Packages changed: MozillaFirefox (129.0 -> 129.0.1) NetworkManager bind (9.20.0 -> 9.20.1) dbus-1 dracut (059+suse.636.g9a22b6b0 -> 059+suse.639.g49307b2a) gstreamer (1.24.6 -> 1.24.7) gstreamer-plugins-bad (1.24.6 -> 1.24.7) gstreamer-plugins-base (1.24.6 -> 1.24.7) gstreamer-plugins-good (1.24.6 -> 1.24.7) gstreamer-plugins-libav (1.24.6 -> 1.24.7) gstreamer-plugins-ugly (1.24.6 -> 1.24.7) openSUSE-release (20240823 -> 20240825) selinux-policy (20240816 -> 20240823) spacenavd (1.2 -> 1.3) systemd-presets-common-SUSE === Details === ==== MozillaFirefox ==== Version update (129.0 -> 129.0.1) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 129.0.1 * Fixed playback issues on some websites with copyrighted video served via digital rights management. (bmo#1911283) * Fixed a crash when dragging a video file onto some websites (bmo#1910990) ==== NetworkManager ==== Subpackages: NetworkManager-bluetooth NetworkManager-lang NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Add NetworkManager-dont-enforce-ip-cleanup-on-device-deactivating.patch: device: don't enforce IP cleanup on deactivating state (bsc#1228154, glfd#NetworkManager/NetworkManager!2016). ==== bind ==== Version update (9.20.0 -> 9.20.1) Subpackages: bind-doc bind-utils - Update to release 9.20.1 New Features: * Implement rndc retransfer -force. * A new optional argument -force has been added to the command rndc retransfer. When it is specified, named aborts the ongoing zone transfer (if there is one) and starts a new transfer. * dig now reports a missing QUESTION section for messages with opcode QUERY. * Query responses should contain the QUESTION section, with some exceptions. dig was not reporting this. Feature Changes: * Tighten max-recursion-queries and add max-query-restarts configuration statement. * There were cases when the max-recursion-queries quota was ineffective. It was possible to craft zones that would cause a resolver to waste resources by sending excessive queries while attempting to resolve a name. This has been addressed by correcting errors in the implementation of max-recursion-queries and by reducing the default value from 100 to 32. * In addition, a new max-query-restarts configuration statement has been added, which limits the number of times a recursive server will follow CNAME or DNAME records before terminating resolution. This was previously a hard-coded limit of 16 but is now configurable with a default value of 11. * ISC would like to thank Huayi Duan, Marco Bearzi, Jodok Vieli, and Cagin Tanir from NetSec group, ETH Zurich for discovering and notifying us about the issue. * Allow shorter resolver-query-timeout configuration. * The minimum allowed value of resolver-query-timeout was lowered from its previous value of 10 000 milliseconds (which is still the default) to 301 milliseconds. Note however that values of 1 to 300 inclusive are interpreted as seconds before applying the limit. A value of zero is interpreted as the default. * Raise the log level of priming failures. * When a priming query is complete, it was previously logged at level DEBUG(1), regardless of success or failure. It is now logged to NOTICE in the case of failure. Bug Fixes: * Fix a crash caused by valid TSIG signatures with invalid time. * An assertion failure was triggered when the TSIG had a valid cryptographic signature but the time was invalid. This could happen when the times between the primary and secondary servers were not synchronised. The crash has now been fixed. * Return SERVFAIL for a too long CNAME chain. * When following long CNAME chains, named was returning NOERROR (along with a partial answer) instead of SERVFAIL, if the chain exceeded the maximum length. This has been fixed. * Reconfigure catz member zones during named reconfiguration. * During a reconfiguration, named wasn’t reconfiguring catalog zones’ member zones. This has been fixed. * Update key lifetime and metadata after dnssec-policy reconfiguration. * Adjust key state and timing metadata if dnssec-policy key lifetime configuration is updated, so that it also affects existing keys. * Fix a crash during zone modification. * Fix an assertion failure that could happen when an authoritative zone was modified while the server was generating an answer from that zone. * Fix assertion failure when executing named-checkconf -v to print its version. * Fix generation of 6to4-self name expansion from IPv4 address. * The period between the most significant nibble of the encoded IPv4 address and the 2.0.0.2.IP6.ARPA suffix was missing, resulting in the wrong name being checked. This has been fixed. * dig +yaml was producing unexpected and/or invalid YAML. output. * SVBC ALPN text parsing failed to reject zero-length ALPN. * Fix false QNAME minimisation error being reported. * Remove the false positive success resolving log message when QNAME minimisation is in effect and the final result is an NXDOMAIN. * Fix --enable-tracing build on systems without dtrace. * A missing util/dtrace.sh file prevented builds on systems without the dtrace utility. This has been corrected. ==== dbus-1 ==== Subpackages: dbus-1-common dbus-1-daemon dbus-1-tools libdbus-1-3 libdbus-1-3-32bit - Drop feature-suse-auto-socket-target-wants.patch and use the filesystem instead, this works more consistenly with dbus-broker - Add RH/Fedora compat provides dbus-libs to library package needed by Mullvad - Add feature-suse-auto-socket-target-wants.patch: move from static enable symlinks