Packages changed: Mesa Mesa-drivers MozillaFirefox (129.0 -> 129.0.1) NetworkManager aaa_base (84.87+git20240809.5d13eb4 -> 84.87+git20240821.fbabe1d) apparmor audit-secondary bind (9.20.0 -> 9.20.1) bluez (5.71 -> 5.77) dbus-1 dracut (059+suse.636.g9a22b6b0 -> 059+suse.639.g49307b2a) ffmpeg-7 fwupd (1.9.23 -> 1.9.24) gnome-desktop (44.0 -> 44.1) gstreamer (1.24.6 -> 1.24.7) gstreamer-plugins-bad (1.24.6 -> 1.24.7) gstreamer-plugins-base (1.24.6 -> 1.24.7) gstreamer-plugins-libav (1.24.6 -> 1.24.7) gstreamer-plugins-ugly (1.24.6 -> 1.24.7) inn kmod (32 -> 33) libapparmor libheif liblouis (3.29.0 -> 3.30.0) libreoffice (24.2.5.2 -> 24.8.0.3) libtirpc (1.3.4 -> 1.3.5) nfs-utils openSUSE-release (20240820 -> 20240825) openjpeg2 rpcbind (1.2.6 -> 1.2.7) samba (4.20.2+git.350.4cfcde9cdb -> 4.20.4+git.356.d4a5fa2a818) selinux-policy (20240816 -> 20240823) spacenavd (1.2 -> 1.3) systemd-presets-common-SUSE yast2-storage-ng (5.0.15 -> 5.0.16) yast2-users (5.0.1 -> 5.0.2) === Details === ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - fix build with current rust-bindgen * u_fix_rust_bindgen.patch ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva - fix build with current rust-bindgen * u_fix_rust_bindgen.patch ==== MozillaFirefox ==== Version update (129.0 -> 129.0.1) - Mozilla Firefox 129.0.1 * Fixed playback issues on some websites with copyrighted video served via digital rights management. (bmo#1911283) * Fixed a crash when dragging a video file onto some websites (bmo#1910990) ==== NetworkManager ==== Subpackages: NetworkManager-bluetooth NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Add NetworkManager-dont-enforce-ip-cleanup-on-device-deactivating.patch: device: don't enforce IP cleanup on deactivating state (bsc#1228154, glfd#NetworkManager/NetworkManager!2016). ==== aaa_base ==== Version update (84.87+git20240809.5d13eb4 -> 84.87+git20240821.fbabe1d) Subpackages: aaa_base-extras - Update to version 84.87+git20240821.fbabe1d: * Add helper service for soft-reboot ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== audit-secondary ==== Subpackages: audit python3-audit system-group-audit - Remove rcaudit symlink [jsc#PED-266] ==== bind ==== Version update (9.20.0 -> 9.20.1) Subpackages: bind-doc bind-utils - Update to release 9.20.1 New Features: * Implement rndc retransfer -force. * A new optional argument -force has been added to the command rndc retransfer. When it is specified, named aborts the ongoing zone transfer (if there is one) and starts a new transfer. * dig now reports a missing QUESTION section for messages with opcode QUERY. * Query responses should contain the QUESTION section, with some exceptions. dig was not reporting this. Feature Changes: * Tighten max-recursion-queries and add max-query-restarts configuration statement. * There were cases when the max-recursion-queries quota was ineffective. It was possible to craft zones that would cause a resolver to waste resources by sending excessive queries while attempting to resolve a name. This has been addressed by correcting errors in the implementation of max-recursion-queries and by reducing the default value from 100 to 32. * In addition, a new max-query-restarts configuration statement has been added, which limits the number of times a recursive server will follow CNAME or DNAME records before terminating resolution. This was previously a hard-coded limit of 16 but is now configurable with a default value of 11. * ISC would like to thank Huayi Duan, Marco Bearzi, Jodok Vieli, and Cagin Tanir from NetSec group, ETH Zurich for discovering and notifying us about the issue. * Allow shorter resolver-query-timeout configuration. * The minimum allowed value of resolver-query-timeout was lowered from its previous value of 10 000 milliseconds (which is still the default) to 301 milliseconds. Note however that values of 1 to 300 inclusive are interpreted as seconds before applying the limit. A value of zero is