Packages changed: MicroOS-release (20240726 -> 20240730) NetworkManager aardvark-dns apparmor (4.0.1 -> 4.0.2) colord curl (8.8.0 -> 8.9.0) docker-buildx (0.16.1 -> 0.16.2) ffmpeg-4 ffmpeg-6 fwupd (1.9.21 -> 1.9.22) kernel-source (6.9.9 -> 6.10.2) libapparmor (4.0.1 -> 4.0.2) openblas_openmp pciutils selinux-policy (20240715 -> 20240726) systemd (255.8 -> 256.4) taglib (2.0 -> 2.0.1) wtmpdb (0.12.0+git.20240508 -> 0.13.0+git.20240726) yast2 (5.0.8 -> 5.0.9) === Details === ==== MicroOS-release ==== Version update (20240726 -> 20240730) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== NetworkManager ==== Subpackages: NetworkManager-bluetooth NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Add NetworkManager-dont-renew-bridge-dhcp-if-no-mac-on-wakeup.patch: manager: don't renew dhcp lease when software devices' MAC is empty (bsc#1225498, glfd#NetworkManager/NetworkManager#1587). ==== aardvark-dns ==== - rust >= 1.70 is required to build more recent versions of this package. Also, BuildRequire cargo+rust to prevent conflicts with `cargo-packaging`. ==== apparmor ==== Version update (4.0.1 -> 4.0.2) Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - update to AppArmor 4.0.2 - bugfix release with lots of fixes in all areas - add new userns profiles for balena-etcher, chromium and wike - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.2 for the detailed upstream changelog - drop upstream(ed) patches: - aa-remove-unknown-fix-unconfined.diff - logprof-mount-empty-source.diff - plasmashell.diff - sampa-rpcd-witness.diff - sddm-xauth.diff - teardown-unconfined.diff - test-aa-notify.diff - tools-fix-redefinition.diff - utils-relax-mount-rules-2.diff - utils-relax-mount-rules.diff - refresh GPG key (was expired) ==== colord ==== Subpackages: colord-color-profiles libcolord2 libcolorhug2 - Build -D_FILE_OFFSET_BITS=64 and -D_TIME_BITS=64 in order to avoid wrong type being passed to gmtime_r on i586 (and perhaps other 32bit targets). [boo#1228331] ==== curl ==== Version update (8.8.0 -> 8.9.0) Subpackages: libcurl4 - Update to 8.9.0: * Security fixes: - [bsc#1227888, CVE-2024-6197] curl: freeing stack buffer in utf8asn1str - [bsc#1228260, CVE-2024-6874] idn: tweak buffer use when converting with macidn * Changes: - curl: add --ip-tos (IP Type of Service / Traffic Class) - curl: add --mptcp - curl: add --vlan-priority - curl: add -w '%{num_retries} - gnutls: support CA caching - mbedtls: support CURLOPT_CERTINFO - noproxy: patterns need to be comma separated - socket: support binding to interface *AND* IP - tcpkeepalive: add CURLOPT_TCP_KEEPCNT and --keepalive-cnt - urlapi: add CURLU_NO_GUESS_SCHEME - wolfssl: support CA caching * Bugfixes: - connection: shutdown TLS (for FTP) better - curl-config: revert to backticks to support old target envs - curl: allow etag and content-disposition for 3xx reply - curl: bsearch the --write-out variable name - curl: check for --disable case *sensitively* - doh: fix leak and zero-length HTTPS RR crash - file: separate fake headers and body with a stand-alone CRLF - ftp: remove redundant null pointer check in loop condition - gnutls: improve TLS shutdown - gnutls: pass in SNI name, not hostname when checking cert - hostip: skip error check for infallible function call - http/3: add shutdown support - http/3: resume upload on ack if we have more data to send - lib: add a few DEBUGASSERT(data) to aid code analyzers - lib: add failure reason on bind errors - lib: graceful connection shutdown - lib: xfer_setup and non-blocking shutdown - multi: add multi->proto_hash, a key-value store for protocol data - multi: do a final progress update on connect failure - multi: fix multi_wait() timeout handling - multi: fix pollset during RESOLVING phase - ngtcp2+quictls: fix cert-status use - noproxy: test bad ipv6 net size first - openssl/gnutls: rectify the TLS version checks for QUIC - openssl: fix hostname handling when using ECH - openssl: stop duplicate ssl key logging for legacy OpenSSL - quic: enable UDP GRO - quic: openssl quic, cmake and doc version update to 3.3.0 - quic: require at least OpenSSL 3.3 for QUIC - quic: update to quiche 0.22.0 - smtp: for starttls, do full upgrade - tool_operate: avoid explicitly setting verifypeer to 1 - tool_writeout: get certinfo only when needing it - transfer: avoid polling socket every transfer loop - transfer: conn close on paused upload - transfer: do not use EXPIRE_NOW while blocked - transfer: remove curl_upload_refill_watermark, no longer used - transfer: set CSELECT_IN if there is data pending - url: allow DoH transfers to override max connection limit - x509asn1: add some common ECDSA OIDs - x509asn1: ASN1tostr() should fail when 'constructed' is set - x509asn1: fallback to dotted OID representation - x509asn1: prevent