Packages changed: ImageMagick (7.1.1.35 -> 7.1.1.36) MozillaFirefox (128.0.3 -> 129.0) NetworkManager (1.48.6 -> 1.48.8) PackageKit SDL2 (2.30.4 -> 2.30.6) accountsservice apache-commons-logging (1.2 -> 1.3.3) apache2-mod_php8 (8.3.9 -> 8.3.10) binutils (2.42 -> 2.43) btrfsprogs (6.10 -> 6.10.1) bubblewrap (0.9.0 -> 0.10.0) curl (8.9.0 -> 8.9.1) emacs ethtool (6.9 -> 6.10) ffmpeg-6 gdm gegl gnome-bluetooth (46.0 -> 46.1) gnome-control-center (46.3 -> 46.4) gnome-remote-desktop (46.3 -> 46.4) gnome-shell gnome-software (46.3 -> 46.4) gnome-user-docs (46.1 -> 46.4) gom (0.5.2 -> 0.5.3) gpg2 guestfs-tools (1.53.1 -> 1.53.2) iproute2 (6.9 -> 6.10) kernel-firmware (20240728 -> 20240809) kernel-source (6.10.3 -> 6.10.5) kexec-tools (2.0.28 -> 2.0.29) lib2geom libadwaita (1.5.2 -> 1.5.3) libass (0.17.1 -> 0.17.3) libei (1.2.1 -> 1.3.0) libgphoto2 libheif (1.18.1 -> 1.18.2) liblc3 (1.0.4 -> 1.1.1) libnftnl (1.2.6 -> 1.2.7) libqt5-qtwebengine libshumate (1.2.2 -> 1.2.3) liburing libxml++30 (3.2.4 -> 3.2.5) lvm2 lvm2-device-mapper lz4 makedumpfile mutter ncurses (6.5.20240713 -> 6.5.20240810) openSUSE-release (20240812 -> 20240818) ovmf patterns-base patterns-media pcre2 (10.43 -> 10.44) php8 (8.3.9 -> 8.3.10) polkit protobuf protobuf-c ptools python-M2Crypto (0.40.0 -> 0.42.0) python-anyio (4.3.0 -> 4.4.0) python-argcomplete python-cryptography qt6-webengine rdma-core (52.0 -> 53.0) selinux-policy (20240809 -> 20240814) sensors shadow suse-module-tools (16.0.48 -> 16.0.49) sysvinit (3.08 -> 3.10) texlive totem-pl-parser (3.26.6 -> 3.26.6+30) unbound (1.20.0 -> 1.21.0) virt-v2v (2.5.5 -> 2.5.6) webkit2gtk3 (2.44.2 -> 2.44.3) wtmpdb (0.13.0+git.20240726 -> 0.13.0+git.20240814) xdm xfce4-notifyd (0.9.4 -> 0.9.6) xfwm4 yast2-bootloader (5.0.10 -> 5.0.11) === Details === ==== ImageMagick ==== Version update (7.1.1.35 -> 7.1.1.36) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.1.36 * uhdr.c: default initialize range field for hdr/sdr intent inputs to enc by @aayushsoni111 in #7482 * Fixed typo in documentation of MagickAdaptiveBlurImage by @JonahEMorgan in #7500 * Silence warning when freetype delegate is disabled. by @niclet in #7515 ==== MozillaFirefox ==== Version update (128.0.3 -> 129.0) - Mozilla Firefox 129.0 https://www.mozilla.org/en-US/firefox/129.0/releasenotes MFSA 2024-33 (bsc#1228648)) * CVE-2024-7518 (bmo#1875354) Fullscreen notification dialog can be obscured by document content * CVE-2024-7519 (bmo#1902307) Out of bounds memory access in graphics shared memory handling * CVE-2024-7520 (bmo#1903041) Type confusion in WebAssembly * CVE-2024-7521 (bmo#1904644) Incomplete WebAssembly exception handing * CVE-2024-7522 (bmo#1906727) Out of bounds read in editor component * CVE-2024-7523 (bmo#1908344) Document content could partially obscure security prompts * CVE-2024-7524 (bmo#1909241) CSP strict-dynamic bypass using web-compatibility shims * CVE-2024-7525 (bmo#1909298) Missing permission check when creating a StreamFilter * CVE-2024-7526 (bmo#1910306) Uninitialized memory used by WebGL * CVE-2024-7527 (bmo#1871303) Use-after-free in JavaScript garbage collection * CVE-2024-7528 (bmo#1895951) Use-after-free in IndexedDB * CVE-2024-7529 (bmo#1903187) Document content could partially obscure security prompts * CVE-2024-7530 (bmo#1904011) Use-after-free in JavaScript code coverage collection * CVE-2024-7531 (bmo#1905691) PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines - removed obsolete patches mozilla-bmo1905018.patch mozilla-bmo1504834-part3.patch mozilla-bmo1512162.patch mozilla-bmo1822730.patch mozilla-fix-aarch64-libopus.patch mozilla-partial-revert-1768632.patch - requires NSS 3.102.1 - extended mozilla-silence-no-return-type.patch ==== NetworkManager ==== Version update (1.48.6 -> 1.48.8) Subpackages: NetworkManager-bluetooth NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Update to version 1.48.8: + ovs: fix triggering stage3 activation without DHCP client initialized + config: parse autoconnect-ports value on config + ndisc: preserve router preferences ==== PackageKit ==== Subpackages: PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0 - Add PackageKit-mark-as-compulsory.patch: Prevent PackageKit from user uninstallable for most desktops (bsc#1226269). ==== SDL2 ==== Version update (2.30.4 -> 2.30.6) - Update to release 2.30.6 * Improved detection of Nintendo Switch Pro controller report mode * Fixed a rare crash when a controller is disconnected ==== accountsservice ==== Subpackages: libaccountsservice0 typelib-1_0-AccountsService-1_0 - Drop as-fate318433-prevent-same-account-multi-logins.patch. Gnome-shell now has similar functionality upstream. ==== apache-commons-logging ==== Version update (1.2 -> 1.3.3) - Upgrade to 1.3.3 * Bug Fixes: + * LOGGING-193: Update Log4j 2 OSGi imports #268. + * Fix PMD UnnecessaryFullyQualifiedName in SimpleLog. + * Fix NullPointerException in SimpleLog#write(Object) on null input. + Fix NullPointerException in SimpleLog#write(StringBuffer) on null input. - Includes changes from 1.3.2 * Fixed Bugs + LOGGING-190: Add OSGi metadata to enable Service Loader Mediator #234. + LOGGING-191: Apache commons logging shows 1.4 as latest release instead of 1.3.1. + Deprecate org.apache.commons.logging.LogSource.jdk14IsAvailable. - Includes changes from 1.3.1 * New features + Add Maven property project.build.outputTimestamp for build reproducibility. * Fixed Bugs + Remove references to very old JDK and Commons Logging versions #201. + Update from Logj 1 to the Log4j 2 API compatibility layer [#231]. + Allow Servlet 4 in OSGi environment #191. + Fix generics warnings #213. + LOGGING-189: Fix Import-Package entry for org.slf4j #188. - Includes changes from 1.3.0 * New Features: + Add support for Log4j API and SLF4J #177. + Deprecate org.apache.commons.logging.impl.WeakHashtable without replacement. LOGGING-188: Deprecate and disable `Jdk13LumberjackLogger` and `Log4JLogger`. LOGGING-173: + Deprecate and disable `AvalonLogger` and `LogKitLogger`. + LOGGING-165: Add Automatic-Module-Name Manifest Header for Java 9 compatibility. * Fixed Bugs: + LOGGING-163: BufferedReader is not closed properly. + LOGGING-177: Remove redundant initializer #46 + Use a weak reference for the cached class loader #71. + Add more entries to .gitignore file #25. + Minor Improvements #34. + [StepSecurity] ci: Harden GitHub Actions #145. + LOGGING-185: Replace custom code with `ServiceLoader` call. + Fix possible NPEs in LogFactoryImpl. + LOGGING-185: Fix failing tests #180. + Deprecate LogConfigurationException.cause in