Packages changed: MozillaFirefox (128.0.3 -> 129.0) NetworkManager (1.48.6 -> 1.48.8) binutils (2.42 -> 2.43) curl (8.9.0 -> 8.9.1) ethtool (6.9 -> 6.10) gegl gnome-bluetooth (46.0 -> 46.1) gnome-control-center (46.3 -> 46.4) gnome-remote-desktop (46.3 -> 46.4) gnome-software (46.3 -> 46.4) gnome-user-docs (46.1 -> 46.4) gom (0.5.2 -> 0.5.3) gpg2 intel-vaapi-driver kexec-tools (2.0.28 -> 2.0.29) lib2geom libadwaita (1.5.2 -> 1.5.3) libei (1.2.1 -> 1.3.0) libqt5-qtwebengine libshumate (1.2.2 -> 1.2.3) liburing makedumpfile mutter openSUSE-release (20240812 -> 20240813) ovmf qt6-webengine rdma-core (52.0 -> 53.0) shadow totem-pl-parser (3.26.6 -> 3.26.6+30) xdm === Details === ==== MozillaFirefox ==== Version update (128.0.3 -> 129.0) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 129.0 https://www.mozilla.org/en-US/firefox/129.0/releasenotes MFSA 2024-33 (bsc#1228648)) * CVE-2024-7518 (bmo#1875354) Fullscreen notification dialog can be obscured by document content * CVE-2024-7519 (bmo#1902307) Out of bounds memory access in graphics shared memory handling * CVE-2024-7520 (bmo#1903041) Type confusion in WebAssembly * CVE-2024-7521 (bmo#1904644) Incomplete WebAssembly exception handing * CVE-2024-7522 (bmo#1906727) Out of bounds read in editor component * CVE-2024-7523 (bmo#1908344) Document content could partially obscure security prompts * CVE-2024-7524 (bmo#1909241) CSP strict-dynamic bypass using web-compatibility shims * CVE-2024-7525 (bmo#1909298) Missing permission check when creating a StreamFilter * CVE-2024-7526 (bmo#1910306) Uninitialized memory used by WebGL * CVE-2024-7527 (bmo#1871303) Use-after-free in JavaScript garbage collection * CVE-2024-7528 (bmo#1895951) Use-after-free in IndexedDB * CVE-2024-7529 (bmo#1903187) Document content could partially obscure security prompts * CVE-2024-7530 (bmo#1904011) Use-after-free in JavaScript code coverage collection * CVE-2024-7531 (bmo#1905691) PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines - removed obsolete patches mozilla-bmo1905018.patch mozilla-bmo1504834-part3.patch mozilla-bmo1512162.patch mozilla-bmo1822730.patch mozilla-fix-aarch64-libopus.patch mozilla-partial-revert-1768632.patch - requires NSS 3.102.1 - extended mozilla-silence-no-return-type.patch ==== NetworkManager ==== Version update (1.48.6 -> 1.48.8) Subpackages: NetworkManager-bluetooth NetworkManager-lang NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Update to version 1.48.8: + ovs: fix triggering stage3 activation without DHCP client initialized + config: parse autoconnect-ports value on config + ndisc: preserve router preferences ==== binutils ==== Version update (2.42 -> 2.43) Subpackages: libctf-nobfd0 libctf0 - Update to version 2.43: * new .base64 pseudo-op, allowing base64 encoded data as strings * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported) * x86 Intel syntax now warns about more mnemonic suffixes * macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed * aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2 * s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust) * riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains) * arm: remove support for some old co-processors: Maverick and FPA * mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that * LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR * readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type * objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv * linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently - Removed binutils-2.42.tar.bz2, binutils-2.42-branch.diff.gz. - Added binutils-2.43.tar.bz2, binutils-2.43-branch.diff.gz. - Removed upstream patch riscv-no-relax.patch. - Rebased ld-relro.diff and binutils-revert-rela.diff. ==== curl ==== Version update (8.9.0 -> 8.9.1) Subpackages: curl-zsh-completion libcurl4 - Fix regression introduced in version 8.9.1: * sigpipe: init the struct so that first apply ignores * Add curl-sigpipe.patch - Update to 8.9.1: * Security fixes: - curl: ASN.1 date parser overread [bsc#1228535, CVE-2024-7264] * Bugfixes: - cmake: detect 'libssh' via 