xsl ==== - Use %patch -P N instead of deprecated %patchN. ==== docbook_4 ==== - Use %patch -P N instead of deprecated %patchN. ==== docker ==== Subpackages: docker-bash-completion docker-rootless-extras - Allow to disable apparmor support (ALP supports only SELinux) ==== dracut ==== Version update (059+suse.554.g6144bf71 -> 059+suse.557.g8a62bf73) Subpackages: dracut-ima - Update to version 059+suse.557.g8a62bf73: * fix(zfcp_rules): correct shellcheck regression when parsing ccw args (bsc#1220485) ==== dump ==== - Use %patch -P N instead of deprecated %patchN. ==== fcoe-utils ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN. ==== file ==== Subpackages: file-magic libmagic1 - Prepare for RPM 4.20 ==== fltk ==== - Use %patch -P N instead of deprecated %patchN. ==== fwupd ==== Version update (1.9.13 -> 1.9.14) Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.9.14: * Correctly detect ARM32 and RISC-V UEFI binaries. * Correctly migrate the database schema from very old fwupd versions. * Fix DS-20 descriptors by opening the GUsbDevice earlier. * Fix updating the fingerprint reader on the Framework 13 and 16 laptop. * Fix warning when probing devices using the metadata allowlist. * Only recover the version format for specific devices. ==== gdb ==== - Use %patch -P N instead of deprecated %patchN. - Maintenance script qa.sh: * Add PR31214 kfail. * Add kfail for fails in gdb.reverse/solib-precsave.exp / gdb.reverse/solib-reverse.exp fixed by commit fe6356def67 ("PowerPC and aarch64: Fix reverse stepping failure"). * Extend PR31004 kfail. - Don't require %{python}-base for gdb-testresults package. - Fix debuginfod handling: * Enable for sle_version >= 150400 (bsc#1185605, jsc#PED-1149, jsc#PED-1138), SLE15-SP4 and later. * Enable for suse_version >= 1600, ALP and Tumbleweed. * Add back "BuildRequires: libdebuginfod1" to prevent selecting dummy variant. * Add "BuildRequires: debuginfod-client" to prevent unresolved due to conflict with dummy variant. * Add --with-debuginfod=yes to prevent silently dropping support. - Patches added (backport from master): * gdb-testsuite-add-missing-no-prompt-anchor-in-gdb.ba.patch * gdb-testsuite-remove-spurious-in-save_vars.patch ==== giflib ==== Version update (5.2.1 -> 5.2.2) - Update to version 5.2.2 * Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880) * Address SF issue #138 Documentation for obsolete utilities still installed * Address SF issue #139: Typo in "LZW image data" page ("110_2 = 4_10") * Address SF issue #140: Typo in "LZW image data" page ("LWZ") * Address SF issue #141: Typo in "Bits and bytes" page ("filed") * Note as already fixed SF issue #143: cannot compile under mingw * Address SF issue #144: giflib-5.2.1 cannot be build on windows and other platforms using c89 * Address SF issue #145: Remove manual pages installation for binaries that are not installed too * Address SF issue #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7 * Address SF issue #147 [PATCH] Fixes to doc/whatsinagif/ content * Address SF issue #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB * Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1 * Declared Won't-fix on SF issue 149: Out of source builds no longer possible * Address SF issue #151: A heap-buffer-overflow in gif2rgb.c:294:45 * Address SF issue #152: Fix some typos on the html documentation and man pages * Address SF issue #153: Fix segmentation faults due to non correct checking for args * Address SF issue #154: Recover the giffilter manual page * Address SF issue #155: Add gifsponge docs * Address SF issue #157: An OutofMemory-Exception or Memory Leak in gif2rgb * Address SF issue #158: There is a null pointer problem in gif2rgb * Address SF issue #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45 * Address SF issue #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c * Address SF issue #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c * Address SF issue #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c * Address SF issue #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c - Added patch: * giflib-5.2.2-no-imagemagick.patch + do not use ImageMagick to resize one gif file. It creates a build cycle. * 0001-Clean-up-memory-better-at-end-of-run-CVE-2021-40633.patch + upstream fix for CVE-2021-40633 (bsc#1200551) - Modified patches: * PIE.patch * reproducible.patch + rediff to changed context ==== git ==== Version update (2.43.2 -> 2.44.0) - update to 2.44.0: * "git checkout -B " now longer allows switching to a branch that is in use on another worktree. The users need to use "--ignore-other-worktrees" option. * Faster server-side rebases with git replay * Faster pack generation with multi-pack reuse * rebase auto-squashing now works in non-interactive mode * pathspec now understands attr, e.g. ':(attr:~binary) for selecting non-binaries, or builtin_objectmode for selecting items by file mode or other properties * Many other cli UI and internal