interpreted as the default. * Raise the log level of priming failures. * When a priming query is complete, it was previously logged at level DEBUG(1), regardless of success or failure. It is now logged to NOTICE in the case of failure. Bug Fixes: * Fix a crash caused by valid TSIG signatures with invalid time. * An assertion failure was triggered when the TSIG had a valid cryptographic signature but the time was invalid. This could happen when the times between the primary and secondary servers were not synchronised. The crash has now been fixed. * Return SERVFAIL for a too long CNAME chain. * When following long CNAME chains, named was returning NOERROR (along with a partial answer) instead of SERVFAIL, if the chain exceeded the maximum length. This has been fixed. * Reconfigure catz member zones during named reconfiguration. * During a reconfiguration, named wasn’t reconfiguring catalog zones’ member zones. This has been fixed. * Update key lifetime and metadata after dnssec-policy reconfiguration. * Adjust key state and timing metadata if dnssec-policy key lifetime configuration is updated, so that it also affects existing keys. * Fix a crash during zone modification. * Fix an assertion failure that could happen when an authoritative zone was modified while the server was generating an answer from that zone. * Fix assertion failure when executing named-checkconf -v to print its version. * Fix generation of 6to4-self name expansion from IPv4 address. * The period between the most significant nibble of the encoded IPv4 address and the 2.0.0.2.IP6.ARPA suffix was missing, resulting in the wrong name being checked. This has been fixed. * dig +yaml was producing unexpected and/or invalid YAML. output. * SVBC ALPN text parsing failed to reject zero-length ALPN. * Fix false QNAME minimisation error being reported. * Remove the false positive success resolving log message when QNAME minimisation is in effect and the final result is an NXDOMAIN. * Fix --enable-tracing build on systems without dtrace. * A missing util/dtrace.sh file prevented builds on systems without the dtrace utility. This has been corrected. ==== bluez ==== Version update (5.71 -> 5.77) Subpackages: bluez-auto-enable-devices bluez-cups bluez-obexd bluez-zsh-completion libbluetooth3 - add bluez-no-cups-devel-buildreq.patch to avoid cups-devel buildrequires which results in an excessive build loop - update to 5.77: * Fix issue with storing and handling connection parameters. * Fix issue with handling device that are marked as temporary. * Fix issue with HID and special handling for non-keyboards. * Fix issue with BR/EDR not support when discoverable is off. * Add support for initial implementation of ASHA profile. * Fix issue with broadcast channel location and stream capabilities. * Fix issue with handling BIS management and synchronization. * Fix issue with handling Extended Advertising. * Fix issue with UserspaceHID and replay structures. * Add support for providing PPCP characteristic. * Fix issue with build system and header inclusion. * Fix issue with not enabling Wideband Speech when available. * Fix issue with UserspaceHID and Bluetooth Classic devices. * Fix issue with checking for services being connected. * Fix issue with GATT client connection creation. * Fix issue with OBEX and small file transfers. * Fix issue with handling pairing with Apple AirPods. * Fix issue with BAP and setting up broadcast source. * Fix issue with BAP and register all endpoints. * Fix issue with BAP and missing metadata property. * Fix issue with BAP and not handling out of order responses. * Fix issue with BAP and attempting to set device as connectable. * Add support for CCP plugin for call control profile. * Fix issue with BAP and handling stream IO linking. * Fix issue with BAP and setup of multiple streams per endpoint. * Fix issue with AVDTP and potential incorrect transaction label. * Fix issue with A2DP and handling crash on suspend. * Fix issue