Packages changed: MicroOS-release (20241105 -> 20241107) bluedevil6 (6.2.2 -> 6.2.3) breeze6 (6.2.2 -> 6.2.3) breeze6-gtk (6.2.2 -> 6.2.3) cockpit-podman containerd discover6 (6.2.2 -> 6.2.3) enchant (2.2.15 -> 2.8.2) flatpak-kcm6 (6.2.2 -> 6.2.3) gnome-session grub2 gstreamer (1.24.8 -> 1.24.9) gstreamer-plugins-bad (1.24.8 -> 1.24.9) gstreamer-plugins-base (1.24.8 -> 1.24.9) gstreamer-plugins-good (1.24.8 -> 1.24.9) harfbuzz (10.0.1 -> 10.1.0) kactivitymanagerd6 (6.2.2 -> 6.2.3) kde-cli-tools6 (6.2.2 -> 6.2.3) kde-gtk-config6 (6.2.2 -> 6.2.3) kdecoration6 (6.2.2 -> 6.2.3) kdeplasma6-addons (6.2.2 -> 6.2.3) kgamma6 (6.2.2 -> 6.2.3) kglobalacceld6 (6.2.2 -> 6.2.3) kinfocenter6 (6.2.2 -> 6.2.3) kmenuedit6 (6.2.2 -> 6.2.3) kpipewire6 (6.2.2 -> 6.2.3) kscreen6 (6.2.2 -> 6.2.3) kscreenlocker6 (6.2.2 -> 6.2.3) ksshaskpass6 (6.2.2 -> 6.2.3) ksystemstats6 (6.2.2 -> 6.2.3) kwayland-integration6 (6.2.2 -> 6.2.3) kwayland6 (6.2.2 -> 6.2.3) kwin6 (6.2.2 -> 6.2.3) kwrited6 (6.2.2 -> 6.2.3) layer-shell-qt6 (6.2.2 -> 6.2.3) libftdi1 libkscreen6 (6.2.2 -> 6.2.3) libksysguard6 (6.2.2 -> 6.2.3) libplasma6 (6.2.2 -> 6.2.3) lsof milou6 (6.2.2 -> 6.2.3) multipath-tools (0.10.0+103+suse.0fc97cd -> 0.10.0+108+suse.2c2e597) openssl-3 (3.1.7 -> 3.2.3) openssl (3.1.7 -> 3.2.3) patterns-base patterns-gnome plasma5support6 (6.2.2 -> 6.2.3) plasma6-activities (6.2.2 -> 6.2.3) plasma6-activities-stats (6.2.2 -> 6.2.3) plasma6-browser-integration (6.2.2 -> 6.2.3) plasma6-desktop (6.2.2 -> 6.2.3) plasma6-integration (6.2.2 -> 6.2.3) plasma6-nm (6.2.2 -> 6.2.3) plasma6-openSUSE plasma6-pa (6.2.2 -> 6.2.3) plasma6-print-manager (6.2.2 -> 6.2.3) plasma6-systemmonitor (6.2.2 -> 6.2.3) plasma6-workspace (6.2.2 -> 6.2.3) polkit-default-privs (1550+20241017.007e12d -> 1550+20241105.bedeeca) polkit-kde-agent-6 (6.2.2 -> 6.2.3) powerdevil6 (6.2.2 -> 6.2.3) python-Mako (1.3.5 -> 1.3.6) python-SQLAlchemy (2.0.32 -> 2.0.36) python-attrs (23.2.0 -> 24.2.0) python-cryptography qemu qqc2-breeze-style6 (6.2.2 -> 6.2.3) sdbootutil (1+git20241017.34ee974 -> 1+git20241107.542aa84) sddm-kcm6 (6.2.2 -> 6.2.3) selinux-policy (20241031 -> 20241105) systemsettings6 (6.2.2 -> 6.2.3) webkit2gtk3 (2.46.2 -> 2.46.3) webkit2gtk4 (2.46.2 -> 2.46.3) xdg-desktop-portal-kde6 (6.2.2 -> 6.2.3) xorg-x11-server (21.1.12 -> 21.1.14) xwayland (24.1.3 -> 24.1.4) === Details === ==== MicroOS-release ==== Version update (20241105 -> 20241107) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== bluedevil6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * Correct PIN entry behavior ==== breeze6 ==== Version update (6.2.2 -> 6.2.3) Subpackages: breeze6-cursors breeze6-decoration breeze6-style breeze6-wallpapers - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * KStyle: Don't dereference nullptr ==== breeze6-gtk ==== Version update (6.2.2 -> 6.2.3) Subpackages: gtk2-metatheme-breeze6 gtk3-metatheme-breeze6 gtk4-metatheme-breeze6 metatheme-breeze6-common - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== cockpit-podman ==== - correct-container-search.patch: Fixes issues searching containers bsc#1232687 - Fix systemd units folder for leap and sle (Similar issue like boo#1226541) ==== containerd ==== - build for SLE12 as well ==== discover6 ==== Version update (6.2.2 -> 6.2.3) Subpackages: discover6-backend-flatpak discover6-backend-fwupd discover6-notifier - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * FwupdBackend: Do not use more API now removed in fwupd 2.0.0 * ApplicationPage: Fix visibility of the reviews component (kde#495597) ==== enchant ==== Version update (2.2.15 -> 2.8.2) Subpackages: enchant-2-backend-hunspell enchant-data libenchant-2-2 - Update to 2.8.2 + maintainer has changed their name from abiWord to rrthomas on Github, hence update Source and URL to new home. + Switch to vala. + Use doxygen and groff-full for documentation. + nuspell >= 5.1.0 is required. + for more information see: NEWS - Add doxygen, vala and groff-full BuildRequires following upstream changes. - Pass --docdir=%%{_defaultdocdir}/%%{name} to configure, package the now built documentation in openSUSE standard. ==== flatpak-kcm6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - No code changes since 6.2.2 ==== gnome-session ==== Subpackages: gnome-session-core gnome-session-default-session gnome-session-wayland - Split out new sub-package gnome-session-xsession. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin - Fix grub.cfg is loaded from an unexpected fallback directory instead of the root directory during PXE boot when grub is loaded from the tftp root directory (bsc#1232391) * 0001-kern-main-Fix-cmdpath-in-root-directory.patch * grub2.spec: Refine PPC grub.elf early config to derive root from cmdpath directly, avoiding the unneeded search ==== gstreamer ==== Version update (1.24.8 -> 1.24.9) Subpackages: libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.24.9: + Highlighted bugfixes: - gst-rtsp-server security fix - GstAggregator start time selection and latency query fixes for force-live mode - audioconvert: fix dynamic handling of mix matrix, and accept custom upstream event for setting one - encodebin: fix parser selection for encoders that support multiple codecs - flvmux improvments for pipelines where timestamps don't start at 0 - glcontext: egl: Unrestrict the support base DRM formats - kms: Add IMX-DCSS auto-detection in sink and fix stride with planar formats in allocator - macOS main application event loop fixes - mpegtsdemux: Handle PTS/DTS wraparound with ignore-pcr=true - playbin3, decodebin3, parsebin, urisourcebin: fix races, and improve stability and stream-collection handling - rtpmanager: fix early RTCP SR generation for sparse streams like metadata - qml6glsrc: Reduce capture delay - qtdemux: fix parsing of rotation matrix with 180 degree rotation - rtpav1depay: added wait-for-keyframe and request-keyframe properties - srt: make work with newer libsrt versions and don't re-connect on authentication failure - v4l2 fixes and improvement - webrtcsink, webrtcbin and whepsrc fixes - cerbero: fix Python 3.13 compatibility, g-i with newer setuptools, bootstrap on Arch Linux; iOS build fixes - Ship qroverlay plugin in binary packages - Various bug fixes, memory leak fixes, and other stability and reliability improvements + Gstreamer: - aggregator: . Fix start time selection first with force-live . Fix live query when force-live is TRUE - parse-launch: Make sure children are bins before recursing in - macos: Fix race conditions in cocoa/application main event loop - multiqueue: Do not unref the query we get in pad->query ==== gstreamer-plugins-bad ==== Version update (1.24.8 -> 1.24.9) Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Disable RDF parsing for Ladspa plugins. It provides hardly any value (glfo#gstreamer/gstreamer#3168), but has a fairly large reverse dependency set. Drop pkgconfig(lrdf) BuildRequires and pass ladspa-rdf=disabled to meson setup. - Update to version 1.24.9: + avfdeviceprovider: Fix leak from the GstCaps + codecparsers: add debug categories to bitwriters + codectimestamper: Fix gint wraparound in pts_compare_func + dvxa: Explicitly use cpp_std=c++11 + GstPlay: message parsing and documentation improvements + h26xbitwriter: false have_space if aligning fails on aud + kmsallocator: fix stride with planar formats + kmssink: Add IMX-DCSS auto-detection + mpegtsdemux: Handle PTS/DTS wraparound with ignore-pcr=true + rtmp2sink: Initialize base_ts / last_ts with the actual first observed timestamp + scenechange: fix memory leak + srt: Don't attempt to reconnect on authentication failures + srtsink: Register SRT listen callback before binding socket + tests: - lc3: Allocate the same size for the buffer and the data - va: fix vapostproc test for DMABuf + va: Fix libdrm include, plus meson and wrap changes + vp8decoder: Fix resolution change handling + vtdec: add support for level 6 6.1 and 6.2 + vaav1enc: Do not enable palette mode by default + wayland: Add NV15 support + webrtcbin: Clean up bin elements when datachannel is removed ==== gstreamer-plugins-base ==== Version update (1.24.8 -> 1.24.9) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 - Update to version 1.24.9: + allocators: drmdumb: Fix bpp value for P010 + audioconvert: fix dynamic handling of mix matrix, accept custom upstream event for setting one + decodebin3: - Make update/posting of collection messages atomic - Send selected stream message as long as not all the tracks can't select decoders + encodebasebin: Miscellaneous fixes + exiftag: Check the result of gst_date_time_new_local_time(), fixes criticals with malformed EXIF tags + glcontext: egl: Unrestrict the support base DRM formats + gldownload: use gst_gl_sync_meta_wait_cpu() + gl: Fix configure error when libdrm is a subproject + playback: Fix a variety of decodebin3/parsebin/urisourcebin races + playbin3: prevent crashing trying to play a corrupted mp4 file (WARNING : HIGH PITCHED CORRUPTED SOUND) + Revert "meson: Fix invalid include flag in uninstalled gl pc file" + urisourcebin: - Allow more cases for posting stream-collection - Ensure all stream-start are handled + urisourcebin/parsebin: Improve collection creation and handling ==== gstreamer-plugins-good ==== Version update (1.24.8 -> 1.24.9) - Update to version 1.24.9: + flvmux: Use first running time on the initial header instead of 0 + qml6glsrc: Reduce capture delay + qtdemux: - Check fourcc of a second CEA608 atom instead of assuming it's cdt2 - Fix parsing of matrix with 180 rotation - Skip zero-sized boxes instead of stopping to look at further boxes + rtpmanager: skip RTPSources which are not ready in the RTCP generation + rtppassthroughpay: Fix reading clock-rate and payload type from caps + twcc: Handle wrapping of reference time + v4l2object: append non colorimetry structure to probed caps + v4l2: Various fixes and improvement ==== harfbuzz ==== Version update (10.0.1 -> 10.1.0) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 10.1.0: + Fix the sign of fallback vertical glyph advance (used when font has no vertical advance data). + Increase maximum “CFF” operands limit 20 times to support more complex fonts. + Add “--face-loader” option to command line utilities. + Support “COLR” v0 table in hb_font_get_glyph_extents(). + Add support for font functions that use Core Text APIs, similar to FreeType font functions. This allows, for example, using drawing fonts that use the new (and undocumented) “hvgl” table. + Update IANA and OT language registries, as well ase USE data files. + Fix build with ICU 76. + Various compiler warnings and build fixes. + Various subsetter fixes. ==== kactivitymanagerd6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== kde-cli-tools6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== kde-gtk-config6 ==== Version update (6.2.2 -> 6.2.3) Subpackages: kde-gtk-config6-gtk3 - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * Gracefully handle decoration plugin failing to load ==== kdecoration6 ==== Version update (6.2.2 -> 6.2.3) Subpackages: libkdecorations2-6 libkdecorations2private11 - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== kdeplasma6-addons ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * applets/userswitcher: fix showing other logged-in users' avatars ==== kgamma6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== kglobalacceld6 ==== Version update (6.2.2 -> 6.2.3) Subpackages: libKGlobalAccelD6-0 - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== kinfocenter6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * appiumtests: fix wayland ==== kmenuedit6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== kpipewire6 ==== Version update (6.2.2 -> 6.2.3) Subpackages: kpipewire6-imports libKPipeWire6 libKPipeWireDmaBuf6 libKPipeWireRecord6 - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * libx264encoder: Ensure stream size is always a multiple of 2 (kde#485733) * encoder: Make it possble to override the filter graph used for software encode ==== kscreen6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== kscreenlocker6 ==== Version update (6.2.2 -> 6.2.3) Subpackages: libKScreenLocker6 - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== ksshaskpass6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== ksystemstats6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * plugins/pressure: Use ulonglong