Packages changed: MicroOS-release (20241028 -> 20241103) SDL2 (2.30.8 -> 2.30.9) SVT-AV1 (2.2.1 -> 2.3.0) aardvark-dns (1.12.2 -> 1.13.0) bubblewrap (0.10.0 -> 0.11.0) containerd (1.7.22 -> 1.7.23) crun (1.17 -> 1.18) ghostscript glib2-branding-openSUSE gnome-control-center (47.1.1 -> 47.1.1+9) grub2 gtk4 (4.16.3 -> 4.16.5) kdump (2.0.9 -> 2.0.10+git0.g62142dd) kf6-kxmlgui libarchive (3.7.6 -> 3.7.7) libcamera (0.3.1 -> 0.3.2) libnftnl (1.2.7 -> 1.2.8) libnl3 (3.10.0 -> 3.11.0) libnvme (1.10+0.gdd51fa8 -> 1.11) libpng16 (1.6.43 -> 1.6.44) librsvg (2.59.1 -> 2.59.2) libtirpc (1.3.5 -> 1.3.6) libxslt libzip (1.10.1 -> 1.11.1) microos-tools (4.0+git1 -> 4.0+git2) mozilla-nss (3.104 -> 3.105) mpg123 (1.32.8 -> 1.32.9) mutter (47.1 -> 47.1+3) netavark (1.12.2 -> 1.13.0) nftables (1.0.9 -> 1.1.1) nvme-cli (2.10 -> 2.11) openssh openssl-3 (3.1.4 -> 3.1.7) openssl (3.1.4 -> 3.1.7) openvpn patterns-base patterns-gnome python-pycups python311 python311-core qemu (9.1.0 -> 9.1.1) runc (1.2.0 -> 1.2.1) samba (4.21.1+git.367.e1da597d86e -> 4.21.1+git.372.cb50f2d0a68) selinux-policy (20241021 -> 20241031) snapper speech-dispatcher (0.12.0~rc3 -> 0.12.0~rc4) sqlite3 (3.46.0 -> 3.46.1) system-users sysvinit (3.10 -> 3.11) tecla-keyboard-layout-viewer toolbox (2.4+git20241025.00f69f5 -> 2.4+git20241030.2ae8421) update-bootloader (1.17 -> 1.18) vlc xkeyboard-config yaml-cpp === Details === ==== MicroOS-release ==== Version update (20241028 -> 20241103) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== SDL2 ==== Version update (2.30.8 -> 2.30.9) - Update to release 2.30.9 * Fixed flicker when entering/exiting fullscreen or moving the window between scaled and non-scaled displays under Wayland. ==== SVT-AV1 ==== Version update (2.2.1 -> 2.3.0) - Update to release 2.3.0 * Improved fast-decode level 1 option to increase its AV1 software cycle reduction by ~10% while maintaining the same quality levels. * New fast-decode level 2 to allow for an average AV1 software cycle reduction of 25-50% vs fast-decode 0 with a 1-3% BD-Rate loss across the presets. * Improved --lp settings for high resolutions, with CRF gaining a ~4% improvement in speed and VBR gaining ~15%. * Further ARM-based optimizations improving the efficiency of previously written NEON implementations by an average of 30%. ==== aardvark-dns ==== Version update (1.12.2 -> 1.13.0) - Update to version 1.13.0: * Release v1.13.0 * Update release notes for 1.13.0 * test: use dnsmasq over slirp4netns * coredns: forward names with no ndots as well * run cargo update * fix(deps): update rust crate tokio to 1.41.0 * fix(deps): update rust crate flume to 0.11.1 * fix(deps): update rust crate libc to 0.2.161 * fix(deps): update rust crate libc to 0.2.160 * fix(deps): update rust crate clap to ~4.5.20 * cirrus: check for msrv build * define a MSRV policy * chore(deps): update dependency containers/automation_images to v20241010 * [skip-ci] Packit: constrain koji job to the fedora package * dns: limit to 3 resolvers and use better timeout for them * OWNERS file audit and update * fix new lint error with rust 1.81 * test: make them pass on RHEL/Centos Stream 9 * Packit: disable F39 and separate out ELN * serve: parse resolv.conf ourselves * fix(deps): update rust crate libc to 0.2.159 * coredns: allow host lookup of names * backend: return simple Vector in lookup() * coredns: use a TTL of 0 for our names * coredns: do not clonse the Record * netavark_cache_groom.sh: fix wrong branch * Packit: add sidetag to release with netavark * coredns: work on tcp requests concurrently * tcp: add timeout to connection * fix(deps): update rust crate tokio to 1.40.0 * fix(deps): update rust crate libc to 0.2.158 * chore(deps): update dependency containers/automation_images to v20240821 * fix(deps): update rust crate tokio to 1.39.3 * fix(deps): update rust crate libc to 0.2.156 * Bump main version back to v1.13.0-dev ==== bubblewrap ==== Version update (0.10.0 -> 0.11.0) - update to 0.11.0: * New --overlay, --tmp-overlay, --ro-overlay and --overlay-src options allow creation of overlay mounts. This feature is not available when bubblewrap is installed setuid. * New --level-prefix option produces output that can be parsed by tools like logger --prio-prefix