with GATT database and an invalid pointer. * Add support for AICS service. - drop bluez-test-2to3.diff, bluez-cups-libexec.patch: upstream has different solutions for ages, use those instead - drop fix-link-key-address-type.patch, fix-a2dp-suspend-crash.patch: upstream - add fix-a2dp-suspend-crash.patch (Issue #701 in upstream) ==== dbus-1 ==== Subpackages: dbus-1-common dbus-1-daemon dbus-1-tools libdbus-1-3 - Drop feature-suse-auto-socket-target-wants.patch and use the filesystem instead, this works more consistenly with dbus-broker - Add RH/Fedora compat provides dbus-libs to library package needed by Mullvad - Add feature-suse-auto-socket-target-wants.patch: move from static enable symlinks to systemd created symlinks otherwise it can't be enabled by systemd-presets-common-SUSE - Update feature-suse-refuse-manual-start-stop.patch: prevent killing the socket or user service aswell - common: dbus.socket still gets used after migration to dbus-broker so keep pre/post/postun scriptlets - Explicitly require /usr/bin/cmp for the post scripts instead of diffutils: allow other implementations like busybox-diffutils to be acceptable. - No longer start or offer starting dbus as a system service dbus-broker will be the only supported system dbus. Although the existing daemon will stay as some things (gdm) require dbus-run-session ==== dracut ==== Version update (059+suse.636.g9a22b6b0 -> 059+suse.639.g49307b2a) - Update to version 059+suse.639.g49307b2a: * feat(systemd*): include systemd config files from /usr/lib/systemd (bsc#1228398) ==== ffmpeg-7 ==== Subpackages: libavcodec61 libavfilter10 libavformat61 libavutil59 libpostproc58 libswresample5 libswscale8 - Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch to resolve build failure on armv7 [boo#1229338] ==== fwupd ==== Version update (1.9.23 -> 1.9.24) Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.9.24: + This release fixes the following bugs: - Add support for capsule on disk for Dell systems - Do not re-use the connection cache to fix Redfish BMC restart - Exclude known recovery partitions when choosing an ESP volume - Fix the VLI usb3 private flag registration + This release adds support for the following hardware: - More Mediatek scaler devices - Parade USB hubs ==== gnome-desktop ==== Version update (44.0 -> 44.1) Subpackages: libgnome-desktop-3-20 libgnome-desktop-3_0-common libgnome-desktop-4-2 typelib-1_0-GnomeBG-4_0 typelib-1_0-GnomeDesktop-4_0 - Update to version 44.1: + Fix compatibility with muslc + Fix GNOME_DESKTOP_IS_THUMBNAIL_FACTORY + Update default Indic input methods + Use ibus-chewing as the default input source for zh_TW + Updated translations. - Rebase gnome-desktop-switch-Japanese-default-input-to-mozc.patch ==== gstreamer ==== Version update (1.24.6 -> 1.24.7) Subpackages: gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.24.7: + Highlighted bugfixes: - Fix APE and Musepack audio file and GIF playback with FFmpeg 7.0 - playbin3: Fix potential deadlock with multiple playbin3s with glimagesink used in parallel - qt6: various qmlgl6src and qmlgl6sink fixes and improvements - rtspsrc: expose property to force usage of non-compliant setup URLs for RTSP servers where the automatic fallback doesn't work - urisourcebin: gapless playback and program switching fixes - v4l2: various fixes - va: Fix potential deadlock with multiple va elements used in parallel - meson: option to disable gst-full for static-library build configurations that do not need this - Various bug fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - bin: Don't keep the object lock while setting a GstContext when handling NEED_CONTEXT - core: Log pad name, not just the pointer ==== gstreamer-plugins-bad ==== Version update (1.24.6 -> 1.24.7) Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.24.7: + aom: av1enc: restrict allowed input width and height + h264parse: - bypass check for length_size_minus_one - Reject FD received before SPS + msdk: replace strcmp with g_strcmp0 + msdkvc1dec crashes (segfault) + rsvgoverlay: add debug category + va: - don't use GST_ELEMENT_WARNING in set_context() vmethod to fix potential deadlock - deadlock when playing two videos at once + webrtc: Add missing G_BEGIN/END_DECLS in header for C++ + wpe: initialize threading.ready before reading it - Drop 85b4fbf40b1d53a4141941abf70d2d4d83eb140e.patch: Fixed upstream. ==== gstreamer-plugins-base ==== Version update (1.24.6 -> 1.24.7) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.24.7: + pbutils: descriptions: use subsampling factor to get YUV subsampling + rtspconnection: Handle invalid argument properly + urisourcebin: - Actually drop EOS on old-school pad switch - Don't hold lock when emitting about-to-finish + gst-launch deadlock with two playbin3s + xvimagesink: Fix crash in pool on error - Add gst-plugins-base-decodebin3-collection-identity-check.patch: - Fixes a assertion causing crash on track change. Upstream bug: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3742 ==== gstreamer-plugins-libav ==== Version update (1.24.6 -> 1.24.7) - Update to version 1.24.7: + avdemux: Fix deadlock with FFmpeg 7.x when serialized events are received from upstream while opening, such as e.g. APE files with tags + libav: return EOF when stream is out of data + avdemux: Never return 0 from read function, which would lead to infinite loops ==== gstreamer-plugins-ugly ==== Version update (1.24.6 -> 1.24.7) - Update to version 1.24.7: + No changes, stable version bump only. ==== inn ==== - replace /var/run/news with /run/news in /usr/lib/tmpfiles.d/inn.conf * avoid warning: Line references path below legacy directory /var/run ==== kmod ==== Version update (32 -> 33) Subpackages: kmod-bash-completion libkmod2 - Update to release 33 * Add weak dependencies * Stop parsing .alias files from modprobe.d directories - Delete no-stylesheet-download.patch (merged) - Add 0001-testsuite-fix-path-for-test-user.patch ==== libapparmor ==== - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== libheif ==== Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openjpeg libheif-rav1e libheif-svtenc libheif1 - Add heif-convert to the files list of the heif-examples sub-package ==== liblouis ==== Version update (3.29.0 -> 3.30.0) Subpackages: liblouis-data liblouis20 python3-louis - Update to version 3.30.0: + Many changes. See NEWS. - Drop s390x-support.patch: fixed upstream. - Add m4 to BuildRequires. It is needed to build some of the translation tables. ==== libreoffice ==== Version update (24.2.5.2 -> 24.8.0.3) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-en libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-qt6 libreoffice-writer libreofficekit - Make the libassuan requirement more generic (bsc#1229103) - Update to 24.8.0.3 (24.8.0 final) https://wiki.documentfoundation.org/Releases/24.8.0/Beta1, https://wiki.documentfoundation.org/Releases/24.8.0/RC1, https://wiki.documentfoundation.org/Releases/24.8.0/RC2 and https://wiki.documentfoundation.org/Releases/24.8.0/RC3 - Removed patches: * cve-2024-5261.patch * icu-74-compatibility.patch * pdfium-optional.patch * use-fixmath-shared-library.patch + not needed with this version ==== libtirpc ==== Version update (1.3.4 -> 1.3.5) Subpackages: libtirpc-netconfig libtirpc3 - update to 1.3.5: * Try using a new abstract address when connecting to rpcbind * Change local_rpcb() to take a targaddr pointer. * Allow working with abstract AF_UNIX addresses. * rpcb_clnt.c: memory leak in destroy_addr * _rpc_dtablesize: Decrease the value of size. * netconfig: remove tcp6, udp6 on --disable-ipv6 * gssapi: fix rpc_gss_seccreate passed in cred * Revert commit f5b6e6fdb1e6 "gss-api: expose gss major/minor error in authgss_refresh()". ==== nfs-utils ==== Subpackages: libnfsidmap1 nfs-client nfs-kernel-server - add 0001-gssd-revert-commit-a5f3b7ccb01c.patch, 0002-gssd-revert-commit-513630d720bd.patch, 0003-gssd-switch-to-using-rpc_gss_seccreate.patch, 