to systemd created symlinks otherwise it can't be enabled by systemd-presets-common-SUSE - Update feature-suse-refuse-manual-start-stop.patch: prevent killing the socket or user service aswell - common: dbus.socket still gets used after migration to dbus-broker so keep pre/post/postun scriptlets - Explicitly require /usr/bin/cmp for the post scripts instead of diffutils: allow other implementations like busybox-diffutils to be acceptable. - No longer start or offer starting dbus as a system service dbus-broker will be the only supported system dbus. Although the existing daemon will stay as some things (gdm) require dbus-run-session ==== dracut ==== Version update (059+suse.636.g9a22b6b0 -> 059+suse.639.g49307b2a) - Update to version 059+suse.639.g49307b2a: * feat(systemd*): include systemd config files from /usr/lib/systemd (bsc#1228398) ==== gstreamer ==== Version update (1.24.6 -> 1.24.7) Subpackages: gstreamer-lang gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.24.7: + Highlighted bugfixes: - Fix APE and Musepack audio file and GIF playback with FFmpeg 7.0 - playbin3: Fix potential deadlock with multiple playbin3s with glimagesink used in parallel - qt6: various qmlgl6src and qmlgl6sink fixes and improvements - rtspsrc: expose property to force usage of non-compliant setup URLs for RTSP servers where the automatic fallback doesn't work - urisourcebin: gapless playback and program switching fixes - v4l2: various fixes - va: Fix potential deadlock with multiple va elements used in parallel - meson: option to disable gst-full for static-library build configurations that do not need this - Various bug fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - bin: Don't keep the object lock while setting a GstContext when handling NEED_CONTEXT - core: Log pad name, not just the pointer ==== gstreamer-plugins-bad ==== Version update (1.24.6 -> 1.24.7) Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.24.7: + aom: av1enc: restrict allowed input width and height + h264parse: - bypass check for length_size_minus_one - Reject FD received before SPS + msdk: replace strcmp with g_strcmp0 + msdkvc1dec crashes (segfault) + rsvgoverlay: add debug category + va: - don't use GST_ELEMENT_WARNING in set_context() vmethod to fix potential deadlock - deadlock when playing two videos at once + webrtc: Add missing G_BEGIN/END_DECLS in header for C++ + wpe: initialize threading.ready before reading it - Drop 85b4fbf40b1d53a4141941abf70d2d4d83eb140e.patch: Fixed upstream. ==== gstreamer-plugins-base ==== Version update (1.24.6 -> 1.24.7) Subpackages: gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.24.7: + pbutils: descriptions: use subsampling factor to get YUV subsampling + rtspconnection: Handle invalid argument properly + urisourcebin: - Actually drop EOS on old-school pad switch - Don't hold lock when emitting about-to-finish + gst-launch deadlock with two playbin3s + xvimagesink: Fix crash in pool on error - Add gst-plugins-base-decodebin3-collection-identity-check.patch: - Fixes a assertion causing crash on track change. Upstream bug: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3742 ==== gstreamer-plugins-good ==== Version update (1.24.6 -> 1.24.7) Subpackages: gstreamer-plugins-good-gtk gstreamer-plugins-good-lang - Update to version 1.24.7: + qmlgl6src: Fix crash when use-default-fbo is not set + qt6glwindow: - Fallback to GL_RGB on CopyTexImage2D error, fixing usage with eglfs backend - Only use GL_READ_FRAMEBUFFER when we do blits + qt6: glwindow: Don't leak previously rendered buffer + rtspsrc: expose property for forcing usage of non-compliant URLs + v4l2object: fix ARIB_STD_B67 colorimetry unmatch issue + v4l2: Fix colorimetry mismatch for encoded format with RGB color-matrix ==== gstreamer-plugins-libav ==== Version update (1.24.6 -> 1.24.7) - Update to version 1.24.7: + avdemux: Fix deadlock with FFmpeg 7.x when serialized events are received from upstream while opening, such as e.g. APE files with tags + libav: return EOF when stream is out of data + avdemux: Never return 0 from read function, which would lead to infinite loops ==== gstreamer-plugins-ugly ==== Version update (1.24.6 -> 1.24.7) Subpackages: gstreamer-plugins-ugly-lang - Update to version 1.24.7: + No changes, stable version bump only. ==== openSUSE-release ==== Version update (20240823 -> 20240825) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== selinux-policy ==== Version update (20240816 -> 20240823) Subpackages: selinux-policy-targeted - Update to version 20240823: * Allow rasdaemon write access to sysfs (bsc#1229587) ==== spacenavd ==== Version update (1.2 -> 1.3) - Version 1.3 * Support for dominant axis mode. Dominant axis toggle can be bound as a button action. * Fixed device detection for some serial Spaceballs which were misdetected due to spurious data arriving before the "@reset". * Normalized default axis mapping/sign for CadMan USB and Spaceball 5000 USB. * Linux: stop using the evdev time field, which was dropped in 32bit linux for year 2038 compatibility. * Protocol: added missing set/get requests for the repeat interval. * Updated device blacklists to ignore 3Dconnexion keyboards/mice. * Build improvements and fixes for various platforms. - Add libXext as a build requires ==== systemd-presets-common-SUSE ==== - Add presets to enable dbus-broker.service for both system and user due to naming socket activation doesn't work directly. - Order .presets file alphabetically via service.