Packages changed: ImageMagick curl freerdp2 gcc13 (13.2.1+git8761 -> 13.3.0+git8781) glibc kf6-qqc2-desktop-style libarchive libcap-ng (0.8.4 -> 0.8.5) libguestfs (1.52.0 -> 1.52.1) libqt5-qtlocation (5.15.13+kde6 -> 5.15.13+kde7) libqt5-qtwebengine (5.15.16 -> 5.15.17) libreoffice llvm18 (18.1.5 -> 18.1.6) lvm2 lvm2-device-mapper openSUSE-release (20240522 -> 20240524) openssl-3 pangomm1_4 (2.46.3 -> 2.46.4) patterns-desktop permissions (1699_20240513 -> 1699_20240521) polkit-default-privs (1550+20240430.5327266 -> 1550+20240522.4ba9229) python-requests (2.31.0 -> 2.32.2) qqc2-desktop-style (5.116.0 -> 5.116.1) sane-backends (1.3.0 -> 1.3.1) speech-dispatcher (0.12.0~rc2 -> 0.12.0~rc3) suse-module-tools (16.0.43 -> 16.0.44) talloc (2.4.1 -> 2.4.2) tdb (1.4.9 -> 1.4.10) tevent (0.16.0 -> 0.16.1) udisks2 (2.10.0 -> 2.10.1) vlc xen (4.18.2_02 -> 4.18.2_04) zsh === Details === ==== ImageMagick ==== Subpackages: libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - reverted update-alternatives usage removal [bsc#1122033][bsc#1220818] ==== curl ==== Subpackages: libcurl4 - Add split-provides for libcurl-devel -> libcurl-devel-doc. - Spin documentation off to libcurl-devel-doc, this saves buildroots 495 files and time (mandb is run in %posttrans). ==== freerdp2 ==== Subpackages: libfreerdp2-2 libwinpr2-2 - Multiple CVE fixes + Add freerdp-CVE-2024-32659.patch (bsc#1223346, CVE-2024-32659) - out-of-bounds read if `((nWidth == 0) and (nHeight == 0))` + Add freerdp-CVE-2024-32660.patch (bsc#1223347, CVE-2024-32660) - client crash via invalid huge allocation size + Add freerdp-CVE-2024-32661.patch (bsc#1223348, CVE-2024-32661) - client NULL pointer dereference + Add freerdp-CVE-2024-32658.patch (bsc#1223353, CVE-2024-32658) - out-of-bounds read in Interleaved RLE Bitmap Codec in FreeRDP based clients ==== gcc13 ==== Version update (13.2.1+git8761 -> 13.3.0+git8781) Subpackages: cpp13 libgccjit0-gcc13 libstdc++6-devel-gcc13 - Update to GCC 13.3 release ==== glibc ==== Subpackages: glibc-devel glibc-extra glibc-locale glibc-locale-base nscd - glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch: nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599, bsc#1223423, BZ #31677) - glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch: nscd: Avoid null pointer crashes after notfound response (CVE-2024-33600, bsc#1223424, BZ #31678) - glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch: nscd: Do not send missing not-found response in addgetnetgrentX (CVE-2024-33600, bsc#1223424, BZ #31678) - glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch: netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601, CVE-2024-33602, bsc#1223425, BZ #31680) - nscd-netgroup-cache-timeout.patch: Use time_t for return type of addgetnetgrentX (CVE-2024-33602, bsc#1223425) - glibc-fix-cve-2024-33599.patch: renamed - ulp-prologue-into-asm-functions.patch: Avoid creating ULP prologue for _start routine (bsc#1221940) - utmp-time-bits.patch: login: structs utmp, utmpx, lastlog _TIME_BITS independence (BZ #30701) - elf-parse-tunables.patch: elf: Only process multiple tunable once (BZ [#31686]) ==== kf6-qqc2-desktop-style ==== - Update qqc2-desktop-style-lang obsoleted version ==== libarchive ==== - Fix bsdunzip test failing due to a locale issue * fix-bsdunzip-test.patch ==== libcap-ng ==== Version update (0.8.4 -> 0.8.5) - Update to version 0.8.5: * Remove python global exception handler since it's deprecated * Make the utilities link against just built libraries * Remove unused macro in cap-ng.h - Remove libcap-ng.rpmlintrc, it doesn't seem to be used any more. ==== libguestfs ==== Version update (1.52.0 -> 1.52.1) Subpackages: libguestfs-appliance libguestfs-winsupport libguestfs-xfs libguestfs0 - Update