and systemd-cat --level-prefix=1 * bug fixes and developer visible changes - add upstream signing key and validate source signature ==== containerd ==== Version update (1.7.22 -> 1.7.23) - Update to containerd v1.7.23. Upstream release notes: - Rebase patches: * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch ==== crun ==== Version update (1.17 -> 1.18) - Update to crun v1.18. Upstream changelog is available from - Remove URL from crun.keyring source declaration. If the Ubuntu keyservers update their server software or some other minor change causes the output of the key to change (such as the maintainer updating their key expiry), we will end up with build failures despite the key still being a totally valid key to do verifications with. This also matches how keyring files are managed for most packages. ==== ghostscript ==== - Enhanced entry below dated "Wed Oct 23 08:54:59 UTC 2024" by adding the individual "bsc" numbers for each CVE, see https://bugzilla.suse.com/show_bug.cgi?id=1232173#c4 and by adding the "IMPORTANT" change in Ghostscript 10.04.0 - spec file cleanup: removed the special cases for SLE12 i.e. rely on "suse_version >= 1500" as given precondition (recent Ghostscript versions fail to build in SLE12 anyway) ==== glib2-branding-openSUSE ==== - Remove "picture-uri-dark" in schema "org.gnome.desktop.screensaver", there is no this key in schema currently. ==== gnome-control-center ==== Version update (47.1.1 -> 47.1.1+9) Subpackages: gnome-control-center-color gnome-control-center-goa - Update to version 47.1.1+9: * wwan: Fix status pages * default-apps-row: - Fix auto_ptr usage causing leaks - Fix auto_ptr use-after-free * Updated translations. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin - Enable support of Radix, Xive and Radix_gtse on Power (jsc#PED-9881) * 0001-kern-ieee1275-init-Add-IEEE-1275-Radix-support-for-K.patch ==== gtk4 ==== Version update (4.16.3 -> 4.16.5) Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.16.5: + Clean up debug spew. - Update to version 4.16.4: + GtkTextView: - Fix some missing CSS invalidation - Handle charsets in clipboard datatypes + GtkApplication: Respect GDK_DEBUG=no-portals + Printing: - Avoid warnings for avahi errors - Fix a segfault in the print dialog setup code + Accessibility: Handle NULL values in more places + Gdk: - vulkan: Fix validation errors - Fix 32bit build for the jpeg loader + Wayland: Fix a possible deadlock with high-priority sources triggering Wayland roundtrips + Updated translations. ==== kdump ==== Version update (2.0.9 -> 2.0.10+git0.g62142dd) - upgrade to version 2.0.10 * calibrate: don't add percentage margin on top of LUKS memory (bsc#1229207) ==== kf6-kxmlgui ==== Subpackages: libKF6XmlGui6 - Fix qt6-core-private-devel minimum version ==== libarchive ==== Version update (3.7.6 -> 3.7.7) - Update to 3.7.7: * gzip: prevent a hang when processing a malformed gzip inside a gzip * tar: don't crash on truncated tar archives * tar: fix two leaks in tar header parsing * 7-zip: read/write symlink paths as UTF-8 * cpio: exit with an error code if an entry could not be extracted * rar5: report encrypted entries * tar: fix truncation of entry pathnames in specific archives ==== libcamera ==== Version update (0.3.1 -> 0.3.2) Subpackages: libcamera-base0_3 libcamera0_3 - Update to release 0.3.2 * Add Sony IMX214 sensor properties ==== libnftnl ==== Version update (1.2.7 -> 1.2.8) - Update to release 1.2.8 * Fixes for incorrect validation of dynset netlink attributes from the kernel ==== libnl3 ==== Version update (3.10.0 -> 3.11.0) Subpackages: libnl-config libnl3-200 - Update to release 3.11 * Add NLA_{SINT|UINT} attribute types * Add NLA functions for variable-length integers * link/bonding: add getters for attributes * lib/route: add support for bridge msti ==== libnvme ==== Version update (1.10+0.gdd51fa8 -> 1.11) Subpackages: libnvme-mi1 libnvme1 - Update to version 1.11: * prefix: Use Request or Response Length in DLEN and DOFF for MI * types: Add ETPVDS and SSI fields of sanitize status log * json: do not escape strings when printing the configuration * tree: do no export tls keys when not provided by user * types: add struct nvme_id_ctrl_nvm ver and lbamqf member variables * types: add NVMe 2.1 get log page LIDs * type: Added enums for ANSAN and RGCNS bit of OAES field * linux: fixup PSK HMAC type '0' handling * util: added error code for ENOKEY * fabrics: fix map error level in __nvmf_add_ctrl * fabrics: add ctrl connect interface * fabrics: use hex numbers when generating command line options * fabrics: rename first argument for argument macros * linux: handle key import correctly * linux: export keys to config * tree: read tls_configured_key and tls_keyring from sysfs * tree: move dhchap and tls sysfs parser into separate functions * json: move keystore operations out of the JSON parser * tree: add getter/setters for TLS PSK * linux: add import/export function for TLS pre-shared keys * linux: only return the description of a key * linux: use ssize_t as return type for nvme_identity_len * linux: reorder variable declarations * types: Added enum for SMVES event of PEL log * libnvme: add lockdown log page support(LID : 0x14) * libnvme: add EMVS support to sanitize command * types: Add TP4159 PCIe Infrastructure for Live Migration definitions * types: add NVME_CTRL_OAES get macro definitions * types: add NVME_CTRL_OAES_TTHR definition * types: add NVME_CTRL_FNA definitions to get field values * types: add NVME_VAL() definition * tree: fix tls key mem leak (bsc#1231668) * tree: fix dhchap_ctrl_key mem leak (bsc#1231668) * tree: fix dhchap_key mem leak (bsc#1231668) * types: add NVME_CHECK() definition to check nvme register field value * types: add kv opcodes * types: added new fields in nvme_nvme_id_ns * types: Add enum for Completion Condition of Get LBA status command * ioctl: refactoring set_features * types: add new fields added in TP4142 * mi: add control primitive command * linux: Correct error handling for derive_psk_digest (bsc#1228376) * types: Added new field CSER in enum as per TP4167 - build fix for OpenSSL 1.1 * add 0001-linux-fix-derive_psk_digest-OpenSSL-1.1-version.patch ==== libpng16 ==== Version update (1.6.43 -> 1.6.44) - version update to 1.6.44: * Hardened calculations in chroma handling to prevent overflows, and relaxed a constraint in cHRM validation to accomodate the standard ACES AP1 set of color primaries. (Contributed by John Bowler) * Removed the ASM implementation of ARM Neon optimizations and updated the build accordingly. Only the remaining C implementation shall be used from now on, thus ensuring the support of the PAC/BTI security features on ARM64. (Contributed by Ross Burton and John Bowler) * Fixed the pickup of the PNG_HARDWARE_OPTIMIZATIONS option in the CMake build on FreeBSD/amd64. This is an important performance fix on this platform. * Applied various fixes and improvements to the CMake build. (Contributed by Eric Riff, Benjamin Buch and Erik Scholz) * Added fuzzing targets for the simplified read API. (Contributed by Mikhail Khachayants) * Fixed a build error involving pngtest.c under a custom config. This was a regression introduced in a code cleanup in libpng-1.6.43. (Contributed by Ben Wagner) * Fixed and improved the config files for AppVeyor CI and Travis CI. - Drop upstream patch: * 563.patch ==== librsvg ==== Version update (2.59.1 -> 2.59.2) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Change license to LGPL-2.1-or-later AND MIT. - Update to version 2.59.2: + Fix stack overflow due to unbounded recursion. Now there is a hard limit on the number of nested layers that an SVG document may have. This is not a hard limit on the amount of stack space consumed, but it is a general mitigation. + Fix regression when rendering paths with very flat elliptical arcs. This bug was introduced in 2.59.1 as part of the mitigation for paths with coordinates that Cairo is unable to handle. + Fix centering and text-anchor in general for scaled text. + Fix building with Rust 1.82 on Windows (Christoph Reiter). + Make cancellation work for all the resource loading functions. + Add documentation for rsvg-bench to the development guide. + Slight improvement in memory consumption for language tags. + Many updates to the developer's documentation, for Outreachy interns. ==== libtirpc ==== Version update (1.3.5 -> 1.3.6) Subpackages: libtirpc-netconfig libtirpc3 - update to 1.3.6: * http://sourceforge.net/projects/libtirpc/files/libtirpc/1.3.6/Release-1.3.6.txt * https://lore.kernel.org/linux-nfs/91ef3508-d0a6-48db-adfc-4f7831fba74e@redhat.com/ * rpcbind config changes ==== libxslt ==== Subpackages: libexslt0 libxslt-tools libxslt1 - Add libxslt-reproducible.patch to make xml output deterministic (boo#1062303) ==== libzip ==== Version update (1.10.1 -> 1.11.1) - version update to 1.11.1 * Fix zipconf.h for version number with missing third component. * Stop searching after finding acceptable central directory, even if it contains inconsistencies. * Only write Zip64 EOCD if fields don't fit in normal EOCD. Previously libzip also wrote it when any directory entry required Zip64. * Allow bytes from 0x00-0x1F as UTF-8. * Add new error code ZIP_ER_TRUNCATED_ZIP for files that start with a valid local header signature. * `zipcmp`: add -T option for comparing timestamps. * `zip_file_replace` now removes the target's extra field information. ==== microos-tools ==== Version update (4.0+git1 -> 4.0+git2) Subpackages: selinux-autorelabel - Update to version 4.0+git2: * Add RemainAfterExit=true to autorelabel services ==== mozilla-nss ==== Version update (3.104 -> 3.105) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.105 * bmo#1915792 - Allow importing PKCS#8 private EC keys missing public key * bmo#1909768 - UBSAN fix: applying zero offset to null pointer in sslsnce.c * bmo#1919577 - set KRML_MUSTINLINE=inline in makefile builds * bmo#1918965 - Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys * bmo#1918767 - override default definition of KRML_MUSTINLINE * bmo#1916525 - libssl support for mlkem768x25519 * bmo#1916524 - support for ML-KEM-768 in softoken and pk11wrap * bmo#1866841 - Add Libcrux implementation of ML-KEM 768 to FreeBL * bmo#1911912 - Avoid misuse of ctype(3) functions * bmo#1917311 - part 2: run clang-format * bmo#1917311 - part 1: upgrade to clang-format 13 * bmo#1916953 - clang-format fuzz * bmo#1910370 - DTLS client message buffer may not empty be on retransmit * bmo#1916413 - Optionally print config for TLS client and server fuzz target * bmo#1916059 - Fix some simple documentation issues in NSS. * bmo#1915439 - improve performance of NSC_FindObjectsInit when template has CKA_TOKEN attr * bmo#1912828 - define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN ==== mpg123 ==== Version update (1.32.8 -> 1.32.9) - Update to version 1.32.9 libmpg123: * Increase the library patchlevel, as was forgotten on previous release. Now you can check for distversion >= 1.32.8 or mpg123 libversion >= 48 patchlevel 3 to see if you're vulnerable to CVE-2024-10573. ==== mutter ==== Version update (47.1 -> 47.1+3) - Update to version 47.1+3: * wayland/pointer-constraints: Warp pointer after destroying resource * Updated translations. ==== netavark ==== Version update (1.12.2 -> 1.13.0) - Update to version 1.13.0: * Release v1.13.0 * Updates release notes for v1.13.0 * run cargo update * fix(deps): update rust crate hyper-util to 0.1.10 * [skip-ci] Packit: Remove epel targets * fix(deps): update rust crate nftables to 0.5.0 * fix(deps): update rust crate anyhow to 1.0.91 * fix(deps): update rust crate tokio to 1.41.0 * fix(deps): update rust crate anyhow to 1.0.90 * Updated to zbus4 * chore(deps): update dependency containers/automation_images to v20241010 * test-dhcp: fix NOP test * fix new lint errors with rust 1.81 * fix(deps): update rust crate clap to ~4.5.20 * contrib/container_images: remove no longer used images * cirrus: check for msrv build * add new rust image to check for MSRV * define a MSRV policy * [skip-ci] Packit: constrain koji and bodhi to the fedora package * chore(deps): update rust crate once_cell to 1.20.2 * fix(deps): update rust-futures monorepo to 0.3.31 * OWNERS file audit and update * update tonic and prost dependencies * update tower to v0.5.1 * fix(deps): update rust crate sysctl to 0.6.0 * fix(deps): update rust crate netlink-packet-route to 0.21.0 * chore(deps): update rust crate tempfile to 3.13.0 * chore(deps): update rust crate once_cell to 1.20.1 * fix(deps): update rust crate nispor to 1.2.21 * fix(deps): update rust crate anyhow to 1.0.89 * nftables: add dns dnat rule first * iptables: add dns dnat rule first * fix(deps): update rust crate