for storing "total" time information ==== kwayland-integration6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== kwayland6 ==== Version update (6.2.2 -> 6.2.3) Subpackages: libKWaylandClient6 - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== kwin6 ==== Version update (6.2.2 -> 6.2.3) Subpackages: libkwin6 - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * input: don't crash if the internal handle is nullptr (wheelEvent) * backends/x11: fix colormap leak * Update ExpoCell contentItem position upon its parent change (kde#495501) * scene: Fix item restacking repaints * xwayland: Fix a couple of file descriptor leaks (kde#442846) * plugins/keynotification: Fix event ID for notification (kde#495264) * backends/drm: don't set backlight brightness to 1 in HDR mode (kde#495242) * core/colorspace: ensure that we don't create elevated blacks with black point compensation (kde#494854) * autotests: test that ColorPipeline and OpenGL shader results at least somewhat match * core/colorpipeline: do ICtCp conversion the correct way around * core/colorpipeline: use PQ with min. luminance zero for tone mapping * core/colorpipeline: fix multiplier+matrix optimization * core/colorpipeline: don't transpose the ICtCp matrix * core/colorpipeline: fix tone mapping luminances being switched around * backends/drm: check if m_commits is empty after waiting for commitPending * use xcb_connection_has_error to check for failue * Fix "window to next desktop" shortcut during interactive move/resize session * backends/drm: add an environment variable to force glFinish on multi gpu copies * backends/drm: disable software brightness if there was ever a hardware brightness device assigned ==== kwrited6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== layer-shell-qt6 ==== Version update (6.2.2 -> 6.2.3) Subpackages: libLayerShellQtInterface6 - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== libftdi1 ==== - Fix for SWIG 4.3.0, add patch swig-4.3.patch ==== libkscreen6 ==== Version update (6.2.2 -> 6.2.3) Subpackages: libKF6Screen8 libKF6ScreenDpms8 libkscreen6-plugin - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== libksysguard6 ==== Version update (6.2.2 -> 6.2.3) Subpackages: ksysguardsystemstats6-data libKSysGuardSystemStats2 libksysguard6-imports - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * sensors: Improve robustness of SensorDaemonInterface * faces: Skip null entries when trying to resolve sensors * faces/grid: Specify updateRateLimit for FaceLoader (kde#494019) * faces: Explicitly emit signals on internal controller on property change * faces: Allow specifying updateRateLimit for FaceLoader ==== libplasma6 ==== Version update (6.2.2 -> 6.2.3) Subpackages: libPlasma6 libplasma6-components libplasma6-desktoptheme - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== lsof ==== - Add reproducible.patch to not store build host kernel version (boo#1232425) ==== milou6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== multipath-tools ==== Version update (0.10.0+103+suse.0fc97cd -> 0.10.0+108+suse.2c2e597) Subpackages: kpartx libmpath0 - Update to version 0.10.0+108+suse.2c2e597: * Update fix for bsc#1232063 to upstream-accepted solution - Update to version 0.10.0+106+suse.ffbdb7a: * Fix reboot hang if uevent is processed for suspended device (bsc#1232063) ==== openssl-3 ==== Version update (3.1.7 -> 3.2.3) Subpackages: libopenssl3 - Support MSA 11 HMAC on s390x jsc#PED-10273 * Add openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch * Add openssl-3-fix-hmac-digest-detection-s390x.patch * Add openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch - Add hardware acceleration for full AES-XTS jsc#PED-10273 * Add openssl-3-hw-acceleration-aes-xts-s390x.patch - Support MSA 12 SHA3 on s390x jsc#PED-10280 * Add openssl-3-add_EVP_DigestSqueeze_api.patch * Add openssl-3-support-multiple-sha3_squeeze_s390x.patch * Add openssl-3-add-xof-state-handling-s3_absorb.patch * Add openssl-3-fix-state-handling-sha3_absorb_s390x.patch * Add openssl-3-fix-state-handling-sha3_final_s390x.patch * Add openssl-3-fix-state-handling-shake_final_s390x.patch * Add openssl-3-fix-state-handling-keccak_final_s390x.patch * Add openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch * Add openssl-3-add-defines-CPACF-funcs.patch * Add openssl-3-add-hw-acceleration-hmac.patch * Add openssl-3-support-CPACF-sha3-shake-perf-improvement.patch * Add openssl-3-fix-s390x_sha3_absorb.patch * Add openssl-3-fix-s390x_shake_squeeze.patch - Update to 3.2.3: * Changes between 3.2.2 and 3.2.3: - Fixed possible denial of service in X.509 name checks. [CVE-2024-6119] - Fixed possible buffer overread in SSL_select_next_proto(). [CVE-2024-5535] * Changes between 3.2.1 and 3.2.2: - Fixed potential use after free after SSL_free_buffers() is called. [CVE-2024-4741] - Fixed an issue where checking excessively long DSA keys or parameters may be very slow. [CVE-2024-4603] - Improved EC/DSA nonce generation routines to avoid bias and timing side channel leaks. - Fixed an issue where some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions. [CVE-2024-2511] - New atexit configuration switch, which controls whether the OPENSSL_cleanup is registered when libcrypto is unloaded. This can be used on platforms where using atexit() from shared libraries causes crashes on exit. - Fixed bug where SSL_export_keying_material() could not be used with QUIC connections. * Add openssl-skip-quic-pairwise.patch to adapt the pairwise tests. * Merge openssl-FIPS-release_num_in_version_string.patch into openssl-FIPS-services-minimize.patch * Rebase patches: - openssl-Add-changes-to-ectest-and-eccurve.patch - openssl-FIPS-140-3-keychecks.patch - openssl-FIPS-embed-hmac.patch - openssl-Remove-EC-curves.patch - openssl-skipped-tests-EC-curves.patch - openssl-FIPS-early-KATS.patch - openssl-Allow-disabling-of-SHA1-signatures.patch - openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch - openssl-FIPS-limit-rsa-encrypt.patch - openssl-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch - openssl-FIPS-Use-digest_sign-digest_verify-in-self-test.patch - openssl-FIPS-140-3-DRBG.patch - openssl-FIPS-140-3-zeroization.patch - openssl-Add-FIPS-indicator-parameter-to-HKDF.patch - openssl-FIPS-Remove-X9.31-padding-from-FIPS-prov.patch - openssl-FIPS-Add-explicit-indicator-for-key-length.patch - openssl-pbkdf2-Set-minimum-password-length-of-8-bytes.patch - openssl-FIPS-signature-Add-indicator-for-PSS-salt-length.patch - openssl-3-FIPS-GCM-Implement-explicit-indicator-for-IV-gen.patch - openssl-FIPS-enforce-EMS-support.patch - openssl-3-jitterentropy-3.4.0.patch * Remove not needed patches: - openssl-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch - openssl-3-FIPS-PCT_rsa_keygen.patch - Remove the engines' directories and symlinks that were added to allow parallel installations with openssl-1_1. * Remove openssl-3-use-include-directive.patch - Remove the hardcoded DEFAULT_SUSE cipherlist selection. * Remove openssl-DEFAULT_SUSE_cipher.patch - Update to 3.2.1: * Changes between 3.2.0 and 3.2.1: - A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL did not correctly check for this case. [CVE-2024-0727] - When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. [CVE-2023-6237] - Restore the encoding of SM2 PrivateKeyInfo and SubjectPublicKeyInfo to have the contained AlgorithmIdentifier.algorithm set to id-ecPublicKey rather than SM2. - The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs saves the contents of vector registers in different order than they are restored. [CVE-2023-6129] - Disable building QUIC server utility when OpenSSL is configured with 'no-apps'. * The openssl-crypto-policies-support.patch has been merged into openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch * Rename openssl-Disable-default-provider-for-test-suite.patch and rebase to openssl-TESTS-Disable-default-provider-crypto-policies.patch * Patches removed in the update: - openssl-Add_support_for_Windows_CA_certificate_store.patch - openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch - openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch - openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch - openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch - openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch - openssl-CVE-2024-41996.patch ... changelog too long, skipping 176 lines ... a basic thread pool implementation for select platforms. ==== openssl ==== Version update (3.1.7 -> 3.2.3) - Update to 3.2.3 - Update to 3.2.1 - Update to 3.2.0 ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Remove "Recommends: restorecond" from selinux pattern as we don't want it to be installed by default. ==== patterns-gnome ==== Subpackages: patterns-gnome-gnome_basic patterns-gnome-gnome_basis - Require gnome-session-xsession in the gnome (X11) pattern. ==== plasma5support6 ==== Version update (6.2.2 -> 6.2.3) Subpackages: libPlasma5Support6 - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== plasma6-activities ==== Version update (6.2.2 -> 6.2.3) Subpackages: libPlasmaActivities6 plasma6-activities-imports - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== plasma6-activities-stats ==== Version update (6.2.2 -> 6.2.3) Subpackages: libPlasmaActivitiesStats1 - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== plasma6-browser-integration ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== plasma6-desktop ==== Version update (6.2.2 -> 6.2.3) Subpackages: plasma6-desktop-emojier - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * Application Dashboard: Show app tooltips properly (kde#494802) * applets/taskmanager: Fix icon alignment when is reversed (kde#489648) * emojier: do substring search in emoji annotations as well (kde#435787) * activitymanager: Avoid infinite loop in ActivityList * positioner: Make sure we check deferMovePositions exist * appiumtests: fix desktoptest * appiumtests: fix kcm_plasmasearch_test * applets/taskmanager: use TextMetrics directly to elide long recent items ==== plasma6-integration ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * Update m_palettes even when KDE_COLOR_SCHEME_PATH is set ==== plasma6-nm ==== Version update (6.2.2 -> 6.2.3) Subpackages: plasma6-nm-openconnect plasma6-nm-openvpn - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * [kcm] Update selected connection when opening KCM a second time (kde#461568) ==== plasma6-openSUSE ==== Subpackages: plasma6-branding-openSUSE plasma6-sddm-theme-openSUSE plasma6-theme-openSUSE - Update to 6.2.3 ==== plasma6-pa ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * rename: set correct device name upon reset (kde#494546) ==== plasma6-print-manager ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== plasma6-systemmonitor ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== plasma6-workspace ==== Version update (6.2.2 -> 6.2.3) Subpackages: plasma6-session plasma6-workspace-libs - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * Do early return for ServciesRunner::resolvedArgs in case of error * Always show full logout screen for "Show Logout Screen" desktop menu item (kde#495390) * lookandfeel: Explicitly set theme to Breeze in defaults * kcms/users: crop character faces properly (kde#494487) * kcms/users: Fix UI on mobile * logout-greeter: don't doubt the daemon * logout-greeter: categorize warnings * logout-greeter: don't wake up packagekit needlessly * appiumtests: fix kcm_cursortheme_test * appiumtests: fix kcm_autostart_test * appiumtests: fix kcm_users_test * appiumtests: fix digitalclocktest * components/dbus: fix invalid variant type since Qt 6.8 * appiumtests: fix systemdialogtest ==== polkit-default-privs ==== Version update (1550+20241017.007e12d -> 1550+20241105.bedeeca) - Update to version 1550+20241105.bedeeca: * profiles: whitelist xfce mousepad pkexec action (bsc#1232231) ==== polkit-kde-agent-6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== powerdevil6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * Applets/batterymonitor: correct dbus watcher * applets: react to power-profile-daemon dbus registration (kde#492859) * daemon: Only write DDC brightness after reading and comparing first * daemon: Set ddcutil as missing if initialization fails * autotests: only enable dbus debug message for backlighthelper in brightnesstest ==== python-Mako ==== Version update (1.3.5 -> 1.3.6) - Update to 1.3.6 * Fixed long standing bug where the sequence <& would be misinterpreted by the lexer. It's not clear why the ampersand character was part of the characters being consumed here and it may have been an inadvertent bit of code from one of Mako's predecessor languages. - Adjust upstream source name in spec file ==== python-SQLAlchemy ==== Version update (2.0.32 -> 2.0.36) - Update to 2.0.36 * Fixed bug where SQL functions passed to :paramref:`_schema.Column.server_default` would not be rendered with the particular form of parenthesization now required by newer versions of MySQL and MariaDB. Pull request courtesy of huuya. * Fixed bug in ORM bulk update/delete where using RETURNING with bulk update/delete in combination with ``populate_existing`` would fail to accommodate the ``populate_existing`` option. * Continuing from :ticket:`11912`, columns marked with :paramref:`.mapped_column.onupdate`, :paramref:`.mapped_column.server_onupdate`, or :class:`.Computed` are now refreshed in ORM instances when running an ORM enabled UPDATE with WHERE criteria, even if the statement does not use RETURNING or ``populate_existing``. * Added new parameter :paramref:`_orm.mapped_column.hash` to ORM constructs such as :meth:`_orm.mapped_column`, :meth:`_orm.relationship`, etc., which is interpreted for ORM Native Dataclasses in the same way as other dataclass-specific field parameters. * Fixed bug in reflection of table comments where unrelated text would be returned if an entry in the ``pg_description`` table happened to share the same oid (objoid) as the table being reflected. * Fixed regression caused by fixes to joined eager loading in :ticket:`11449` released in 2.0.31, where a particular joinedload case could not be asserted correctly. We now have an example of that case so the assertion has been repaired to allow for it. * Improved the error message emitted when trying to map as dataclass a class while also manually providing the ``__table__`` attribute. This usage is currently not supported. * Improved a query used for the MySQL 8 backend when reflecting foreign keys to be better optimized. Previously, for a database that had millions of columns across all tables, the query could be prohibitively slow; the query has been reworked to take better advantage of existing indexes. * Datatypes that are binary based such as :class:`.VARBINARY` will resolve to :class:`.LargeBinary` when the :meth:`.TypeEngine.as_generic()` method is called. * The :class:`.postgresql.JSON` and :class:`.postgresql.JSONB` datatypes will now render a "bind cast" in all cases for all PostgreSQL backends, including psycopg2, whereas previously it was only enabled for some backends. This allows greater accuracy in allowing the database server to recognize when a string value is to be interpreted as JSON. * Refined the check which the ORM lazy loader uses to detect "this would be loading by primary key and the primary key is NULL, skip loading" to take into account the current setting for the :paramref:`.orm.Mapper.allow_partial_pks` parameter. If this parameter is ``False``, then a composite PK value that has partial NULL elements should also be skipped. This can apply to some composite overlapping foreign key configurations. * Fixed bug in ORM "update with WHERE clause" feature where an explicit ``.returning()`` would interfere with the "fetch" synchronize strategy due to an assumption that the ORM mapped class featured the primary key columns in a specific position within the RETURNING. This has been fixed to use appropriate ORM column targeting. * Fixed regression from 1.4 where some datatypes such as those derived from :class:`.TypeDecorator` could not be pickled when they were part of a larger SQL expression composition due to internal supporting structures themselves not being pickleable. - Adjust upstream source name in spec file - For changes between 2.0.33 through 2.0.34 see the upstream changelog * https://docs.sqlalchemy.org/en/20/changelog ==== python-attrs ==== Version update (23.2.0 -> 24.2.0) - Upgrade to 24.2.0: - Big releases always