0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch, 0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch, 0006-configure-check-for-rpc_gss_seccreate.patch: fixes for libtirpc 1.3.5 ==== openSUSE-release ==== Version update (20240820 -> 20240825) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openjpeg2 ==== - Make version check for the work around reliable to not silently match Factory/Tumbleweed. - Work around a bug by cmake installing docs into the wrong directory when building for openSUSE Leap 15.5 ==== rpcbind ==== Version update (1.2.6 -> 1.2.7) - Update to rpcbind 1.2.7 https://sourceforge.net/projects/rpcbind/files/rpcbind/1.2.7/1.2.7-ChangeLog/download * rpcinfo: try connecting using abstract address * Listen on an AF_UNIX abstract address if supported * autotools/systemd: call rpcbind with -w only on enabled warm starts * rpcbind: fix double free in init_transport - Refresh and rename patches (while turning them into git patches) * 0001-systemd-unit-files.patch -> 0001-systemd-rpcbind.service-Fix-ordering-add-etc-sysconf.patch * harden_rpcbind.service.patch -> 0001-systemd-rpcbind.service-Add-hardening-bsc-1181400.patch ==== samba ==== Version update (4.20.2+git.350.4cfcde9cdb -> 4.20.4+git.356.d4a5fa2a818) Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-libs samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs - Fix a crash when joining offline and 'kerberos method' includes keytab; (bsc#1228732). - Update to 4.20.4 * --version-* options are still not ergonomic, and they reject tilde characters; (bso#15673). - Update to 4.20.3 * Running samba-bgqd a a standalone systemd service does not work; (bso#15683). * When claims enabled with heimdal kerberos, unable to log on to a Windows computer when user account need to change their own password; (bso#15655). * Invalid client warning about command line passwords; (bso#15671). * Version string is truncated in manpages; (bso#15672). * cmdline_burn does not always burn secrets; (bso#15674). * Samba does not parse SDDL found in defaultSecurityDescriptor in AD_DS_Classes_Windows_Server_v1903.ldf; (bso#15685). * The images don\'t build after the git security release and CentOS 8 Stream is EOL; (bso#15660). * Fix clock skew error message and memory cache clock skew recovery; (bso#15676). * Heimdal ignores _gsskrb5_decapsulate errors in init_sec_context/repl_mutual; (bso#15603). * s4:ldap_server: does not support tls channel bindings for sasl binds; (bso#15621). * CTDB socket output queues may suffer unbounded delays under some special conditions; (bso#15678). ==== selinux-policy ==== Version update (20240816 -> 20240823) Subpackages: selinux-policy-targeted - Update to version 20240823: * Allow rasdaemon write access to sysfs (bsc#1229587) ==== spacenavd ==== Version update (1.2 -> 1.3) - Version 1.3 * Support for dominant axis mode. Dominant axis toggle can be bound as a button action. * Fixed device detection for some serial Spaceballs which were misdetected due to spurious data arriving before the "@reset". * Normalized default axis mapping/sign for CadMan USB and Spaceball 5000 USB. * Linux: stop using the evdev time field, which was dropped in 32bit linux for year 2038 compatibility. * Protocol: added missing set/get requests for the repeat interval. * Updated device blacklists to ignore 3Dconnexion keyboards/mice. * Build improvements and fixes for various platforms. - Add libXext as a build requires ==== systemd-presets-common-SUSE ==== - Add presets to enable dbus-broker.service for both system and user due to naming socket activation doesn't work directly. - Order .presets file alphabetically via service. ==== yast2-storage-ng ==== Version update (5.0.15 -> 5.0.16) - Tiny internal code reorganization to ease Agama development at gh#openSUSE/agama#1448. - 5.0.16 ==== yast2-users ==== Version update (5.0.1 -> 5.0.2) - Relax check in GECOS field (bsc#1228149): Allow any data except colons - 5.0.2