'pkg-config' - cmake: detect 'nettle' when building with GnuTLS - connect: fix connection shutdown for event based processing - curl: more defensive socket code for --ip-tos - CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching - CURLSHOPT_SHARE.md: mention sessions/cookies as not thread-safe - ftpserver.pl: make POP3 LIST serve content from the test file - lib: survive some NULL input args - os400: build cli manual. - os400: workaround an IBM ASCII run-time library bug - transfer: speed limiting fix for 32bit systems - vtls: avoid forward declaration in MultiSSL builds - x509asn1: unittests and fixes for gtime2str ==== ethtool ==== Version update (6.9 -> 6.10) Subpackages: ethtool-bash-completion - update to upstream release 6.10 * Feature: suport for PoE in PSE (--show-pse and --set-pse) * Feature: add statistics support to tsinfo (-T) * Feature: add JSON output to base command (no option) * Feature: add JSON output to EEE info (--show-eee) * Fix: qsfp: better handling on page 03h read failure (-m) * Fix: handle zero arguments for module eeprom dump (-m) * Fix: check for missing arguments in do_srxfh() (-X) * Misc: more descriptive error when JSON output is not available ==== gegl ==== Subpackages: gegl-0_4 gegl-0_4-lang libgegl-0_4-0 - Add backported 66de8124.patch: Fix build against ffmpeg-7. ==== gnome-bluetooth ==== Version update (46.0 -> 46.1) Subpackages: gnome-bluetooth-lang libgnome-bluetooth-3_0-13 libgnome-bluetooth-ui-3_0-13 typelib-1_0-GnomeBluetooth-3_0 - Update to version 46.1: + This version contains translation updates and a bug fix for some device icons not appearing correctly. ==== gnome-control-center ==== Version update (46.3 -> 46.4) Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-lang gnome-control-center-user-faces gnome-control-center-users - Update to version 46.4: + Accessibility: Fix enum value for follow centered + Apps: Fix memory leak for MMManager object in default apps page + Network: Don't set empty ignored hosts + Privacy: Fix visibility issue of Bolt settings when Bolt isn't available + Users: - Avoid accidental mnemonics for user name rows - Show correctly the remaining list of fingerprints to enroll + WWAN: Fix crash on Unlock SIM dialog ==== gnome-remote-desktop ==== Version update (46.3 -> 46.4) Subpackages: gnome-remote-desktop-lang - Update to version 46.4: + Gracefully handle invalid x224Crq data + Fix file descriptor leak + Updated translations. ==== gnome-software ==== Version update (46.3 -> 46.4) Subpackages: gnome-software-lang gnome-software-plugin-packagekit - Update to version 46.4: + Correct broken formatting when using in AppStream metadata + Updated translations. ==== gnome-user-docs ==== Version update (46.1 -> 46.4) - Update to version 46.4: + Updates to GNOME Help. + Updated translations. ==== gom ==== Version update (0.5.2 -> 0.5.3) - Update to version 0.5.3: + Automatically ignore read-only properties + Add support for GParamSpec which are GBytes ==== gpg2 ==== Subpackages: dirmngr gpg2-lang - Remove explicit runtime library dependency, pick ease of maintenance in Tumbleweed over mixed project use runtime bugs. ==== intel-vaapi-driver ==== - add 566.patch: fixed VAAPI Wayland on libva v2.22.0 ==== kexec-tools ==== Version update (2.0.28 -> 2.0.29) - update to 2.0.29: * update man and --help * powerpc/kexec_load: add hotplug support * kexec_load: Use new kexec flag for hotplug support * x86-linux-setup.c: Use POSIX basename API * LoongArch: fix load command line segment error * LoongArch: add multi crash kernel segment support * LoongArch: fix kernel image size error * Arm: Fix add_buffer_phys_virt() align issue * Fix incorrect Free Software Foundation address in the license * util_lib/elf_info.c: fix a warning * kexec_file: add kexec_file flag to support debug printing * workflow: update to use checkout@v4 - drop kexec-dont-use-kexec_file_load-on-xen.patch, upstream - drop fix-building-on-x86_64-with-binutils-2.41.patch, upstream - kexec-tools-riscv-hotplug.patch: Fix build for riscv64. ==== lib2geom ==== - Add skip_failing_tests_gcc14.diff to fix more instable intersection tests. This