carry the risk of regressions, but never did I expect to break Python 3.14’s CI! On the plus side, attrs runs on 3.14 now. - Upgrade to 24.1.0: - The most notable is probably the possibility to receive self and field definitions in your converters by wrapping them into a attrs.Converter. - The other big thing is our own replacement for __init_subclass__ called (you guessed it) __attrs_init_subclass__. Check out the docs, if you're not sure what this is good for. - Finally, we've made more important steps to promote our "new" APIs (can you believe they're 4 years old!?) in the docs. If we missed anything, please let us know. - Remove upstreamed patch: - pytest8.patch ==== python-cryptography ==== - Avoid using requires_eq, which after the last modifications conflicts with python singlespec (order of expansion). ==== qemu ==== - Fix bsc#1232617: * qemu-ga: Fix a SIGSEGV in ga_run_command() helper (bsc#1232617) ==== qqc2-breeze-style6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * Fix calculation of width of DialogButtonBox * Add missing dependencies on QtQuick.Window ==== sdbootutil ==== Version update (1+git20241017.34ee974 -> 1+git20241107.542aa84) Subpackages: sdbootutil-snapper sdbootutil-tukit - Update to version 1+git20241107.542aa84: * Fix missing timeout parameter - Update to version 1+git20241105.3404bf8: * Do a cleanup before making free space * Simplify unlock mechanism and recovery key enroll * Drop generate-pin parameter * Indentation and comments fix * Measure grubenv * Add set-default and set-timout commands * rollback bootloader after setting default snapshot * Improve error checking and fix small bugs * Add --unlock argument * Use unique names for the kernel keyring * Add --generate-pin to generate a recovery PIN * Enroll a new recovery key * Bind mount snapshot dir onto itself before chroot. ==== sddm-kcm6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== selinux-policy ==== Version update (20241031 -> 20241105) Subpackages: selinux-policy-targeted - Update to version 20241105: * Allow virt_dbus_t to connect to virtd_t over unix_stream_socket (bsc#1232655) ==== systemsettings6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release ==== webkit2gtk3 ==== Version update (2.46.2 -> 2.46.3) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles - Update to version 2.46.3 (boo#1232747): + Flatten layers to a plane when preseve-3d style is set. + Fix DuckDuckGo links by adding a user agent quirk. + Fix several crashes and rendering issues. + Security fixes: CVE-2044-44244, CVE-2024-44296. - Drop bug281492.patch: fixed upstream. ==== webkit2gtk4 ==== Version update (2.46.2 -> 2.46.3) Subpackages: libjavascriptcoregtk-6_0-1 libwebkitgtk-6_0-4 webkitgtk-6_0-injected-bundles - Update to version 2.46.3 (boo#1232747): + Flatten layers to a plane when preseve-3d style is set. + Fix DuckDuckGo links by adding a user agent quirk. + Fix several crashes and rendering issues. + Security fixes: CVE-2044-44244, CVE-2024-44296. - Drop bug281492.patch: fixed upstream. ==== xdg-desktop-portal-kde6 ==== Version update (6.2.2 -> 6.2.3) - Update to 6.2.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.2.3 - Changes since 6.2.2: * update version for new release * [FileChooser] Properly pass along requested current filter * Create region selection window before calling setScreen (kde#493293) ==== xorg-x11-server ==== Version update (21.1.12 -> 21.1.14) Subpackages: xorg-x11-server-Xvfb - 21.1.14 covers also * CVE-2024-31080 (bsc#1222309) * CVE-2024-31081 (bsc#1222310) * CVE-2024-31082 (bsc#1222311) * CVE-2024-31083 (bsc#1222312) - Security update 21.1.14 This release addresses the following security issue * CVE-2024-9632: Heap-based buffer overflow privilege escalation in _XkbSetCompatMap (bsc#1231565) - supersedes U_render-Avoid-possible-double-free-in-ProcRenderAddGl.patch - supersedes U_xorg-xserver-e89edec497ba.patch ==== xwayland ==== Version update (24.1.3 -> 24.1.4) - Security update 21.1.14 This release addresses the following security issue * CVE-2024-9632: Heap-based buffer overflow privilege escalation in _XkbSetCompatMap (bsc#1231565)