anyhow to 1.0.88 * nft: remove port forwarding rules correctly * fix(deps): update rust crate tokio-stream to 0.1.16 * nft: do not parse localhost string ip * nft: use append() over push() where possible * Packit: add sidetag to release with aardvark-dns * fix(deps): update rust crate tokio to 1.40.0 * fix(deps): update rust crate libc to 0.2.157 * fix(deps): update rust crate tokio to 1.39.3 * fix(deps): update rust crate libc to 0.2.156 * aardvark: on start failure delete entries again * iptables: make dns rules cover tcp as well * nftables: make dns rules cover tcp as well * fix(deps): update rust crate serde_json to 1.0.123 * remove superfluous formatters from debug stmt * chore(deps): update rust crate tempfile to 3.12.0 * fix new rust 1.80 lint issues * silence new rust 1.80 warnings * chore(deps): update rust crate tempfile to 3.11.0 * fix(deps): update rust crate serde_json to 1.0.122 * Bumping main back to v1.13.0-dev for development ==== nftables ==== Version update (1.0.9 -> 1.1.1) Subpackages: libnftables1 python311-nftables - Update to release 1.1.1 * Reduce netlink cache dependencies to speed up incremental updates. * Allow zero burst in byte ratelimiter expression. * Fix double-free when users call nft_ctx_clear_vars() followed by nft_ctx_free(). * Document that the tproxy statement is non-terminal (unlike in iptables). This allows for tproxy+log and tproxy+mark combos, see man nft(8) for details. * Add egress support for the `list hooks` subcommand. - Update to release 1.1.0 * Restore compatibility set element dump with <= 0.9.8 * Disallow empty interface names * Restore rule replace command * Search for group, rt_mark, rt_realms at /etc/iproute2, /usr/share/iproute2 * Resolve some timezone issues * Support for variables in map expressions * VLAN support ==== nvme-cli ==== Version update (2.10 -> 2.11) - Update to version 2.11: * docs: update check-tls-key arguments * nvme: add support to append TLS PSK to keyfile for check-tls-key * nvme: return correct error code in append_keyfile * docs: nvme-id-doman: dom{ia => ai}n * ocp: fix latency monitoring data structure entry endian * ocp: fix TCG configuration log endian * ocp: fix firmware activation history entry endian * docs: update gen-tls-key arguments * nvme: add support to add derive TLS PSK to keyfile * nvme: rename identity to version * nvme: set file permission for keyfile to owner only * nvme: export tls keys honoring version and hmac * nvmf-keys: add udev rule to import tls keys * docs: update TLS options * fabrics: add support to connect to accept a PSK command line * fabrics: add support to connect to accept a configuration * nvme: use unsigned char for hmac and identity * nvme-print: Add Sanitize Media Verification Event in PEL log * netapp-ontapdev: add err msg for no ontapdevices * netapp-smdev: add err msg for no smdevices * doc: Add sanitize command emvs option * ocp: combine to use GUID length definitions * nvme: update tls_key() handling * nvme-print-stdout: print VERS bit of SANICAP field * nvme: add EMVS support to sanitize command * ocp: remove callback function cast * doc: added commit conventions to contribution guidelines * ocp: fix ocp-print-stdout.c indentation error * ocp: fix ocp-nvme.c indentation errors * ocp: build ocp-nvme.c and ocp-telemetry-decode.c without json * ocp: split TCG configuration log print codes * ocp: split telemetry string log print codes * ocp: split device capabilities log print codes * ocp: split error recovery log print codes * ocp: split unsupported requirement log print codes * ocp: split latency monitor log print codes * ocp: move ocp telemetry log print function into ocp-print * ocp: split smart extended log print codes * ocp: split ocp-fw-activation-history print codes * plugins: update meson.build file to always build ocp plugin * ocp-print: move json code into separate files * nvme-print-json: display only verbose output * ocp-nvme: ocp plugin version update * nvme-print: print KV command set page header * doc: show where self-test results can be found * plugins/memblaze: fix a wrong id on smart-log-add * plugins/dapustor: smart-log-add fix * plugins/sed: add sid password change (bsc#1229677) * plugins/solidigm: Automatic retry smaller log chunk