favor of getCause(). + Fix SpotBugs [ERROR] High: Found reliance on default encoding in org.apache.commons.logging.LogFactory.initDiagnostics(): new java.io.PrintStream(OutputStream) [org.apache.commons.logging.LogFactory] At LogFactory.java:[line 1205] DM_DEFAULT_ENCODING. + Fix SpotBugs [ERROR] Medium: Class org.apache.commons.logging.impl.WeakHashtable defines non-transient non-serializable instance field queue [org.apache.commons.logging.impl.WeakHashtable] In WeakHashtable.java SE_BAD_FIELD. + Set java.logging as optional module #183. + Fix SpotBugs [ERROR] Medium: Switch statement found in org.apache.commons.logging.impl.SimpleLog.log(int, Object, Throwable) where default case is missing [org.apache.commons.logging.impl.SimpleLog] At SimpleLog.java:[lines 505-522] SF_SWITCH_NO_DEFAULT. + Deprecate org.apache.commons.logging.impl.Jdk13LumberjackLogger.dummyLevel without replacement. - Remove deprecated patch files: * commons-logging-1.1.3-src-junit.diff * commons-logging-1.2-sourcetarget.patch * commons-logging-manifests.patch * no-tests.patch - Reinstate ant build (removed upstream) * add build.xml * add build.properties - Remove unnecessary dependencies * add commons-logging-1.3.3-dependencies.patch - Add upstream dev's public key to apache-commons-logging.keyring ==== apache2-mod_php8 ==== Version update (8.3.9 -> 8.3.10) - version update to 8.3.10 Core: Fixed bug GH-13922 (Fixed support for systems with sysconf(_SC_GETPW_R_SIZE_MAX) == -1). Fixed bug GH-14626 (Fix is_zend_ptr() for huge blocks). Fixed bug GH-14590 (Memory leak in FPM test gh13563-conf-bool-env.phpt. Fixed OSS-Fuzz #69765. Fixed bug GH-14741 (Segmentation fault in Zend/zend_types.h). Fixed bug GH-14969 (Use-after-free in property coercion with __toString()). Dom: Fixed bug GH-14702 (DOMDocument::xinclude() crash). Fileinfo: Fixed bug GH-14888 (README.REDIST.BINS refers to non-existing LICENSE). Gd: ext/gd/tests/gh10614.phpt: skip if no PNG support. restored warning instead of fata error. LibXML: Fixed bug GH-14563 (Build failure with libxml2 v2.13.0). Opcache: Fixed bug GH-14550 (No warning message when Zend DTrace is enabled that opcache.jit is implictly disabled). Output: Fixed bug GH-14808 (Unexpected null pointer in Zend/zend_string.h with empty output buffer). PDO: Fixed bug GH-14712 (Crash with PDORow access to null property). Phar: Fixed bug GH-14603 (null string from zip entry). PHPDBG: Fixed bug GH-14596 (crashes with ASAN and ZEND_RC_DEBUG=1). Fixed bug GH-14553 (echo output trimmed at NULL byte). Shmop: Fixed bug GH-14537 (shmop Windows 11 crashes the process). SPL: Fixed bug GH-14639 (Member access within null pointer in ext/spl/spl_observer.c). Standard: Fixed bug GH-14775 (range function overflow with negative step argument). Fix 32-bit wordwrap test failures. Fixed bug GH-14774 (time_sleep_until overflow). Streams: Fixed bug GH-14930 (Custom stream wrapper dir_readdir output truncated to 255 characters in PHP 8.3). Tidy: Fix memory leak in tidy_repair_file(). Treewide: Fix compatibility with libxml2 2.13.2. XML: Move away from to-be-deprecated libxml fields. Fixed bug GH-14834 (Error installing PHP when --with-pear is used). ==== binutils ==== Version update (2.42 -> 2.43) Subpackages: libctf-nobfd0 libctf0 - Update to version 2.43: * new .base64 pseudo-op, allowing base64 encoded data as strings * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported) * x86 Intel syntax now warns about more mnemonic suffixes * macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed * aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2 * s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust) * riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains) * arm: remove support for some old co-processors: Maverick and FPA * mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that * LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR * readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type * objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv * linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently - Removed binutils-2.42.tar.bz2, binutils-2.42-branch.diff.gz. - Added binutils-2.43.tar.bz2, binutils-2.43-branch.diff.gz. - Removed upstream patch riscv-no-relax.patch. - Rebased ld-relro.diff and binutils-revert-rela.diff. ==== btrfsprogs ==== Version update (6.10 -> 6.10.1) Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1 - update to 6.10.1 * mkfs: rework --rootdir traversal, skip hardlinks and create new inodes instead, also warn about them, this did not work as expected and will be fixed in the future * receive: search in older trees for UUIDs when detecting clone sources * libbtrfsutil: bindings available at https://pypi.org/project/btrfsutil * libbtrfs: * patchlevel version update 0.1.4 * cleanup in headers, removed unused definitions, no functional changes * don't ship list.h and rbtree.h * other: documentation updates ==== bubblewrap ==== Version update (0.9.0 -> 0.10.0) Subpackages: bubblewrap-zsh-completion - Update to version v0.10.0: * New features: Add the --[ro-]bind-fd option, which can be used to mount a filesystem represented by a file descriptor without time-of-check/time-of-use attacks. This is needed when resolving CVE-2024-42472 in Flatpak. * Other changes: Fix some confusing syntax in SetupOpFlag (no functional change). ==== curl ==== Version update (8.9.0 -> 8.9.1) Subpackages: curl-zsh-completion libcurl4 - Fix regression introduced in version 8.9.1: * sigpipe: init the struct so that first apply ignores * Add curl-sigpipe.patch - Update to 8.9.1: * Security fixes: - curl: ASN.1 date parser overread [bsc#1228535, CVE-2024-7264] * Bugfixes: - cmake: detect 'libssh' via 'pkg-config' - cmake: detect 'nettle' when building with GnuTLS - connect: fix connection shutdown for event based processing - curl: more defensive socket code for --ip-tos - CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching - CURLSHOPT_SHARE.md: mention sessions/cookies as not thread-safe - ftpserver.pl: make POP3 LIST serve content from the test file - lib: survive some NULL input args - os400: build cli manual. - os400: workaround an IBM ASCII run-time library bug - transfer: speed limiting fix for 32bit systems - vtls: avoid forward declaration in MultiSSL builds - x509asn1: unittests and fixes for gtime2str ==== emacs ==== Subpackages: emacs-el emacs-eln emacs-games emacs-info emacs-nox etags - Set find-function-C-source-directory in site-start so sources provided by the debugsource package can be found user intervention inside Emacs ==== ethtool ==== Version update (6.9 -> 6.10) Subpackages: ethtool-bash-completion - update to upstream release 6.10 * Feature: suport for PoE in PSE (--show-pse and --set-pse) * Feature: add statistics support to tsinfo (-T) * Feature: add JSON output to base command (no option) * Feature: add JSON output to EEE info (--show-eee) * Fix: qsfp: better handling on page 03h read failure (-m) * Fix: handle zero arguments for module eeprom dump (-m) * Fix: check for missing arguments in do_srxfh() (-X) * Misc: more descriptive error when JSON output is not available ==== ffmpeg-6 ==== Subpackages: libavcodec60 libavfilter9 libavformat60 libavutil58 libpostproc57 libswresample4 libswscale7 - Remove ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch and ffmpeg-6-CVE-2024-32228.patch to make the bot happy. - Renumber patches. - Disable ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch and ffmpeg-6-CVE-2024-32228.patch as they brake compilation with BUILD_ORIG enabled, i.e. Packman. ==== gdm ==== Subpackages: gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Add pam_pkcs11 as Recommends for smartcard login (bsc#1223580). - Fix applying patches when sle_version is defined ==== gegl ==== Subpackages: gegl-0_4 libgegl-0_4-0 - Add backported 66de8124.patch: Fix build against ffmpeg-7. ==== gnome-bluetooth ==== Version update (46.0 -> 46.1) Subpackages: libgnome-bluetooth-3_0-13 libgnome-bluetooth-ui-3_0-13 typelib-1_0-GnomeBluetooth-3_0 - Update to version 46.1: + This version contains translation updates and a bug fix for some device icons not appearing correctly. ==== gnome-control-center ==== Version update (46.3 -> 46.4) Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces gnome-control-center-users - Update to version 46.4: + Accessibility: Fix enum value for follow centered + Apps: Fix memory leak for MMManager object in default apps page + Network: Don't set empty ignored hosts + Privacy: Fix visibility issue of Bolt settings when Bolt isn't available + Users: - Avoid accidental mnemonics for user name rows - Show correctly the remaining list of fingerprints to enroll + WWAN: Fix crash on Unlock SIM dialog ==== gnome-remote-desktop ==== Version update (46.3 -> 46.4) - Update to version 46.4: + Gracefully handle invalid x224Crq data + Fix file descriptor leak + Updated translations. ==== gnome-shell ==== Subpackages: gnome-extensions gnome-shell-calendar - Drop gs-fate318433-prevent-same-account-multi-logins.patch. Upstream now does this. ==== gnome-software ==== Version update (46.3 -> 46.4) Subpackages: gnome-software-plugin-packagekit - Update to version 46.4: + Correct broken formatting when using in AppStream metadata + Updated translations. ==== gnome-user-docs ==== Version update (46.1 -> 46.4) - Update to version 46.4: + Updates to GNOME Help. + Updated translations. ==== gom ==== Version update (0.5.2 -> 0.5.3) - Update to version 0.5.3: + Automatically ignore read-only properties + Add support for GParamSpec which are GBytes ==== gpg2 ==== Subpackages: dirmngr - Remove explicit runtime library dependency, pick ease of maintenance in Tumbleweed over mixed project use runtime bugs. ==== guestfs-tools ==== Version update (1.53.1 -> 1.53.2) - Update to version 1.53.2 (jsc#PED-6305) * Implement --inject-blnsvr operation * mlcustomize: firstboot: Use Linux path for Powershell script path * mlcustomize: firstboot: Use powershell.exe instead of path * mlcustomize: firstboot: Use Powershell -NoProfile flag * mlcustomize: Revert delay installation of qemu-ga MSI * mldrivers/linux_kernels.ml: Prefix general information with ^info: * mlcustomize: Use Start-Process -Wait to run qemu-ga installer * mlcustomize: Add Firstboot.firstboot_dir function * mlcustomize: Place powershell scripts into \Temp * mlcustomize: Inject qemu-ga & blnsvr into /Temp * mlcustomize: Write qemu-ga log file name to log.txt ==== iproute2 ==== Version update (6.9 -> 6.10) Subpackages: iproute2-bash-completion - Update to release 6.10 * ip: ipnexthop: Support dumping next hop group stats * ip: Support filter links with no VF info * ip: PFCP device support * ip link: hsr: Add support for passing information about INTERLINK device ==== kernel-firmware ==== Version update (20240728 -> 20240809) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20240809 (git commit 36db650dae03): * qcom: update path for video firmware for vpu-1/2/3.0 * QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00642 * rtw89: 8852c: add fw format-1 v0.27.97.0 * rtw89: 8852bt: add firmware 0.29.91.0 * amdgpu: Update ISP FW for isp v4.1.1 * mediatek: Update mt8195 SOF firmware * amdgpu: DMCUB updates for DCN314 * xe: First GuC release v70.29.2 for BMG * xe: Add GuC v70.29.2 for LNL * i915: Add GuC v70.29.2 for ADL-P, DG1, DG2, MTL, and TGL * i915: Update MTL DMC v2.22 * i915: update MTL GSC to v102.0.10.1878 * xe: Add BMG HuC 8.2.10 * xe: Add GSC 104.0.0.1161 for LNL * xe: Add LNL HuC 9.4.13 * i915: update DG2 HuC to v7.10.16 * amdgpu: Update ISP FW for isp v4.1.1 * QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00641 ==== kernel-source ==== Version update (6.10.3 -> 6.10.5) - Refresh patches.suse/Revert-ata-libata-scsi-Honor-the-D_SENSE-bit-for-CK_.patch. Update upstream status. - commit b7789d6 - netfilter: nfnetlink: Initialise extack before use in ACKs (netlink-crash). See: https://github.com/systemd/systemd/actions/runs/10282472628/job/28454253577?pr=33958#step:12:30 - commit da1090b - btrfs: fix invalid mapping of extent xarray state (git-fixes). - commit b18d7b9 - Linux 6.10.5 (bsc#1012628). - drm/amd/display: Refactor function dm_dp_mst_is_port_support_mode() (bsc#1012628). - locking/pvqspinlock: Correct the type of "old" variable in pv_kick_node() (bsc#1012628). - perf/x86/intel/cstate: Add Arrowlake support (bsc#1012628). - perf/x86/intel/cstate: Add Lunarlake support (bsc#1012628). - perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra Forest (bsc#1012628). - platform/x86: intel-vbtn: Protect ACPI notify handler against recursion (bsc#1012628). - irqchip/mbigen: Fix mbigen node address layout (bsc#1012628). - platform/x86/intel/ifs: Initialize union ifs_status to zero (bsc#1012628). - jump_label: Fix the fix, brown paper bags galore (bsc#1012628). - perf/x86/amd: Use try_cmpxchg() in events/amd/{un,}core.c (bsc#1012628). - perf/x86/intel: Support the PEBS event mask (bsc#1012628). - perf/x86: Support counter mask (bsc#1012628). - perf/x86: Fix smp_processor_id()-in-preemptible warnings (bsc#1012628). - selftests: ksft: Fix finished() helper exit code on skipped tests (bsc#1012628). - x86/mm: Fix pti_clone_pgtable() alignment assumption (bsc#1012628). - x86/mm: Fix pti_clone_entry_text() for i386 (bsc#1012628). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (bsc#1012628). - power: supply: rt5033: Bring back i2c_set_clientdata (bsc#1012628). - sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1012628). - net: pse-pd: tps23881: Fix the device ID check (bsc#1012628). - gve: Fix use of netif_carrier_ok() (bsc#1012628). - virtio-net: unbreak vq resizing when coalescing is not negotiated (bsc#1012628). - net: usb: qmi_wwan: fix memory leak for not ip packets (bsc#1012628). - net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1012628). - net: linkwatch: use system_unbound_wq (bsc#1012628). - net: dsa: microchip: Fix Wake-on-LAN check to not return an error (bsc#1012628). - ice: Fix reset handler (bsc#1012628). - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (bsc#1012628). - Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv monitor (bsc#1012628). - net/smc: add the max value of fallback reason count (bsc#1012628). - net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1012628). - idpf: fix memory leaks and crashes while performing a soft reset (bsc#1012628). - idpf: fix UAFs when destroying the queues (bsc#1012628). - l2tp: fix lockdep splat (bsc#1012628). - net: bcmgenet: Properly overlay PHY and MAC Wake-on-LAN capabilities (bsc#1012628). - net: fec: Stop PPS on driver remove (bsc#1012628). - net: pse-pd: tps23881: include missing bitfield.h header (bsc#1012628). - net: dsa: microchip: disable EEE for KSZ8567/KSZ9567/KSZ9896/KSZ9897 (bsc#1012628). - regmap: kunit: Fix memory leaks in gen_regmap() and gen_raw_regmap() (bsc#1012628). - gpio: prevent potential speculation leaks in gpio_device_get_desc() (bsc#1012628). - hwmon: corsair-psu: add USB id of HX1200i Series 2023 psu (bsc#1012628). - Revert "rcu-tasks: Fix synchronize_rcu_tasks() VS zap_pid_ns_processes()" (bsc#1012628). - platform/chrome: cros_ec_lpc: Add a new quirk for ACPI id (bsc#1012628). - rcutorture: Fix rcu_torture_fwd_cb_cr() data race (bsc#1012628). - md: do not delete safemode_timer in mddev_suspend (bsc#1012628). - md: change the return value type of md_write_start to void (bsc#1012628). - md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1012628). - debugobjects: Annotate racy debug variables (bsc#1012628). - nvme: apple: fix device reference counting (bsc#1012628). - block: change rq_integrity_vec to respect the iterator (bsc#1012628). - rcu: Fix rcu_barrier() VS post CPUHP_TEARDOWN_CPU invocation (bsc#1012628). - clocksource/drivers/sh_cmt: Address race condition for clock events (bsc#1012628). - ACPI: battery: create alarm sysfs attribute atomically (bsc#1012628). - ACPI: SBS: manage alarm sysfs attribute through psy core ... changelog too long, skipping 636 lines ... - commit b60be3e ==== kexec-tools ==== Version update (2.0.28 -> 2.0.29) - update to 2.0.29: * update man and --help * powerpc/kexec_load: add hotplug support * kexec_load: Use new kexec flag for hotplug support * x86-linux-setup.c: Use POSIX basename API * LoongArch: fix load command line segment error * LoongArch: add multi crash kernel segment support * LoongArch: fix kernel image size error * Arm: Fix add_buffer_phys_virt() align issue * Fix incorrect Free Software Foundation address in the license * util_lib/elf_info.c: fix a warning * kexec_file: add kexec_file flag to support debug printing * workflow: update to use checkout@v4 - drop kexec-dont-use-kexec_file_load-on-xen.patch, upstream - drop fix-building-on-x86_64-with-binutils-2.41.patch, upstream - kexec-tools-riscv-hotplug.patch: Fix build for riscv64. ==== lib2geom ==== - Add skip_failing_tests_gcc14.diff to fix more instable intersection tests. This allows the 32bit version of the package to be built with GCC14. ==== libadwaita ==== Version update (1.5.2 -> 1.5.3) Subpackages: libadwaita-1-0 typelib-1_0-Adw-1 - Update to version 1.5.3: + AdwAlertDialog: Expose body text as a11y description + AdwDialog: - Fix a memory leak - Speed up switching presentation + AdwPreferencesPage: Add an a11y relation to the description + AdwSpinRow: Set accessible role to presentation + AdwSwitchRow: Set accessible role to switch + AdwTabBar/Overview: Fix a use after free when closing tabs + Stylesheet: Fix a specificity issue with scrolled windows in popovers + Docs: - Don't annotate user_data params with closure - Fix typos in migrating to breakpoints page + Updated translations. ==== libass ==== Version update (0.17.1 -> 0.17.3) - Update to 0.17.3: * Fix 0.17.2 regression in the fontconfig fontprovider leading to undesirable widths being chosen from large typographic families * Fix configure generated with slibtool-provided autoconf macros * Fix make check for shared-only builds * Constify some API parameters in a backwards-compatible manner * Add new ass_malloc and ass_free API functions * Tweak default optimization flags * Speed up parsing of events with very long override blocks * Improve handling of HarfBuzz-related failures - reintroduce 'make check' as the issue has been fixed upstream - Update to 0.17.2: * This release brings optimized assembly routines for aarch64, as well as numerous individual improvements and fixes. * Detailed Changes: - Fix rendering of \h in certain cases - Fix a minor memory leak in the CoreText and DirectWrite font provider - Fix wrong ASS_Image dimensions for huge BorderStyle=4 backgrounds potentially leading to out of bound reads by API users - Improve quality of animated rectangular clips - Improve accuracy of cache limits - Full-Unicode cmaps are now always preferred - Improve font selection compatibility in the DirectWrite font provider - Improved documentation - Updating selective overrides now forces a cache clear to avoid issues with outdated caches - Frame and storage resolutions are now limited to what a single ASS_Image can represent - make check now runs checkasm if assembly is enabled - CoreText can now be used on Mac OS X 10.5 - Meson/muon is now offered as a secondary build system bringing back first-party MSVC support - Note however it is not at feature parity with autotools in all cases - aarch64: add optimized assembly routines covering the same set as on x86; they work on both little and big endian systems - x86: add SSSE3 versions of some assembly routines to help CPUs without AVX2 - x86: it is now possible to build binaries with optimized assembly an SHSTK support - Improve VSFilter compatibility - 'make check' is broken for --disable-static