Packages changed: apache2-mod_php8 (8.3.11 -> 8.3.12) atftp flashrom (1.3.0 -> 1.4.0) libnetfilter_conntrack (1.0.9 -> 1.1.0) libopenmpt (0.7.9 -> 0.7.10) libreoffice (24.8.1.2 -> 24.8.2.1) mariadb openSUSE-release (20240927 -> 20240929) perl-IO-Socket-SSL (2.88.0 -> 2.89.0) php8 (8.3.11 -> 8.3.12) python-greenlet (3.1.0 -> 3.1.1) ruby-common subversion tigervnc === Details === ==== apache2-mod_php8 ==== Version update (8.3.11 -> 8.3.12) - Add /srv/www directories to filelist [bsc#1231027] - version update to 8.3.12 CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927) Core: Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer). Fixed bug GH-15515 (Configure error grep illegal option q). Fixed bug GH-15514 (Configure error: genif.sh: syntax error). Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEM not found). Fixed bug GH-15587 (CRC32 API build error on arm 32-bit). Fixed bug GH-15330 (Do not scan generator frames more than once). Fixed uninitialized lineno in constant AST of internal enums. Curl: Fixed bug GH-15547 (curl_multi_select overflow on timeout argument). DOM: Fixed bug GH-15551 (Segmentation fault (access null pointer) in ext/dom/xml_common.h). Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c). Fileinfo: Fixed bug GH-15752 (Incorrect error message for finfo_file with an empty filename argument). FPM: Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026) MySQLnd: Fixed bug GH-15432 (Heap corruption when querying a vector). Opcache: Fixed bug GH-15661 (Access null pointer in Zend/Optimizer/zend_inference.c). Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h). SAPI: Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925) Standard: Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c). Streams: Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated). ==== atftp ==== - Delete /usr/sbin/rc* symlink & specfile housekeeping - Make atftpd.socket listen on AF_INET6 as well - Deactivate FORTIFY_SOURCE for the time being due to a glibc bug ==== flashrom ==== Version update (1.3.0 -> 1.4.0) - Add doc and bash-completion subpackages - Update to 1.4.0: - Full changelog: https://www.flashrom.org/release_notes/v_1_4.html ==== libnetfilter_conntrack ==== Version update (1.0.9 -> 1.1.0) - Update to release 1.1.0 * Enhancements for filtering dump and flush commands, see struct nfct_filter_dump and nfct_nlmsg_build_filter(). * ctnetlink event BPF fixes (endianness issue, IPv6 matching) and enhancements (zone matching). ==== libopenmpt ==== Version update (0.7.9 -> 0.7.10) - Update to 0.7.10: * [Change] FST was added to the list of supported file extension. AMP uses this extension for multichannel MODs. * [Bug] The Android NDK build system did not enable C++20 when available. * Fixed inconsistency in length calculation and actual playback length with tempo commands below 32 BPM in various formats (MDL, MED among others). * MED: Command 09 (set speed) was limited to 20 ticks per row instead of 32 ticks per row. * MED: Allow tempo parameters < 32 BPM. * MED: Disallow free panning if hardware mixing is enabled. * For MOD-style vibrato, a speed parameter of 0 was not treated as effect memory. Vibrato speed is now correct for both vibrato commands. * MED: Fix pattern index exhaustion in modules with multiple subsongs. * OKT: Don't drop global commands when setting paired channel volume, and try to write channel volume on the next row in this situation. * PTM: Use square root pan law, like in XM files. * SFX: Ignore unused data at end of oneshot samples which sometimes caused clicky noises. * SFX: More accurate implementation of arpeggio effect. ==== libreoffice ==== Version update (24.8.1.2 -> 24.8.2.1) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-qt6 libreoffice-writer libreofficekit - Update to 24.8.2.1 (24.8.2 final) * Release notes: https://wiki.documentfoundation.org/Releases/24.8.2/RC1 - Update bundled dependencies: * curl 8.9.1 -> 8.10.1 * tiff 4.6.0t -> 4.7.0 ==== mariadb ==== Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - Read defaults during mysql_upgrade to respect client configuration ==== openSUSE-release ==== Version update (20240927 -> 20240929) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== perl-IO-Socket-SSL ==== Version update (2.88.0 -> 2.89.0) - updated to 2.89.0 (2.089) see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes 2.089 2024/08/29 - new option SSL_force_fingerprint to enforce fingerprint matching even if certificate validation would be successful without - document _get_ssl_object and _get_ctx_object for cases, where direct use of Net::SSLeay functions is needed ==== php8 ==== Version update (8.3.11 -> 8.3.12) Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - Add /srv/www directories to filelist [bsc#1231027] - version update to 8.3.12 CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927) Core: Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer). Fixed bug GH-15515 (Configure error grep illegal option q). Fixed bug GH-15514 (Configure error: genif.sh: syntax error). Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEM not found). Fixed bug GH-15587 (CRC32 API build error on arm 32-bit). Fixed bug GH-15330 (Do not scan generator frames more than once). Fixed uninitialized lineno in constant AST of internal enums. Curl: Fixed bug GH-15547 (curl_multi_select overflow on timeout argument). DOM: Fixed bug GH-15551 (Segmentation fault (access null pointer) in ext/dom/xml_common.h). Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c). Fileinfo: Fixed bug GH-15752 (Incorrect error message for finfo_file with an empty filename argument). FPM: Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026) MySQLnd: Fixed bug GH-15432 (Heap corruption when querying a vector). Opcache: Fixed bug GH-15661 (Access null pointer in Zend/Optimizer/zend_inference.c). Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h). SAPI: Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925) Standard: Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c). Streams: Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated). ==== python-greenlet ==== Version update (3.1.0 -> 3.1.1) - Fix build error under Leap. - Update to 3.1.1 * Fix crashes on 32-bit PPC Linux. Note that there is no CI for this, and support is best effort; there may be other issues lurking. * Remove unnecessary logging sometimes during interpreter shutdown. * Fix some crashes on 32-bit PPC MacOS. This is a very old platform, and is only known to be tested on beta versions of an operating system that was never released, using the GCC 14 only provided by MacPorts; it may or may not work on the final MacOS X release that supported 32-bit PowerPC. It has the known issue of leaking memory when greenlets are used in multiple threads. Help debugging this would be appreciated. ==== ruby-common ==== - update gem_packages.spec.erb: dont strip the newline at the end of main:filelist output ==== subversion ==== Subpackages: libsvn_auth_gnome_keyring-1-0 libsvn_auth_kwallet-1-0 subversion-bash-completion subversion-perl - Use strip-nondeterminism to normalize jar mtimes ==== tigervnc ==== Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module - Added patch: * n_tigervnc-reproducible-jar-mtime.patch + Use SOURCE_DATE_EPOCH for reproducible jar mtime + Applied if building with Java >= 17