size. * ocp-nvme: Add LMDATA-37 for Latency Monitor Log * ocp-nvme: remove ocp log page version checking * wdc: Fix for Reading WDC C2 Vendor Unique Log Page * ocp: Fixes for OCP 2.5 Telemetry DA1 FIFO Event Parsing * nvme-print-json: update JSON verbose output for nvm-id-ctrl (bsc#1231668) * wdc: Add Support for SN5100S * nvme: Support show-regs for nvmeof * ocp: fix option handling in internal-log * Documentation: Added solidigm plugin commands * wdc: add support for SNTMP drive * nvme-print: print NSSES field of CAP register * ocp: fix GUID output * nvme-print-json: print controller register values in offset order * nvme-print-json: print CMBEBS and CMBSWTP in json format * nvme-print-stdout: update changed-ns-list-log output (bsc#1231668) * nvme: fix uninitialized value in error-log (bsc#1231668) * nvme: fix to convert metadata size to native byte order * nvme-print: fix error information log page endianness error * completions: add get-feature command changed option * doc: add get-feature command changed option * nvme: separate get NVME_GET_FEATURES_SEL_CHANGED definition * nvme: use NVME_GET_FEATURES_SEL definitions * nvme-print-stdout: use NVME_CTRL_OAES definitions * completion: add ocp set-telemetry-profile to zsh * completion: add solidgm work-tracker binding * plugins/solidigm: Added Workload Tracker Triggers and Wall Time * ocp: include util/types.h to use nvme_uint128_t * ocp: fix to set log data pointer allocated * nvme: use NVME_CHECK() to check get features select field value * ocp: split ocp-hwcomp log * completions: add ocp hardware-component-log command * doc: add ocp hardware-component-log command * ocp: add hwcomp log json output * ocp: add hwcomp log command list option * ocp: add hwcomp log command comp-id option * ocp: add hwcomp dummy definition * ocp: add support for hwcomp log page * nvme: use NVME_CTRL_FNA definitions * netapp-smdevices: print single device output too (bsc#1231668) * netapp-smdevices: segregate print routines (bsc#1231668) * Add Support for new SN655 PCI Device ID * nvme-print-json: extern json object add functions * ocp: add SMART / health information extended log page version 4 * ocp: add error recovery log page version 3 * ocp: add get-enable-ieee1667-silo command * fabrics: fix incorrect access filename check (bsc#1231668) * nvme: use NVME_GET_FEATURES_SEL_SUPPORTED definition * nvme-print-json: use _cleanup_free_ * plugins/solidigm: fix use after free. ... changelog too long, skipping 32 lines ... - Install 70-nvmf-keys.rules to the default udev rules directory ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Don't force using gcc11 on SLFO/ALP which have a newer version. - Add patches from upstream: - To fix a copy&paste oversight in an ifdef : * 0001-fix-utmpx-ifdef.patch - To fix a regression introduced when the "Match" criteria tokenizer was modified since it stopped supporting the "Match criteria=argument" format: * 0002-upstream-fix-regression-introduced-when-I-switched-the-Match.patch - To fix the previous patch which broke on negated Matches: * 0003-upstream-fix-previous-change-to-ssh_config-Match_-which-broken-on.patch - To fix the ML-KEM768x25519 kex algorithm on big-endian systems: * 0004-upstream-fix-ML-KEM768x25519-KEX-on-big-endian-systems-spotted-by.patch ==== openssl-3 ==== Version update (3.1.4 -> 3.1.7) Subpackages: libopenssl3 - Update to 3.1.7: * Major changes between OpenSSL 3.1.6 and OpenSSL 3.1.7 [3 Sep 2024] - Fixed possible denial of service in X.509 name checks (CVE-2024-6119) - Fixed possible buffer overread in SSL_select_next_proto() (CVE-2024-5535) * Major changes between OpenSSL 3.1.5 and OpenSSL 3.1.6 [4 Jun 2024] - Fixed potential use after free after SSL_free_buffers() is called (CVE-2024-4741) - Fixed an issue where checking excessively long DSA keys or parameters may be very slow (CVE-2024-4603) - Fixed unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511) * Major changes between OpenSSL 3.1.4 and OpenSSL 3.1.5 [30 Jan 2024] - Fixed PKCS12 Decoding crashes (CVE-2024-0727) - Fixed Excessive time spent checking invalid RSA public keys [CVE-2023-6237) - Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC CPUs which support PowerISA 2.07 (CVE-2023-6129) - Fix excessive time