builds because checkasm needs to access symbols that aren't part of the public API, so just disable it. - Require libunibreak during build for better linebreaking of unicode text. ==== libei ==== Version update (1.2.1 -> 1.3.0) - Update to release 1.3.0 * Devices without regions or with multiple regions previously failed region checks for touch events and absolute pointer events (now fixed). * liboeffis's ConnectToEIS dbus call is now async to avoid stalling the client. * many clarifications for ambiguity in the protocol documentation. ==== libgphoto2 ==== Subpackages: libgphoto2-6 libgphoto2_port12 - Adding libgphoto2-c99.patch so that the package builds for 32bit with GCC 14. - Using %autosetup -p1 because this is the prefered way to apply patches. ==== libheif ==== Version update (1.18.1 -> 1.18.2) Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openjpeg libheif-rav1e libheif-svtenc libheif1 - update to 1.18.2: * fix regression that Exif orientation was not correctly reset when converting rotated HEIF (heif-dec) * swap Exif width/height when rotating image by 90 degrees * fix memory leak in OpenJPEG decoding plugin * pay attention to DESTDIR variable when installing heif-convert symlink ==== liblc3 ==== Version update (1.0.4 -> 1.1.1) - Update to version 1.1.1: + Wasm Compilation cleanup + build: fix rpath issue + Add build-macos-meson job + Bluetooth Conformance test updated for LC3 - Changes from version 1.1.0: + LC3 Plus features + Python library wrapper + Add WASM compilation target ==== libnftnl ==== Version update (1.2.6 -> 1.2.7) - Update to release 1.2.7 * Avoid potential use-after-free when clearing set's expression list * Avoid misc buffer overflows in attribute setters * Implement nftnl_obj_unset symbol already exported in libnftnl.map * Remove unimplemented symbols from libnftnl.map * Validate per-expression and per-object attribute value and data length * Fix synproxy object setter with unaligned data ==== libqt5-qtwebengine ==== - Add ffmpeg 7 compatibility patch (Picked from Arch): * qt5-webengine-ffmpeg7.patch ==== libshumate ==== Version update (1.2.2 -> 1.2.3) Subpackages: libshumate-1_0-1 typelib-1_0-Shumate-1_0 - Update to version 1.2.3: + Fix build with -Dvector_renderer=false ==== liburing ==== - Skip test buf-ring-nommap.t if ENOMEM appears (happens in ppc64le arch). * test-buf-ring-nommap-skip-the-test-on-queue-init-ENO.patch ==== libxml++30 ==== Version update (3.2.4 -> 3.2.5) - Update to version 3.2.5: + Documentation: - Update Visual Studio build docs - Parser docs: Add a link to parser options + Meson build: - Detect if we build from a git subtree - Don't copy files with configure_file() - Fix the evaluation of is_git_build on Windows - Backport libxml2 CMake support from libxml++-5.0 - Don't fail if warning_level=everything - Don't require the 'dot' command to build the documentation - Add the build-manual option - Add bcrypt dependency when libxml2 is a subproject + Build: Make it compatible with libxml2 >= 2.12.0 by modifying [#]include directives - Add check section and run meson_test macro. ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - lvm2-monitor.service fails to start (boo#1228854) + bug-1228854_lvm2-monitor-service-start-after-system-fully-booted.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - lvm2-monitor.service fails to start (boo#1228854) + bug-1228854_lvm2-monitor-service-start-after-system-fully-booted.patch ==== lz4 ==== - Switch to cmake build system: Creates extra cmake modules for consuming projects ==== makedumpfile ==== - add (bsc#1226183) * make-reserve_diskspace-do-nothing-for-flattened-form.patch ==== mutter ==== - Fix build if sle_version is defined: Patch3 no longer exists, and add back Patch4 for SLE builds that was mistakenly removed in last change. ==== ncurses ==== Version update (6.5.20240713 -> 6.5.20240810) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add patch fix-20240810.patch * Workaround for changes in last patch 20240810 that is provide GLOB_FULLPATH_POSIX and GLOB_FULLPATH_OTHER in status script - Add ncurses patch 20240810 + modify misc/Makefile.in and misc/run_tic.in so that $DESTDIR is set and used only in the makefile. + modify CF_WITH_PKG_CONFIG_LIBDIR to allow for pkg-config using DOS/Windows pathname syntax (report by Eli Zaretskii). + improve glob-expressions in configure script + remove unused Get_Menu_Screen() macro from menu.priv.h + update config.guess, config.sub - Add ncurses patch 20240727 + improve formatting/style of manpages (patches by Branden Robinson). + fixes for compiler warnings/cppcheck. + modify wattron/wattroff calls in form/m_post.c to call wattr_on and wattr_off to omit cast used in the former for X/Open compatibility (patch by Bill Gray). + modify wezterm, omitting its broken left/right margin feature (report by Thayne McCombs) -TD - Modify patch ncurses-6.4.dif to get offsets correct - Add ncurses patch 20240720 + improve formatting/style of manpages (patches by Branden Robinson). + modify configure script and misc/Makefile to accept glob expressions that include Windows/DOS drive-letters (report by Eli Zaretskii). + fix misspelled ifdef and correct return-value of _nc_mingw_tcflush in win_driver.c (report/patch by Eli Zaretskii). ==== openSUSE-release ==== Version update (20240812 -> 20240818) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== ovmf ==== Subpackages: qemu-uefi-aarch64 - Add ovmf-x86_64-sev flavor to X64 against AMD SEV. - Moved "-D SECURE_BOOT_ENABLE" from OVMF_FLAGS to EXTRA_FLAGS_X64, , BUILD_OPTIONS_X86, BUILD_OPTIONS_AA64 and BUILD_OPTIONS_RV64 because SEV can NOT work with secure boot. - Removed ovmf-Revert-OvmfPkg-PlatformPei-Update-ReserveEmuVariable.patch because the SEV ovmf be separated from X64 ovmf as an independent flavor. - The original patch reverts "58eb8517ad OvmfPkg/PlatformPei: Update ReserveEmuVariableNvStore" which affects all ovmf flavor. - The secure boot be disabled in SEV flavor, so we do not need revert 58eb8517ad anymore. (bsc#1209266) - Add 50-ovmf-x86_64-sev.json to descriptors.tar.xz for SEV flavor - Removed features tag: "acpi-s3", "requires-smm", "secure-boot", "enrolled-keys" - Add features tag: "amd-sev", "amd-sev-es", "amd-sev-snp" ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - Remove nfsidmap, package got dropped - Remove nfs-client and autofs: in most scenarios, especially desktops, no longer used, but pull in many "deprecated" packages ==== patterns-media ==== Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd - Ensure autofs is on the DVD: it is tested