improvements and extensions ==== gnutls ==== - Remove some if..endif that do not affect any result - Split documentation (some 1100 files) to separate subpackage ==== gpsd ==== - Use %patch -P N instead of deprecated %patchN. ==== icewm ==== Subpackages: icewm-config-upstream icewm-default icewm-lang - Use %patch -P N instead of deprecated %patchN. ==== libapparmor ==== - Fix systemd userdb access in unix-chkpwd ==== libgpg-error ==== Version update (1.47 -> 1.48) - Update to 1.48: * New configure option --with-libtool-modification. [T6619] * New option parser flag to detect commands given without a double dash. There is also the new meta command "command-mode" to set this flag via a config file. [T6978] * Added an es_fopen mode flag "sequential" with support on Windows. [rE7a42ff0ec9] * Added an es_fopen mode flag "wipe" to cleanup internal buffers at close time. [T6954] * New function gpgrt_wipememory. [T6964] * Improvements to setenv on Windows. [rE89e53ad90f] * Fixed call to estream-printf string filters. [T6737] * Many improvements to the yat2m tool. * Updates to the build system. * Interface changes relative to the 1.47 release: - ARGPARSE_FLAG_COMMAND NEW. - gpgrt_wipememory NEW. * Release-info: https://dev.gnupg.org/T6441 * Update upstream libgpg-error.keyring ==== libimobiledevice-glue ==== Version update (1.0.0+git3.20230513 -> 1.1.0+git0.20240222) - Update to version 1.1.0+git0.20240222: - Changes: * socket: Use poll() - when available - instead of select() * socket: Allow NULL as address for socket_create() and socket_connect() * win32: Remove windows.h from public headers * Add version function to interface - Bugfixes: * opack: Fixed 32bit buffer overflow * opack: Fix parsing of 32 and 64 bit packed values - Internal: * Move LIMD_GLUE_API definitions to public headers * socket: Conditionally compile using poll or select based on availability * socket: Fix select failing when the process has many file descriptors by using poll instead * win32: Fix external compilation using libimobiledevice-glue/thread.h ==== libksba ==== Version update (1.6.5 -> 1.6.6) - Update to 1.6.6: * Fix a possible wrong error return from the DER builder. [T6992] * Release-info: https://dev.gnupg.org/T7009 * Update upstream libksba.keyring ==== libstorage-ng ==== Version update (4.5.191 -> 4.5.193) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#988 - allow more control of environment in SystemCmd class - 4.5.193 - merge gh#openSUSE/libstorage-ng#987 - fixed check in testsuite - 4.5.192 ==== libunistring ==== Version update (1.1 -> 1.2) - update to 1.2: * Support Unicode 15.1.0 * Improve UTF-8 decoder Unicode Standard compliance * The *printf functions no longer support the %n directive, for security reasons. * Fixed a bug in the *printf functions: In the %U, %lU, %llU directives, a negative width given as an argument did not trigger left-justification. * The functions u16_strstr and u32_strstr now operate in worst-case linear time. * Useful API function extensions ==== mokutil ==== - Use %patch -P N instead of deprecated %patchN. ==== mozilla-nss ==== Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - Use %patch -P N instead of deprecated %patchN. ==== multipath-tools ==== Version update (0.9.8~1+82+suse.dcd98a3 -> 0.9.8+83+suse.bcae610) Subpackages: kpartx libmpath0 - Remove libmpathpersist-example-old.c, which has been obsolete since multipath-tools 0.8.6. - Update to version 0.9.8+83+suse.bcae610 (bsc#1220374) * multipath-tools: added NEWS.md ==== ncurses ==== Version update (6.4.20240210 -> 6.4.20240224) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20240217 + add vt100+noapp, vt100+noapp+pc, xterm+app+pc, xterm+decedit from xterm #389 -TD + fix inconsistent description of wmouse_trafo() (Debian #1059778). + modify wenclose() to handle pads (Debian #1059783). + improve manpage discussion of mouseinterval() (Debian #1058560). - Add ncurses patch 20240224 + improve man/curs_mouse.3x style (Brandon Robinson, Sven Joachim). + provide for CCHARW_MAX greater than 1 + eliminate use of PATH_MAX in lib_trace.c + work around misconfiguration of MacPorts gcc13, which exposes invalid definition of MB_LEN_MAX in gcc's fallback copy of limits.h (MacPorts [#69374]). ==== npth ==== Version update (1.6 -> 1.7) - Update to 1.7: * The npth-config command is not installed by default, because it is now replaced by use of pkg-config/gpgrt-config with npth.pc. Supply --enable-install-npth-config configure option, if needed. * Support for legacy systems w/o pthread_rwlock_t support. [T4306] * New functions npth_poll and npth_ppoll for Unix. [T5748] * Fixes to improve support for 64 bit Windows. * Fix declaration conflict using newer mingw versions. [T5889] * Fix build problems on Solaris 11. [T4491] * Fix detecting of the pthread library. [rPTH6629a4b801] * Clean up handling of unsafe semaphores on AIX. [T6947] * Link without -flat_namespace to support macOS 11. [T5610] * Release-info: https://dev.gnupg.org/T7010 * Update spec file * Update upstream npth.keyring ==== open-vm-tools ==== Subpackages: libvmtools0 open-vm-tools-desktop - Use %patch -P N instead of deprecated %patchN. ==== openssh ==== Version update (9.3p2 -> 9.6p1) Subpackages: openssh-clients openssh-common openssh-server - Update to openssh 9.6p1: = Security * ssh(1), sshd(8): implement protocol extensions to thwart the so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts. A peer SSH client/server would not be able to detect that messages were deleted. * ssh-agent(1): when adding PKCS#11-hosted private keys while specifying destination constraints, if the PKCS#11 token returned multiple keys then only the first key had the constraints applied. Use of regular private keys, FIDO tokens and unconstrained keys are unaffected. * ssh(1): if an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or "match exec" predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive. = Potentially incompatible changes * ssh(1), sshd(8): the RFC4254 connection/channels protocol provides a TCP-like window mechanism that limits the amount of data that can be sent without acceptance from the peer. In cases where this limit was exceeded by a non-conforming peer SSH implementation, ssh(1)/sshd(8) previously discarded the extra data. From OpenSSH 9.6, ssh(1)/sshd(8) will now terminate the connection if a peer exceeds the window limit by more than a small grace factor. This change should have no effect of SSH implementations that follow the specification. = New features * ssh(1): add a %j token that expands to the configured ProxyJump hostname (or the empty string if this option is not being used) that can be used in a number of ssh_config(5) keywords. bz3610 * ssh(1): add ChannelTimeout support to the client, mirroring the same option in the server and allowing ssh(1) to terminate quiescent channels. * ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): add support for reading ED25519 private keys in PEM PKCS8 format. Previously only the OpenSSH private key format was supported. * ssh(1), sshd(8): introduce a protocol extension to allow renegotiation of acceptable signature algorithms for public key authentication after the server has learned the username being used for authentication. This allows varying sshd_config(5) PubkeyAcceptedAlgorithms in a "Match user" block. * ssh-add(1), ssh-agent(1): add an agent protocol extension to allow specifying certificates when loading PKCS#11 keys. This allows the use of certificates backed by PKCS#11 private keys in all OpenSSH tools that support ssh-agent(1). Previously only ssh(1) supported this use-case. = Bugfixes * ssh(1): when deciding whether to enable the keystroke timing obfuscation, enable it only if a channel with a TTY is active. * ssh(1): switch mainloop from poll(3) to ppoll(3) and mask signals before checking flags set in signal handler. Avoids potential race condition between signaling ssh to exit and polling. bz3531 * ssh(1): when connecting to a destination with both the AddressFamily and CanonicalizeHostname directives in use, the AddressFamily directive could be ignored. bz5326 * sftp(1): correct handling of the limits@openssh.com option when the server returned an unexpected message. * A number of fixes to the PuTTY and Dropbear regress/integration tests. * ssh(1): release GSS OIDs only at end of authentication, avoiding unnecessary init/cleanup cycles. bz2982 * ssh_config(5): mention "none" is a valid argument to IdentityFile in the manual. bz3080 * scp(1): improved debugging for paths from the server rejected for not matching the client's glob(3) pattern in old SCP/RCP protocol mode. * ssh-agent(1): refuse signing operations on destination-constrained keys if a previous session-bind operation has failed. This may prevent a fail-open situation in future if a user uses a mismatched ssh(1) client and ssh-agent(1) where the client supports a key type that the agent does not support. - Update to openssh 9.5p1: = Potentially incompatible changes * ssh-keygen(1): generate Ed25519 keys by default. Ed25519 public keys are very convenient due to their small size. Ed25519 keys are specified in RFC 8709 and OpenSSH has supported them since version 6.5 (January 2014). * sshd(8): the Subsystem directive now accurately preserves quoting of subsystem commands and arguments. This may change behaviour for exotic configurations, but the most common subsystem configuration (sftp-server) is unlikely to be affected. = New features * ssh(1): add keystroke timing obfuscation to the client. This attempts to hide inter-keystroke timings by sending interactive traffic at fixed intervals (default: every 20ms) when there is only a small amount of data being sent. It also sends fake "chaff" keystrokes for a random interval after the last real keystroke. These are controlled by a new ssh_config ObscureKeystrokeTiming keyword. * ssh(1), sshd(8): Introduce a transport-level