allows the 32bit version of the package to be built with GCC14. ==== libadwaita ==== Version update (1.5.2 -> 1.5.3) Subpackages: libadwaita-1-0 libadwaita-lang typelib-1_0-Adw-1 - Update to version 1.5.3: + AdwAlertDialog: Expose body text as a11y description + AdwDialog: - Fix a memory leak - Speed up switching presentation + AdwPreferencesPage: Add an a11y relation to the description + AdwSpinRow: Set accessible role to presentation + AdwSwitchRow: Set accessible role to switch + AdwTabBar/Overview: Fix a use after free when closing tabs + Stylesheet: Fix a specificity issue with scrolled windows in popovers + Docs: - Don't annotate user_data params with closure - Fix typos in migrating to breakpoints page + Updated translations. ==== libei ==== Version update (1.2.1 -> 1.3.0) - Update to release 1.3.0 * Devices without regions or with multiple regions previously failed region checks for touch events and absolute pointer events (now fixed). * liboeffis's ConnectToEIS dbus call is now async to avoid stalling the client. * many clarifications for ambiguity in the protocol documentation. ==== libqt5-qtwebengine ==== - Add ffmpeg 7 compatibility patch (Picked from Arch): * qt5-webengine-ffmpeg7.patch ==== libshumate ==== Version update (1.2.2 -> 1.2.3) Subpackages: libshumate-1_0-1 libshumate-lang typelib-1_0-Shumate-1_0 - Update to version 1.2.3: + Fix build with -Dvector_renderer=false ==== liburing ==== - Skip test buf-ring-nommap.t if ENOMEM appears (happens in ppc64le arch). * test-buf-ring-nommap-skip-the-test-on-queue-init-ENO.patch ==== makedumpfile ==== - add (bsc#1226183) * make-reserve_diskspace-do-nothing-for-flattened-form.patch ==== mutter ==== Subpackages: mutter-lang - Fix build if sle_version is defined: Patch3 no longer exists, and add back Patch4 for SLE builds that was mistakenly removed in last change. ==== openSUSE-release ==== Version update (20240812 -> 20240813) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== ovmf ==== Subpackages: qemu-ovmf-x86_64 - Add ovmf-x86_64-sev flavor to X64 against AMD SEV. - Moved "-D SECURE_BOOT_ENABLE" from OVMF_FLAGS to EXTRA_FLAGS_X64, , BUILD_OPTIONS_X86, BUILD_OPTIONS_AA64 and BUILD_OPTIONS_RV64 because SEV can NOT work with secure boot. - Removed ovmf-Revert-OvmfPkg-PlatformPei-Update-ReserveEmuVariable.patch because the SEV ovmf be separated from X64 ovmf as an independent flavor. - The original patch reverts "58eb8517ad OvmfPkg/PlatformPei: Update ReserveEmuVariableNvStore" which affects all ovmf flavor. - The secure boot be disabled in SEV flavor, so we do not need revert 58eb8517ad anymore. (bsc#1209266) - Add 50-ovmf-x86_64-sev.json to descriptors.tar.xz for SEV flavor - Removed features tag: "acpi-s3", "requires-smm", "secure-boot", "enrolled-keys" - Add features tag: "amd-sev", "amd-sev-es", "amd-sev-snp" ==== qt6-webengine ==== Subpackages: libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-webengine-imports - Add patch to build qtwebengine with ffmpeg 7 (picked from Arch) * qtwebengine-ffmpeg-7.patch ==== rdma-core ==== Version update (52.0 -> 53.0) Subpackages: libefa1 libhns1 libibverbs libibverbs1 libmana1 libmlx4-1 libmlx5-1 librdmacm1 rdma-ndd - Update to rdma-core v53.0 - No release notes available - Remove Added-suffix-libdrm-to-CMakeLists.txt-for-drm.patch as it was merged upstream. ==== shadow ==== Subpackages: libsubid5 login_defs - Disable flushing sssd caches. The sssd's files provider is no longer available. ==== totem-pl-parser ==== Version update (3.26.6 -> 3.26.6+30) Subpackages: libtotem-plparser-mini18 libtotem-plparser18 totem-pl-parser-lang typelib-1_0-TotemPlParser-1_0 - Update to version 3.26.6+30: + plparser: - Fix guard return type. - Fix TotemPlParserMetadata in bindings. - Fix return value from cancelled calls. - Fix retval when guard are triggered. + Various test fixes. + Updated translations. - Add pkgconfig(uchardet) BuildRequires and pass enable-uchardet=yes to meson, build ucharded support. - Use ldconfig_scriptlets macro for post(un) handling. ==== xdm ==== - sysconfig/windowmanager is deprecated since 7 years, don't read it if it does not exist.