by openQA in staging. ==== pcre2 ==== Version update (10.43 -> 10.44) Subpackages: libpcre2-16-0 libpcre2-32-0 libpcre2-8-0 - Fix GitHub issue #415: Test suite fails when targeting i686. The fix is taken straight from PR #418, also on GitHub. - Add patch file: * pcre2-10.44-github-issue-415.patch - update to 10.44: * This is mostly a bug-fix and tidying release. There is one new function, to set a maximum size for a compiled pattern. The maximum name length for groups is increased to 128. * Some auxiliary files for building under VMS are added. ==== php8 ==== Version update (8.3.9 -> 8.3.10) Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - version update to 8.3.10 Core: Fixed bug GH-13922 (Fixed support for systems with sysconf(_SC_GETPW_R_SIZE_MAX) == -1). Fixed bug GH-14626 (Fix is_zend_ptr() for huge blocks). Fixed bug GH-14590 (Memory leak in FPM test gh13563-conf-bool-env.phpt. Fixed OSS-Fuzz #69765. Fixed bug GH-14741 (Segmentation fault in Zend/zend_types.h). Fixed bug GH-14969 (Use-after-free in property coercion with __toString()). Dom: Fixed bug GH-14702 (DOMDocument::xinclude() crash). Fileinfo: Fixed bug GH-14888 (README.REDIST.BINS refers to non-existing LICENSE). Gd: ext/gd/tests/gh10614.phpt: skip if no PNG support. restored warning instead of fata error. LibXML: Fixed bug GH-14563 (Build failure with libxml2 v2.13.0). Opcache: Fixed bug GH-14550 (No warning message when Zend DTrace is enabled that opcache.jit is implictly disabled). Output: Fixed bug GH-14808 (Unexpected null pointer in Zend/zend_string.h with empty output buffer). PDO: Fixed bug GH-14712 (Crash with PDORow access to null property). Phar: Fixed bug GH-14603 (null string from zip entry). PHPDBG: Fixed bug GH-14596 (crashes with ASAN and ZEND_RC_DEBUG=1). Fixed bug GH-14553 (echo output trimmed at NULL byte). Shmop: Fixed bug GH-14537 (shmop Windows 11 crashes the process). SPL: Fixed bug GH-14639 (Member access within null pointer in ext/spl/spl_observer.c). Standard: Fixed bug GH-14775 (range function overflow with negative step argument). Fix 32-bit wordwrap test failures. Fixed bug GH-14774 (time_sleep_until overflow). Streams: Fixed bug GH-14930 (Custom stream wrapper dir_readdir output truncated to 255 characters in PHP 8.3). Tidy: Fix memory leak in tidy_repair_file(). Treewide: Fix compatibility with libxml2 2.13.2. XML: Move away from to-be-deprecated libxml fields. Fixed bug GH-14834 (Error installing PHP when --with-pear is used). ==== polkit ==== Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 pkexec typelib-1_0-Polkit-1_0 - BuildRequire gettext-devel instead of gettext: Allows OBS to shortcut throught gettext-runtime-mini. ==== protobuf ==== Subpackages: libprotobuf-lite25_4_0 libprotobuf25_4_0 - tweak and correct how minimum version of abseil is specified (20230125 to 20230125.3) - Remove explicit requirements of the protobuf-devel package, as the they are autogenerated when needed ==== protobuf-c ==== - BuildRequire a C++ compiler, previously pulled in via protobuf ==== ptools ==== - Added fix-32bit-cast.diff which replaces a cast which is OK for 64bit targets but not for 32 bit targets to make the package buildable with GCC 14 on i586. ==== python-M2Crypto ==== Version update (0.40.0 -> 0.42.0) - Update 0.42.0: - allow ASN1_{Integer,String} be initialized directly - minimal infrastructure for type hints for a C extension and some type hints for some basic modules - time_t on 32bit Linux is 32bit (integer) not 64bit (long) - EOS for CentOS 7 - correct checking for OpenSSL version number on Windows - make compatible with Python 3.13 (replace PyEval_CallObject with PyObject_CallObject) - fix typo in extern function signature (and proper type of engine_ctrl_cmd_string()) - move the package to Sorucehut - setup CI to use Sourcehut CI - setup CI on GitLab for Windows as well (remove Appveyor) - initial draft of documentation for migration to pyca/cryptography - fix Read the Docs configuration (contributed kindly by Facundo Tuesca) - Remove upstreamed 32bit_ASN1_Time.patch - Remove python-M2Crypto.keyring, because PyPI broke GPG support ==== python-anyio ==== Version update (4.3.0 -> 4.4.0) - update to 4.4.0: * Added the BlockingPortalProvider class to aid with constructing synchronous counterparts to asynchronous interfaces that would otherwise require multiple blocking portals * Added __slots__ to AsyncResource so that child classes can use __slots__ * Added the TaskInfo.has_pending_cancellation() method * Fixed erroneous RuntimeError: called 'started' twice on the same task status when cancelling a task in a TaskGroup created with the start() method before the first checkpoint is reached after calling task_status.started() * Fixed two bugs with TaskGroup.start() on asyncio: Fixed erroneous RuntimeError: called 'started' twice on the same task status when cancelling a task in a TaskGroup created with the start() method before the first checkpoint is reached after calling task_status.started() (#706; PR by Dominik Schwabe) Fixed the entire task group being cancelled if a TaskGroup.start() call gets cancelled (#685, #710) * Fixed erroneous RuntimeError: called 'started' twice on the same task status when cancelling a task in a TaskGroup created with the start() method before the first checkpoint is reached after calling task_status.started() * Fixed the entire task group being cancelled if a TaskGroup.start() call gets cancelled * Fixed a race condition that caused crashes when multiple event loops of the same backend were running in separate threads and simultaneously attempted to use AnyIO for their first time * Fixed cancellation delivery on asyncio incrementing the wrong cancel scope's cancellation counter when cascading a cancel operation to a child scope, thus failing to uncancel the host task * Fixed erroneous TypedAttributeLookupError if a typed attribute getter raises KeyError * Fixed the asyncio backend not respecting the PYTHONASYNCIODEBUG environment variable when setting the debug flag in anyio.run() * Fixed SocketStream.receive() not detecting EOF on asyncio if there is also data in the read buffer * Fixed MemoryObjectStream dropping an item if the item is delivered to a recipient that is waiting to receive an item but has a cancellation pending * Emit a ResourceWarning for MemoryObjectReceiveStream and MemoryObjectSendStream that were garbage collected without being closed (PR by Andrey Kazantcev) * Fixed MemoryObjectSendStream.send() not raising BrokenResourceError when the last corresponding MemoryObjectReceiveStream is closed