Packages changed: MicroOS-release (20241112 -> 20241113) alsa (1.2.12 -> 1.2.13) grub2 libopenmpt (0.7.10 -> 0.7.11) libsemanage libsoup libsoup2 nghttp2 (1.62.1 -> 1.64.0) openssl-3 qt6-declarative sof-firmware (2024.09 -> 2024.09.1) wget (1.24.5 -> 1.25.0) === Details === ==== MicroOS-release ==== Version update (20241112 -> 20241113) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== alsa ==== Version update (1.2.12 -> 1.2.13) - Update to alsa-lib 1.2.13: * static build fixes * documentation update for control remap API * PCM dmix fixes * pcm: implement snd_pcm_hw_params_get_sync() and obsolete snd_pcm_info_get_sync() * ump: Add a function to provide the packet word length of a UMP type * seq: Add snd_seq_{get|set}_ump_is_midi1() API functions * seq: Add API functions to set different tempo base values * seq: Add API helper functions for creating UMP Endpoint and Blocks * documentation fixes for UMP and sequencer API * test: Add an example programs for UMP For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.12_v1.2.13#alsa-lib - Conditionally take libtool ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin - Revert the patches related to BLS support in grub2-mkconfig, as they are not relevant to the current BLS integration and cause issues in older KIWI versions, which actively force it to be enabled by default (bsc#1233196) * 0002-Add-BLS-support-to-grub-mkconfig.patch * 0003-Add-grub2-switch-to-blscfg.patch * 0007-grub-switch-to-blscfg-adapt-to-openSUSE.patch * 0008-blscfg-reading-bls-fragments-if-boot-present.patch * 0009-10_linux-Some-refinement-for-BLS.patch * 0001-10_linux-Do-not-enable-BLSCFG-on-s390-emu.patch ==== libopenmpt ==== Version update (0.7.10 -> 0.7.11) - Update to 0.7.11: * IT: Don’t import SAx High Offset command for IT 1.xx modules. This feature was added in Impulse Tracker 2.00. * IT: Limit Vxx parameter to V80 for files made with old Schism Tracker versions. * IT / S3M: Impulse Tracker 2.14 patch version information was incorrect. * S3M: O00 effects are no longer ignored if the tracker version in the file header indicates Scream Tracker 3.00 / 3.01, but the file was clearly saved with another tool (e.g. UNMO3). * S3M: As files made with Scream Tracker 3.20 and 3.21 cannot be told apart, both versions are now listed in the tracker metadata. * ULT: Try to preserve global commands if there’s e.g. both a speed and tempo command in the same cell. * STM: Improved tracker identification metadata. * SymMOD: When running out of Zxx macros, try to find the closest macro to use instead. * SymMOD: Ignore unknown hunks instead of rejecting entire file, as that’s what Symphonie does as well. * OKT: Disable loop on type “B” samples if they’re used on a mixed channel. * OKT: The last sample slot was never loaded. * PTM: Halve offset command strength for 16-bit samples. ==== libsemanage ==== Subpackages: libsemanage-conf libsemanage2 - Not conflict but obsolete libsemanage1 (bsc#1229757) ==== libsoup ==== Subpackages: libsoup-3_0-0 typelib-1_0-Soup-3_0 - Add 6adc0e3e.patch: websocket: Process the frame as soon as we read data (boo#1233287 CVE-2024-52532 glgo#GNOME/libsoup#391). - Add 29b96fab.patch: websocket-test: disconnect error copy after the test ends (glgo#GNOME/libsoup#391). - Add a35222dd.patch: be more robust against invalid input when parsing params (boo#1233292 CVE-2024-52531 glgo#GNOME/libsoup!407). ==== libsoup2 ==== - Add 04df03bc.patch: strictly don't allow NUL bytes in headers (boo#1233285 CVE-2024-52530 glgo#GNOME/libsoup#377). - Add libsoup-CVE-2024-52532.patch: websocket: Process the frame as soon as we read data (boo#1233287 CVE-2024-52532). - Add 29b96fab.patch: websocket-test: disconnect error copy after the test ends (glgo#GNOME/libsoup#391). - Add a35222dd.patch: be more robust against invalid input when parsing params (boo#1233292 CVE-2024-52531 glgo#GNOME/libsoup!407). ==== nghttp2 ==== Version update (1.62.1 -> 1.64.0) - version update to 1.64.0 1.64.0 * Change clang-format options by @tatsuhiro-t in #2240 * build(deps): bump github.com/quic-go/quic-go from 0.46.0 to 0.47.0 by @dependabot in #2243 * build(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 by @dependabot in #2244 * nghttp2_map: Port ngtcp2 changes by @tatsuhiro-t in #2245 * h2load: Fix UDP datagram send/recv metric by @tatsuhiro-t in #2248 * build(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 by @dependabot in #2252 * fix race