spent in DH check / generation with large Q parameter value (CVE-2023-5678) * Update openssl.keyring with BA5473A2B0587B07FB27CF2D216094DFD0CB81EF * Rebase patches: - openssl-Force-FIPS.patch - openssl-FIPS-embed-hmac.patch - openssl-FIPS-services-minimize.patch - openssl-FIPS-RSA-disable-shake.patch - openssl-CVE-2023-50782.patch * Remove patches fixed in the update: - openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch - openssl-CVE-2024-6119.patch openssl-CVE-2024-5535.patch - openssl-CVE-2024-4741.patch openssl-CVE-2024-4603.patch - openssl-CVE-2024-2511.patch openssl-CVE-2024-0727.patch - openssl-CVE-2023-6237.patch openssl-CVE-2023-6129.patch - openssl-CVE-2023-5678.patch - openssl-Enable-BTI-feature-for-md5-on-aarch64.patch - openssl-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch - openssl-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch - reproducible.patch ==== openssl ==== Version update (3.1.4 -> 3.1.7) - Update to 3.1.7 ==== openvpn ==== Subpackages: openvpn-auth-pam-plugin - Fix multiple exit notifications from authenticated clients will extend the validity of a closing session (bsc#1227546 CVE-2024-28882) Patchname:openvpn-CVE-2024-28882.patch - Enable Data-Channel-Offloading (DCO) for better performance (jsc#PED-8305) if libnl >= 3.4 is available ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Agama does not install chrony, add it to the pattern like on all other products, so that it is always there, including on images. ==== patterns-gnome ==== Subpackages: patterns-gnome-gnome_basic patterns-gnome-gnome_basis - Drop file-roller Recommends, the built in support in nautilus is sufficient. - Change console to gnome-console Recommends: Use the current app name. - Drop nautilus-extension-terminal Recommends: nautilus supports gnome-console nativly. ==== python-pycups ==== - fix_shebang on the postscript driver rpmhook ==== python311 ==== - Add CVE-2024-9287-venv_path_unquoted.patch to properly quote path names provided when creating a virtual environment (bsc#1232241, CVE-2024-9287) - Drop .pyc files from docdir for reproducible builds (bsc#1230906). ==== python311-core ==== Subpackages: libpython3_11-1_0 python311-base - Add CVE-2024-9287-venv_path_unquoted.patch to properly quote path names provided when creating a virtual environment (bsc#1232241, CVE-2024-9287) - Drop .pyc files from docdir for reproducible builds (bsc#1230906). ==== qemu ==== Version update (9.1.0 -> 9.1.1) - Update to version 9.1.1: Full changelog here: https://lore.kernel.org/qemu-devel/7f0561ec-3564-4860-bacf-a98071a5ce52@tls.msk.ru/ Some of the most notable features: * ui/dbus: fix filtering all update messages * ui/win32: fix potential use-after-free with dbus shared memory * ui/dbus: fix leak on message filtering * hw/audio/hda: fix memory leak on audio setup * hw/audio/hda: free timer on exit * hw/char/pl011: Use correct masks for IBRD and FBRD * hw/intc/arm_gicv3_cpuif: Add cast to match the documentation * hw/intc/arm_gicv3: Add cast to match the documentation * hw/intc/arm_gicv3: Add cast to match the documentation * meson: ensure -mcx16 is passed when detecting ATOMIC128 * meson: define qemu_isa_flags * meson: fix machine option for x86_version * target/m68k: Always return a temporary from gen_lea_mode * tcg/ppc: Use TCG_REG_TMP2 for scratch index in prepare_host_addr * tcg/ppc: Use TCG_REG_TMP2 for scratch tcg_out_qemu_st * linux-user: Fix parse_elf_properties GNU0_MAGIC check * linux-user/flatload: Take mmap_lock in load_flt_binary() * vnc: fix crash when no console attached * testing: bump mips64el cross to bookworm and fix package list * hw/sd/sdcard: Fix handling of disabled boot partitions * target/arm: Avoid target_ulong for physical address lookups * block/reqlist: allow adding overlapping requests * util/timer: avoid deadlock when shutting down * hw/mips/jazz: fix typo in in-built NIC alias * tcg: Fix iteration step in 32-bit gvec operation * hw/loongarch/virt: Add description for virt machine type * migration/multifd: Fix p->iov leak in multifd-uadk.c * target/ppc: Fix migration of CPUs with TLB_EMB TLB type * target/hppa: Fix random 32-bit linux-user crashes * target/arm: Correct ID_AA64ISAR1_EL1 value for neoverse-v1 * hw/char/stm32l4x5_usart.c: Enable USART ACK bit response * migration/multifd: Fix rb->receivedmap cleanup race * mac_dbdma: Remove leftover `dma_memory_unmap` calls - Fix boo#1231166: * [openSUSE][RPM] The qemu translation is not being installed (boo#1231166) ==== runc ==== Version update (1.2.0 -> 1.2.1) - Update to runc v1.2.1. Upstream changelog is available from . ==== samba ==== Version update (4.21.1+git.367.e1da597d86e -> 4.21.1+git.372.cb50f2d0a68) Subpackages: libldb2 samba-ad-dc-libs samba-client samba-client-libs samba-dcerpc samba-libs - Add placeholder changelog for sle15-sp7; (jsc#PED-11210). ==== selinux-policy ==== Version update (20241021 -> 20241031) Subpackages: selinux-policy-targeted - Update to version 20241031: * Label /var/livepatches as lib_t for ULP on micro (bsc#1228879) ==== snapper ==== Subpackages: libsnapper7 - generate dsc file for Ubuntu 24.10 ==== speech-dispatcher ==== Version update (0.12.0~rc3 -> 0.12.0~rc4) - Update to version 0.12.0~rc4: * audio: Fix logging from audio modules in server-side audio. * Sort Baratinoo engine higher. * espeak-ng-mbrola: Fix mbrola voices with rate different from 22KHz * Add a run-spd-say script and make run-speechd and run-spd-say able to talk directly. * Add initial pipewire support. - Drop speech-dispatcher-missing-return-vals.patch and speech-dispatcher-pulseaudio-samples.patch: fixed upstream. - Add libpipewire-0.3 to BuildRequires to build Pipewire support. - Package speechd_module library. - Drop rcFOO symlinks (PED-266). ==== sqlite3 ==== Version update (3.46.0 -> 3.46.1) - Update to release 3.46.1: * Improved robustness while parsing the tokenize= arguments in FTS5. * Enhancements to covering index prediction in the query planner. * Do not let the number of terms on a VALUES clause be limited by SQLITE_LIMIT_COMPOUND_SELECT, even if the VALUES clause contains elements that appear to be variables due to double-quoted string literals. * Fix the window function version of group_concat() so that it returns an empty string if it has one or more empty string inputs. * In FTS5 secure-delete mode, fix false-positive integrity-check reports about corrupt indexes. * Syntax errors in ALTER TABLE should always return SQLITE_ERROR. In some cases, they were formerly returning SQLITE_INTERNAL. * Other minor fixes. ==== system-users ==== Subpackages: system-group-hardware system-group-kvm system-group-wheel system-user-lp system-user-nobody system-user-tss - system-user-nobody: remove shell for user nobody, all packages should be meanwhile adjusted, no other distribution has a shell for this user. ==== sysvinit ==== Version update (3.10 -> 3.11) - Update to sysvinit 3.11 * Some escape characters were included in the inittab manual page, but not displayed by the "man" command because they were not (ironically) properly escaped. This has been fixed. * Enabled chaining commands together in the inittab file. This allows the admin to run commands like "task1 && task2" or "task2 || task2" from the inittab file. * Fix typoes in halt manual page. Fixes provided by Bjarni Ingi Gislason. * Fix typos/markdown in fstab-decode manual page. Patch provided by Bjarni Ingi Gislason. ==== tecla-keyboard-layout-viewer ==== - Update license to GPL-2.0-pr-later, conforming to the license declated in the source files. ==== toolbox ==== Version update (2.4+git20241025.00f69f5 -> 2.4+git20241030.2ae8421) - Update to version 2.4+git20241030.2ae8421: * Adjust md syntax for go-md2man * Fix header * Sync README with manual page * Ignore generated toolbox.1 manual page ==== update-bootloader ==== Version update (1.17 -> 1.18) - merge gh#openSUSE/perl-bootloader#181 - explicitly use bash as shell (bsc#1231018) - 1.18 ==== vlc ==== Subpackages: libvlc5 libvlccore9 vlc-noX vlc-qt - Drop the requres_ge libbluray1 statement, which was added as a hack due to a libbluray ABI brak at version 0.5. By now libbluray is at .so.2, so that statement was actually a NOP. as RPM simply ignored in-existing package dependencies. ==== xkeyboard-config ==== - n_fi-kotoistus-metainfo.patch * add meta information for default variant of "fi" keyboard layout "kotoistus" needed for GNOME or other users of xkeyboard meta XML files (boo#1227420) ==== yaml-cpp ==== - Add baselibs.conf