ping facility. This adds a pair of SSH transport protocol messages SSH2_MSG_PING/PONG to implement a ping capability. These messages use numbers in the "local extensions" number space and are advertised using a "ping@openssh.com" ext-info message with a string version number of "0". ... changelog too long, skipping 104 lines ... * openssh-8.0p1-gssapi-keyex.patch ==== openssh-askpass-gnome ==== Version update (9.3p2 -> 9.6p1) - Update to openssh 9.6p1: * No changes for askpass, see main package changelog for details. ==== openvpn ==== Subpackages: openvpn-auth-pam-plugin - Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN. ==== podman ==== - Allow to disable apparmor support (ALP supports only SELinux) ==== python-PyYAML ==== - Switch to pyproject and autosetup macros. - Drop patch setuptools.patch, we can now cope. ==== setserial ==== - Use %patch -P N instead of deprecated %patchN. ==== sha1collisiondetection ==== - Use %patch -P N instead of deprecated %patchN. ==== slang ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN. ==== sof-firmware ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN. ==== sord ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN. ==== soundtouch ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN. ==== speex ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN. ==== susepaste ==== Subpackages: susepaste-screenshot - Use %patch -P N instead of deprecated %patchN. ==== switcheroo-control ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN. ==== syslogd ==== - Use %patch -P N instead of deprecated %patchN. ==== system-config-printer ==== Subpackages: python3-cupshelpers system-config-printer-common system-config-printer-dbus-service udev-configure-printer - remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro, [bsc#1212476] ==== sysvinit ==== - Use %patch -P N instead of deprecated %patchN. ==== thin-provisioning-tools ==== Version update (1.0.11 -> 1.0.12) - Update to version 1.0.12: * [thin_dump] Do not print error messages on BrokenPipe (EPIPE) * Bump version to 1.0.12 * [build] Update dependencies * [commands] Fix version string compatibility issue with LVM * [thin_dump] Do not print error messages on BrokenPipe (EPIPE) * [build] Update license to SPDX identifier ==== tigervnc ==== Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== upower ==== Version update (1.90.2 -> 1.90.2+15) Subpackages: libupower-glib3 typelib-1_0-UpowerGlib-1_0 - Update to version 1.90.2+15: * Revert "ci: Update last ABI break" * Revert "build: Bump the library soname after recent changes" * Revert "all: Remove Lid handling" * Revert "lib: Remove deprecated up_client_get_devices()" * dbus: org.freedesktop.UPower: EnergyRate is a positive value * linux: Adjust test_bluetooth_le_device for dbusmock 0.30.1 * linux: stop assuming power supply of unknown type as battery * linux: drop f-literals without format string * linux: prefer is not None over != * build: make 'udevrulesdir' and 'udevhwdbdir' as Linux-only - Introduce _service obs_scm and obsinfo files for automated update service via: osc service mr ==== usbutils ==== - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== vlc ==== Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX - Add vlc-taglib-2.0.patch: Fix build against taglib 2.0 (based on upstream commit ec29dfca, d2663d6c, ac59d0ba, c404fdb2). - Use %patch -P N instead of deprecated %patchN. ==== xauth ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN. ==== xdm ==== - Use %patch -P N instead of deprecated %patchN. ==== xf86-input-evdev ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN. ==== xf86-input-wacom ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN. ==== xf86-video-vesa ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN. ==== xinit ==== - Use %patch -P N instead of deprecated %patchN. - revert previous change; cpp is not needed for xinit, but only for xdm package - since xrdb no longer requires cpp, it needs to be reqired here now ==== xkeyboard-config ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN. ==== xmlsec1 ==== Subpackages: libxmlsec1-1 libxmlsec1-openssl1 - Use %patch -P N instead of deprecated %patchN. ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - Use %patch -P N instead of deprecated %patchN. ==== xrandr ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN. ==== zlib ==== Version update (1.3 -> 1.3.1) Subpackages: libminizip1 libz1 - Use %autopatch instead of %patch - Update to 1.3.1: * Reject overflows of zip header fields in minizip * Fix bug in inflateSync() for data held in bit buffer * Add LIT_MEM define to use more memory for a small deflate speedup * Fix decision on the emission of Zip64 end records in minizip * Add bounds checking to ERR_MSG() macro, used by zError() * Neutralize zip file traversal attacks in miniunz * Fix a bug in ZLIB_DEBUG compiles in check_match() - Update pacthes: * CVE-2023-45853.patch * zlib-1.3-IBM-Z-hw-accelerated-deflate-s390x.patch