condition on h1 connection close by @TuxInvader in #2249 * Gha ubuntu 24.04 by @tatsuhiro-t in #2254 * GHA: Run tests for i686-w64-mingw32 host by @tatsuhiro-t in #2255 * cmake: Fix c-ares v1.34.0 version detection failure by @tatsuhiro-t in #2256 * fix: -Wextra-semi errors in nghttp2_helper.h by @codebytere in #2258 * clang-format macros that do not need semicolon at the end by @tatsuhiro-t in #2259 * Remove extra semicolons by @tatsuhiro-t in #2260 * Bump ngtcp2 and its dependencies by @tatsuhiro-t in #2261 * Do not allow '@' in :authority or host field values by @tatsuhiro-t in #2262 * h2load: GRO buffer size should be 64KiB by @tatsuhiro-t in #2263 * Bump libbpf to v1.4.6 by @tatsuhiro-t in #2264 * Update nghttp2_check_authority doc by @tatsuhiro-t in #2265 1.63.0 * Bump libbpf to v1.4.2 by @tatsuhiro-t in #2191 * build(deps): bump golang.org/x/net from 0.24.0 to 0.25.0 by @dependabot in #2193 * nghttpx: Fix batch UDP QUIC packet dropped on GRO read by @tatsuhiro-t in #2196 * CMakeLists.txt: allow to compile the C only lib without CXX compiler by @ThomasDevoogdt in #2200 * build(deps): bump github.com/quic-go/quic-go from 0.43.1 to 0.44.0 by @dependabot in #2197 * Fix compiler versions in readme by @ryandesign in #2203 * build(deps): bump golang.org/x/net from 0.25.0 to 0.26.0 by @dependabot in #2205 * build(deps): bump github.com/quic-go/quic-go from 0.44.0 to 0.45.0 by @dependabot in #2206 * Bump ngtcp2 and its dependencies by @tatsuhiro-t in #2207 * build(deps): bump docker/build-push-action from 5 to 6 by @dependabot in #2208 * Add wolfSSL support by @tatsuhiro-t in #2209 * Append --shallow-submodules to git clone --recursive by @tatsuhiro-t in #2210 * Always append options to extra options by @tatsuhiro-t in #2211 * build(deps): bump github.com/quic-go/quic-go from 0.45.0 to 0.45.1 by @dependabot in #2213 * Disable dependency tracking by @tatsuhiro-t in #2214 * Fix Dockerfile.android build failure by @tatsuhiro-t in #2215 * Fix UDP_GRO struct cmsghdr data type by @tatsuhiro-t in #2216 * GHA: Suppress warnings by @tatsuhiro-t in #2217 * Fix levenshtein initialization by @tatsuhiro-t in #2218 * build(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 by @dependabot in #2220 * Undefine NGHTTP2_NO_SSIZE_T if BUILDING_NGHTTP2 is defined by @tatsuhiro-t in #2224 * Bump clang format by @tatsuhiro-t in #2226 * Suppress old compiler error by @tatsuhiro-t in #2228 * build(deps): bump github.com/quic-go/quic-go from 0.45.1 to 0.45.2 by @dependabot in #2229 * build(deps): bump golang.org/x/net from 0.27.0 to 0.28.0 by @dependabot in #2231 * build(deps): bump github.com/quic-go/quic-go from 0.45.2 to 0.46.0 by @dependabot in #2232 * Bump ngtcp2 and its dependencies by @tatsuhiro-t in #2236 * Bump libbpf to v1.4.5 by @tatsuhiro-t in #2237 * Update go by @tatsuhiro-t in #2238 * levenshtein: Use size_t by @tatsuhiro-t in #2239 ==== openssl-3 ==== Subpackages: libopenssl3 - Do not use HASHBANGPERL to avoid introducing a dependency on the perl-base package. [bsc#1233235] - Add missing fixes for SHA3_squeeze and quic_multistream_test on pcc64 arch. [jsc#PED-10280] * Added openssl-3-fix-sha3-squeeze-ppc64.patch * Added openssl-3-fix-quic_multistream_test.patch ==== qt6-declarative ==== Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Replace 0001-WIP-speculative-gc-fix.patch with newer ones, should unbreak spectacle and some others (kde#496139): * 0001-Log-state-transitions-for-the-GC.patch * 0001-Engine-Mark-created-wrapped-objects-after-GCState-Ma.patch ==== sof-firmware ==== Version update (2024.09 -> 2024.09.1) - update to v2024.09.1: * Add missing links for SOF v2.11.1 signed Intel binaries for ARL * fixup the intel-signed/sof-arl.ri link * Update v2.2.12 topology files for Intel platforms * add new 2.11.2 topology2 production binaries ==== wget ==== Version update (1.24.5 -> 1.25.0) - GNU wget 1.25.0: * New testcase for pathconf truncation * Fix libproxy build with --disable-debug * [BREAKING CHANGE] Support continious reading from stdin pipes * Properly re-implement userinfo parsing (rfc2396) * init: fix -Warray-bounds in setval_internal_tilde * Fix build error on MingW with `G_GETFL` and `F_SETFL` flags * Fix returning uninitialized variable * Fix a static analysis false positive * [BREAKING CHANGE] Fix CVE-2024-10524 (drop support for shorthand URLs) (bsc#1233256) - Remove committed patches * properly-re-implement-userinfo-parsing.patch - Renumber patches