to version 1.52.1 bug fix release (jsc#PED-6305) * There are no upstream release notes for verion 1.52.x * Several python fixes * Rework Std_utils.Option so it works like the OCaml stdlib module * Update common submodule to latest - Drop patches contained in new tarball Split-chown-parameter-on-character.patch Initialise-bar-fp-as-NULL.patch ==== libqt5-qtlocation ==== Version update (5.15.13+kde6 -> 5.15.13+kde7) - Update to version 5.15.13+kde7: * Update mapbox-gl-native (boo#1224376) ==== libqt5-qtwebengine ==== Version update (5.15.16 -> 5.15.17) - Add compatibility patches for ICU 75: * qt5-webengine-icu-75.patch * 0001-Use-default-constructor-in-place-of-self-delegation-.patch - Consequently build with a newer compiler on Leap 15 - Update to version 5.15.17: * Add option to chose python version for building 5.15 WebEngine * Update Chromium. Backported fixes: * [Backport] Security bug 325296797 * [Backport] CVE-2024-1059: Use after free in WebRTC * [Backport] Security bug 1518994 * Fixup for [Backport] Security bug 1519980 * [Backport] CVE-2024-1283: Heap buffer overflow in Skia * [Backport] CVE-2024-1060: Use after free in Canvas * [Backport] CVE-2024-1077: Use after free in Network * [Backport] Security bug 1519980 * [Backport] CVE-2024-0808: Integer underflow in WebUI * [Backport] CVE-2024-0807: Use after free in WebAudio * Fix ffmpeg assembly with newer binutil * [Backport] Security bug 1511689 * [Backport] CVE-2024-0224: Use after free in WebAudio * [Backport] CVE-2023-7024: Heap buffer overflow in WebRTC * [Backport] Security bug 1506535 * [Backport] CVE-2024-0519: Out of bounds memory access in V8 * [Backport] CVE-2024-0518: Type Confusion in V8 * [Backport] CVE-2024-0333: Insufficient data validation in Extensions * [Backport] CVE-2024-0222: Use after free in ANGLE * Fixup: [Backport] Security bug 1488199 * FIXUP: Fix compilation with system ICU * Fixup: [Backport] Security bug 1505632 * [Backport] Security bug 1505632 * [Backport] CVE-2023-6702: Type Confusion in V8 * [Backport] CVE-2023-6345: Integer overflow in Skia * Bump V8_PATCH_LEVEL * [Backport] Security bug 1488199 (2/2) * [Backport] Security bug 1488199 (1/2) * [Backport] CVE-2023-6510: Use after free in Media Capture * Fix building with system libxml2 * [Backport] CVE-2023-6347: Use after free in Mojo * [Backport] CVE-2023-6112: Use after free in Navigation * [Backport] CVE-2023-5997: Use after free in Garbage Collection - Drop patches, merged upstream: * 0001-Fix-building-with-system-libxml2.patch * qtwebengine-python3.patch * python311-fixes.patch - Update _service file, catapult snapshots are not needed anymore ==== libreoffice ==== Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-en libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - bsc#1224309: LibreOffice fails to build with ICU 75. - Add patch to fix bsc#1224309. * icu-74-compatibility.patch - Add required 'sed' usage during %prep to fix bsc#1224309. - These two changes have been applied on both Gentoo and Arch Linux, but originally they come from upstream. ==== llvm18 ==== Version update (18.1.5 -> 18.1.6) Subpackages: clang-tools clang18 libLLVM18 libclang-cpp18 libclang13 llvm18-gold - Update to version 18.1.6. * Fixes issues where LLVM is either generating the incorrect thunk for a function with aligned parameters or didn't correctly pass through the return value when StructRet was used. * `-Xclang -target-feature -Xclang +unaligned-scalar-mem` can be used to enable unaligned scalar memory accesses for CPUs that do not support unaligned vector accesses. `-mno-strict-align` will enable unaligned scalar and vector memory accesses. * Don't replace an aliasee with an alias that has weak linkage. This avoids incorrect linkage that can lead to using the wrong symbols during linking time. * Fixes build failures when compiling AVX512 code using `-march=native` on machines without AVX512. The problem was introduced in LLVM 18.1.5. * Fixes crash in AArch64 backend when having `true` or `false` as operand for `fcmp` instruction on IR level. * Fixes compiler crash when user specifies `-mno-evex512` with AVX512 features but no AVX512VL. * Fixes a bug that tries to do VBROADCAST_LOAD for `f16` without AVX2. - Rebase llvm-do-not-install-static-libraries.patch. ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - Use %patch -P N instead of deprecated %patchN syntax. ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Use %patch -P N instead of deprecated %patchN syntax. ==== openSUSE-release ==== Version update (20240522 -> 20240524) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openssl-3 ==== Subpackages: libopenssl3 - Security fix: [bsc#1224388, CVE-2024-4603] * Check DSA parameters for excessive sizes before validating * Add openssl-CVE-2024-4603.patch ==== pangomm1_4 ==== Version update (2.46.3 -> 2.46.4) - Update to version 2.46.4: + Coverage: Don't use deprecated pango_coverage_ref/unref() + Documentation: - Doxyfile.in: Don't hide undocumented classes - Remove AUTHORS, HACKING, README.SUN; add general info to README.md. + Meson build: - Detect if we build from a git subtree - Don't copy files with configure_file() - Fix the evaluation of is_git_build on Windows - Don't fail if warning_level=everything - Enable check section: run meson test (no tests defined as of now). ==== patterns-desktop ==== Subpackages: patterns-desktop-books patterns-desktop-imaging patterns-desktop-mobile patterns-desktop-multimedia - No longer recommend tlp: we have three (conflicting) power tuners by now, each is recommended by some pattern/feature: + tuned is recommended by the base patterns (installed on all systems) + power-daemon-profiles is recommended by GNOME and Plasma (GUI controlled) + tlp recommended by laptop pattern (tlp conflicts explicitly with the other two though). ==== permissions ==== Version update (1699_20240513 -> 1699_20240521) Subpackages: permctl permissions-config - Update to version 1699_20240521: * permctl: return special exit code in --warn mode if entries need fixing ==== polkit-default-privs ==== Version update (1550+20240430.5327266 -> 1550+20240522.4ba9229) - Update to version 1550+20240522.4ba9229: * whitelist gnome-remote-desktop (bsc#1222159) ==== python-requests ==== Version update (2.31.0 -> 2.32.2) - Update to 2.32.2 * To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0. - Update to 2.32.1 * Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (bsc#1224788, CVE-2024-35195) * verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. * Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. * Requests has officially added support for CPython 3.12 and dropped support for CPython 3.7. * Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling. ==== qqc2-desktop-style ==== Version update (5.116.0 -> 5.116.1) - Update to 5.116.1 - Changes since 5.116.0: * Extract translations into qqc2desktopstyle_qt5.pot * Really fix the translation file ==== sane-backends ==== Version update (1.3.0 -> 1.3.1) Subpackages: libsane1 sane-backends-autoconfig - Updated to sane-backends version 1.3.1 * Re-release of 1.3.0 because upstream unreleased 1.3.0 due to VCS issues. ( https://gitlab.com/sane-project/backends/-/issues/751 ) ==== speech-dispatcher ==== Version update (0.12.0~rc2 -> 0.12.0~rc3) Subpackages: libspeechd2 python311-speechd speech-dispatcher-module-espeak - Update to version 0.12.0~rc3: * Detect module failures from generic module. * Make the fallback espeak-ng and dummy modules hardcoded. * Better detect generic