while waiting to send a falsey item ==== python-argcomplete ==== - require ca-certificates-mozilla for the pip >= 24.2 ==== python-cryptography ==== - Fix building optimized binaries with debuginfo. - Update building of Rust modules to use modern cargo_vendor service - Remove unneeded use-offline-build.patch ==== qt6-webengine ==== Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports - Add patch to build qtwebengine with ffmpeg 7 (picked from Arch) * qtwebengine-ffmpeg-7.patch ==== rdma-core ==== Version update (52.0 -> 53.0) Subpackages: libefa1 libhns1 libibverbs libibverbs1 libmana1 libmlx4-1 libmlx5-1 librdmacm1 rdma-ndd - Update to rdma-core v53.0 - No release notes available - Remove Added-suffix-libdrm-to-CMakeLists.txt-for-drm.patch as it was merged upstream. ==== selinux-policy ==== Version update (20240809 -> 20240814) Subpackages: selinux-policy-targeted - Update to version 20240814: * Dontaudit dac_override of fstab generator (bsc#1229127) - Drop varrun-convert.sh script as it causes issues with container-selinux update (bsc#1228951) - Update to version 20240812: * Update libvirt policy * Add port 80/udp and 443/udp to http_port_t definition * Additional updates stalld policy for bpf usage * Label systemd-pcrextend and systemd-pcrlock properly * Allow coreos_installer_t work with partitions * Revert "Allow coreos-installer-generator work with partitions" * Add policy for systemd-pcrextend * Update policy for systemd-getty-generator * Allow ip command write to ipsec's logs * Allow virt_driver_domain read virtd-lxc files in /proc * Revert "Allow svirt read virtqemud fifo files" * Update virtqemud policy for libguestfs usage * Allow virtproxyd create and use its private tmp files * Allow virtproxyd read network state * Allow virt_driver_domain create and use log files in /var/log * Allow samba-dcerpcd work with ctdb cluster * Allow NetworkManager_dispatcher_t send SIGKILL to plugins * Allow setroubleshootd execute sendmail with a domain transition * Allow key.dns_resolve set attributes on the kernel key ring * Update qatlib policy for v24.02 with new features * Label /var/lib/systemd/sleep with systemd_sleep_var_lib_t * Allow tlp status power services * Allow virtqemud domain transition on passt execution * Allow virt_driver_domain connect to systemd-userdbd over a unix socket * Allow boothd connect to systemd-userdbd over a unix socket * Update policy for awstats scripts * Allow bitlbee execute generic programs in system bin directories * Allow login_userdomain read aliases file * Allow login_userdomain read ipsec config files * Allow login_userdomain read all pid files * Allow rsyslog read systemd-logind session files * Allow libvirt-dbus stream connect to virtlxcd ==== sensors ==== Subpackages: libsensors4 - Drop lm_sensors-revert-6b5a19b708.patch because the previously incompatible types have been changed in the callee in package rrdtool too, which means that there is a type incompatibility again. Because the other change reportedly makes more sense, I'm dropping this one. ==== shadow ==== Subpackages: libsubid5 login_defs - Disable flushing sssd caches. The sssd's files provider is no longer available. ==== suse-module-tools ==== Version update (16.0.48 -> 16.0.49) Subpackages: suse-module-tools-scriptlets - Update to version 16.0.49: * Require sdbootutil if already installed ==== sysvinit ==== Version update (3.08 -> 3.10) - Add patch killproc-2.23.dif * Fix shell command in Makefile to get detection statx declaration correct - Update to sysvinit 3.10 * When the user executes "machinectl stop", systemd sends SIGRTMIN+4 to PID 1 in the container, and expects that to initiate a graceful shutdown (power-off). SysV init now catches this signal and initiates a shutdown (shutdown -hP now). - floppym provided patch to accomplish this. * Fix issue in bootlogd which could cause the service to enter an endless loop (and use too much CPU) when it is able to open a device for writing, but not actually able to write to it. This resulted in bootlogd closing and re-opening the device over and over. Now bootlogd should simply fail gracefully when it cannot write to an open file/device. * Fix formatting in shutdown.8 manual page. Cleaned up whitespace and special characters. * Patch for man/Makefile to fix the clean recipe. Provided by Lucas Nussabaum and Mark Hindley * On Linux systems, allow reboot command to pass a message to the system firmware during the restart. This is accomplished with the -m flag. * Patch from kraj which allows hddown to compile when musl is the C library. ==== texlive ==== - Add patch source-pdftex-gcc14.patch * Add fix in change file pdftex.ch to really fix boo#1228342 (Thanks goes to Andreas Scherer) - Remove former work around - Added -Wno-error=incompatible-pointer-types to optflags to work around boo#1228342 and enable build with GCC 14 on 32bit architectures. ==== totem-pl-parser ==== Version update (3.26.6 -> 3.26.6+30) Subpackages: libtotem-plparser-mini18 libtotem-plparser18 typelib-1_0-TotemPlParser-1_0 - Update to version 3.26.6+30: + plparser: - Fix guard return type. - Fix TotemPlParserMetadata in bindings. - Fix return value from cancelled calls. - Fix retval when guard are triggered. + Various test fixes. + Updated translations. - Add pkgconfig(uchardet) BuildRequires and pass enable-uchardet=yes to meson, build ucharded support. - Use ldconfig_scriptlets macro for post(un) handling. ==== unbound ==== Version update (1.20.0 -> 1.21.0) Subpackages: libunbound8 unbound-anchor - Update to 1.21.0: Security Fixes: * Merge #1073: fix null pointer dereference issue in function ub_ctx_set_fwd. [CVE-2024-43167, bsc#1229068] Features: * Fix #1071: [FR] Clear both in-memory and cachedb module cache with `unbound-control flush*` commands. * Fix #144: Port ipset to BSD pf tables. * Add dnstap-sample-rate that logs only 1/N messages, for high volume server environments. Thanks Dan Luther. * Add root key 38696 from 2024 for DNSSEC validation. It is added to the default root keys in unbound-anchor. The content can be inspected with `unbound-anchor -l`. * Merge #1090: Cookie secret file. Adds `cookie-secret-file: "unbound_cookiesecrets.txt"` option to store cookie secrets for EDNS COOKIE secret rollover. The remote control add_cookie_secret, activate_cookie_secret and drop_cookie_secret commands can be used for rollover, the command print_cookie_secrets shows the values in use. Bug Fixes: * Fix CAMP issues with global quota. Thanks to Huayi Duan, Marco Bearzi, Jodok Vieli, and Cagin Tanir from NetSec group, ETH Zurich. * Fix