module failures to disable them. * pulse: Use asynchronous API to avoid buffer underruns. * generic: Make stripping punctuation use locale charset. - Add speech-dispatcher-missing-return-vals.patch: add missing return statements. ==== suse-module-tools ==== Version update (16.0.43 -> 16.0.44) Subpackages: suse-module-tools-scriptlets - Update to version 16.0.44: * Include unblacklist in initramfs (bsc#1224320) * regenerate-initrd-posttrans: run update-bootloader --refresh for XEN (bsc#1223278) ==== talloc ==== Version update (2.4.1 -> 2.4.2) Subpackages: libtalloc2 python3-talloc - Update to 2.4.2 * build with Python 3.12 (bso#15513) * documentation fixes * Update patch talloc-python3.5-fix-soabi_name.patch ==== tdb ==== Version update (1.4.9 -> 1.4.10) Subpackages: libtdb1 python3-tdb - Update to 1.4.10 * build with Python 3.12 (bso#15513) * documentation fixes * minor build fixes ==== tevent ==== Version update (0.16.0 -> 0.16.1) Subpackages: libtevent0 python3-tevent - Update to version 0.16.1 * build with Python 3.12 (bso#15513) * documentation fixes ==== udisks2 ==== Version update (2.10.0 -> 2.10.1) Subpackages: libudisks2-0 libudisks2-0_btrfs udisks2-bash-completion udisks2-zsh-completion - update to version 2.10.1 - Update Ukrainian translation - tests: Wipe used devices for LVM2 RAID tests - tests: Settle down before checking the LVM RAID MissingPhysicalVolumes property - tests: Rescan vdevs after lvm raid tests - Update German translation - tests: Mark UDF fstab filesystem tests as unstable - tests: Add offline and online filesystem grow tests - doc: Clarify the Filesystem.Size property presence - udiskslinuxfilesystem: Force native tools for mounted XFS fs size retrieval - udiskslinuxfilesystem: Refactor internal whitelists - tests: Fix Python class invocation in nvme tests - udisksctl: Add "--no-partition-scan" option for "loop-setup" command - tests: Fix regex escaping - integration-test: Fix invalid escaping - tests: Mark LVM RAID tests as unstable - tests: Fix LSM drive objects crawl - iscsi: Fix login on firmware-discovered nodes - udiskslinuxmanager: Properly handle disabled modules - tests: Replace deprecated unittest assert calls - udisksctl: Guard object lookup - Update ka.po - udiskslinuxloop: Avoid warnings on empty loop devices - Update Polish translation - Limit getting filesystem size only to Ext and XFS - build: Check for gobject-introspection m4 macro presence - tests: start the polkitd mock with the corresponding user if it exists - Drop merged upstream patches: 0001-doc-Clarify-the-Filesystem.Size-property-presence.patch 0001-udiskslinuxfilesystem-Force-native-tools-for-mounted.patch 0001-udiskslinuxfilesystem-Refactor-internal-whitelists.patch 0001-tests-Mark-UDF-fstab-filesystem-tests-as-unstable.patch 0001-tests-Add-offline-and-online-filesystem-grow-tests.patch ==== vlc ==== Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau - Add 770789f2.patch: Fix missing cast in chromaprint (boo#1223909). ==== xen ==== Version update (4.18.2_02 -> 4.18.2_04) Subpackages: xen-libs xen-tools-domU - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) 6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch - Upstream bug fixes (bsc#1027519) 6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch 6627a5fc-x86-MTRR-inverted-WC-check.patch 662a6a4c-x86-spec-reporting-of-BHB-clearing.patch 662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch 663090fd-x86-gen-cpuid-syntax.patch 663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch 663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch 663d05b5-x86-ucode-distinguish-up-to-date.patch 663eaa27-libxl-XenStore-error-handling-in-device-creation.patch ==== zsh ==== - Use %patch -P N instead of deprecated %patchN.