CacheFlush issues with limit on NS RRs. Thanks to Yehuda Afek, Anat Bremler-Barr, Shoham Danino and Yuval Shavitt (Tel-Aviv University and Reichman University). * Merge #1062: Fix potential overflow bug while parsing port in function cfg_mark_ports. * Fix for #1062: declaration before statement, avoid print of null, and redundant check for array size. * Fix to squelch udp connect errors in the log at low verbosity about invalid argument for IPv6 link local addresses. * Fix when the mesh jostle is exceeded that nameserver targets are marked as resolved, so that the lookup is not stuck on the requestlist. * Add missing common functions to tdir tests. * Merge #1070: Fix rtt assignement for low values of infra-cache-max-rtt. * Merge #1069: Fix unbound-control stdin commands for multi-process Unbounds. * Fix unbound-control commands that read stdin in multi-process operation (local_zones_remove, local_zones, local_datas_remove, local_datas, view_local_datas_remove, view_local_datas). They will be properly distributed to all processes. dump_cache and load_cache are no longer supported in multi-process operation. * Remove testdata/remote-threaded.tdir. testdata/09-unbound-control.tdir now checks both single and multi process/thread operation. * Fix to print a parse error when config is read with no name for a forward-zone, stub-zone or view. * Fix for parse end of forward-zone, stub-zone and view. * Fix for #1064: Fix that cachedb expired messages are considered insecure, and thus can be served to clients when dnssec is enabled. * Fix #1059: Intermittent DNS blocking failure with local-zone and always_nxdomain. Addition of local_zones dynamically via unbound-control was not finding the zone's parent correctly. * Fix #1064: Unbound 1.20 Cachedb broken? * Fix unused variable warning on compilation with no thread support. * unbound-control-setup: check openssl availability before doing anything, patch from Michael Tokarev. * Update patch to remove 'command' shell builtin and update error text. * Fix to enable that SERVFAIL is cached, for a short period, for more cases. In the cases where limits are exceeded. * Fix spelling of tcp-idle-timeout docs, from Michael Tokarev. * Merge #1078: Only check old pid if no username. * Fix #1079: tags from tagged rpz zones are no longer honored after upgrade from 1.19.3 to 1.20.0. * Fix for #1079: fix RPZ taglist in iterator callback that no client info is like no taglist intersection. * Fix to squelch connection reset by peer errors from log. And fix that the tcp read errors are labeled as initial for the first calls. * Merge #1080: AddressSanitizer detection in tdir tests and memory leak fixes. * Fix memory leak when reload_keep_cache is used and num-threads changes. * Fix memory leak on exit for unbound-dnstap-socket; creates false negatives during testing. * Fix memory leak in setup of dsa sig. * Fix typos for 'the the' in text. * Fix validation for repeated use of a DNAME record. * Add unit test for validation of repeated use of a DNAME record. * Fix #1091: Build fails with OpenSSL >= 3.0 built with OPENSSL_NO_DEPRECATED. * Fix #1092: Ubuntu 22.04 Jammy fails to compile unbound 1.20.0; by adding helpful text for the Python interpreter version and allowing the default pkg-config unavailability error message to be shown. * Fix pkg-config availability check in dnstap/dnstap.m4 and systemd.m4. * Explicitly set the RD bit for the mesh query flags when prefetching. These queries have no waiting client but they need to be treated as recursive. * Fix ip-ratelimit-cookie setting, it was not applied. * Fix to remove unused include from the readzone test program. ... changelog too long, skipping 91 lines ... example.conf. ==== virt-v2v ==== Version update (2.5.5 -> 2.5.6) Subpackages: virt-v2v-bash-completion - Update to virt-v2v 2.5.6 (jsc#PED-6305) * -i ova: Ignore dot-underscore-files in OVA files * mlcustomize: firstboot: Use Linux path for Powershell script path * mlcustomize: firstboot: Use powershell.exe instead of path * mlcustomize: firstboot: Use Powershell -NoProfile flag * mlcustomize: Revert delay installation of qemu-ga MSI * --mac: Allow gw and len fields to be empty * Debugging enhancements ==== webkit2gtk3 ==== Version update (2.44.2 -> 2.44.3) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.44.3: + Fix web process cache suspend/resume when sandbox is enabled. + Fix accelerated images dissapearing after scrolling. + Fix video flickering with DMA-BUF sink. + Fix pointer lock on X11. + Fix movement delta on mouse events in GTK3. + Undeprecate console message API and make it available in 2022 API. + Fix several crashes and rendering issues. - Drop patches now upstream: 9d5844679af8f84036f1b800307e799bd7ab73ba.patch webkit2gtk3-CVE-2024-40776.patch webkit2gtk3-CVE-2024-40779.patch webkit2gtk3-CVE-2024-40780.patch webkit2gtk3-CVE-2024-40782.patch ==== wtmpdb ==== Version update (0.13.0+git.20240726 -> 0.13.0+git.20240814) Subpackages: libwtmpdb0 - Update to version 0.13.0+git.20240814: * wtmpdb-update-boot service requires dbus ==== xdm ==== - sysconfig/windowmanager is deprecated since 7 years, don't read it if it does not exist. ==== xfce4-notifyd ==== Version update (0.9.4 -> 0.9.6) Subpackages: xfce4-notifyd-lang - update to 0.9.6: * Use shared_module() for panel plugin meson build * Fix menu being destroyed before item activation handlers running * Translation Updates - update to 0.9.5: * Add an option to set the minimum width of notification windows * Fix include issue with meson build * Only emblem the panel plugin icon when theme lacks the 'new' variant * Destroy and recreate the panel menu every time it's popped up * Add meson build files * Fix uninitialized field warning * Move NOTIFICATIONS_SPEC_VERSION out of the build system * Remove redundant positioning code from Wayland path * Use different layer-shell anchors on Wayland * build: clang: Silence -Wcast-align * common: Explicitly depend on gio-unix-2.0 * Fix positioning on Wayland in multi-monitor setups * Set output on layer-shell surface on Wayland * Fix active-monitor notification positioning on Wayland * Translation Updates - Rebase xfce4-notifyd-relax-x11-version.patch ==== xfwm4 ==== Subpackages: xfwm4-lang - Fix user-after-free in tabwinRemoveClient with ce9f6e1187867c4fbb7935e08a9ab4d9d8dea8c3.patch (bsc#1228524) ==== yast2-bootloader ==== Version update (5.0.10 -> 5.0.11) - add arm and riscv64 as not supported for secure boot (bsc#1229070) - 5.0.11 - Rename menue_timeout (menĂ¼) to menu_timeout - Reference in text messages to menu