NULL dereference - x509asn1: remove superfluous free() - x509asn1: remove two static variables * Rebase libcurl-ocloexec.patch * Remove curl-make-install-curl-config.patch upstream ==== docker-buildx ==== Version update (0.16.1 -> 0.16.2) - Update to version 0.16.2: * vendor: update buildkit to v0.15.1 ==== ffmpeg-4 ==== Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9 - Add ffmpeg-c99.patch so that the package conforms to the C99 standard and builds on i586 with GCC 14. ==== ffmpeg-6 ==== Subpackages: libavcodec60 libavfilter9 libavformat60 libavutil58 libpostproc57 libswresample4 libswscale7 - Add ffmpeg-c99.patch so that the package conforms to the C99 standard and builds on i586 with GCC 14. - Add ffmpeg-6-CVE-2024-32230.patch: Backporting 96449cfe from upstream, Fix 1 line and one column images. (CVE-2024-32230 bsc#1227296) - Add ffmpeg-6-CVE-2024-32228.patch: Backporting 45964876 from upstream, Fix segfault on invalid film grain metadata. (CVE-2024-32228, bsc#1227277) - Add ffmpeg-6-CVE-2024-32228-shim-5d7f234e.patch: Backporting 5d7f234e from upstream, document that there can be multiple complex filtergraphs to prepare dependence code for CVE-2024-32228. (CVE-2024-32228, bsc#1227277) - Add ffmpeg-6-CVE-2024-32228-shim-f50382cb.patch: Backporting f50382cb from upstream, implement AFGS1 parsing. to prepare dependence code for CVE-2024-32228. (CVE-2024-32228, bsc#1227277) - Add ffmpeg-6-CVE-2024-32228-shim-1535d338.patch: Backporting 1535d338 from upstream, add AOM film grain synthesis, to prepare dependence code for CVE-2024-32228. (CVE-2024-32228, bsc#1227277) ==== fwupd ==== Version update (1.9.21 -> 1.9.22) Subpackages: libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.9.22: + This release fixes the following bugs: - Add a PCB tag in the usi-dock GUID to distinguish different revisions. - Add explicit hidraw permission to fwupd.service to fix several devices. - Always load the flashrom plugin when using coreboot. - Be explicit with the rts54hub detach retry delay to fix the Acer D501. - Be more careful when setting thelio-io version strings. - Fix a critical warning if a device returns unexpected data from DFU upload. - Fix a critical warning if the DMI manufacturer is an empty string. - Fix several reported integer overflows from Coverity. - Fix the Blackbird and Talos II baseboard details. - Fix transient version number issue after flashing wacom-usb devices. - Increase the cros_ec acquiesce delay to manage additional reboots. - Only accept valid ASCII cabinet filenames. - Only require udevdir when gudev support is enabled. - Only show one PixArt receiver device per physical device. - Set the rts54hub version in more cases. - Speed up the daemon self tests by ~60%. - Use the bootloader build-timestamp as the fallback HWID BIOS version. + This release adds support for the following hardware: - Framework SD - Raspberry Pi 5 (unofficial) ==== kernel-source ==== Version update (6.9.9 -> 6.10.2) - Update patches.suse/drm-qxl-Pin-buffer-objects-for-internal-mappings.patch (bsc#1228387). Fix the bsc #. - commit 65a34e2 - drm/qxl: Pin buffer objects for internal mappings (bsc#1228388). - commit 691f036 - Linux 6.10.2 (bsc#1012628). - tap: add missing verification for short frame (bsc#1012628). - tun: add missing verification for short frame (bsc#1012628). - filelock: Fix fcntl/close race recovery compat path (bsc#1012628). - ALSA: seq: ump: Skip useless ports for static blocks (bsc#1012628). - ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused (bsc#1012628). - arm64: dts: qcom: sm6115: Disable SS instance in Parkmode for USB (bsc#1012628). - arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB (bsc#1012628). - arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB (bsc#1012628). - arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB (bsc#1012628). - arm64: dts: qcom: ipq6018: Disable SS instance in Parkmode for USB (bsc#1012628). - arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB (bsc#1012628). - arm64: dts: qcom: sm6350: Disable SS instance in Parkmode for USB (bsc#1012628). - arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB (bsc#1012628). - arm64: dts: qcom: x1e80100-crd: Fix USB PHYs regulators (bsc#1012628). - arm64: dts: qcom: x1e80100-qcp: Fix the PHY regulator for PCIe 6a (bsc#1012628). - arm64: dts: qcom: x1e80100-crd: Fix the PHY regulator for PCIe 6a (bsc#1012628). - arm64: dts: qcom: qrb4210-rb2: switch I2C2 to i2c-gpio (bsc#1012628). - arm64: dts: qcom: qrb2210-rb1: switch I2C2 to i2c-gpio (bsc#1012628). - arm64: dts: qcom: x1e80100-qcp: Fix USB PHYs regulators (bsc#1012628). - arm64: dts: qcom: sc7280: Disable SuperSpeed instances in park mode (bsc#1012628). - arm64: dts: qcom: sc7180: Disable SuperSpeed instances in park mode (bsc#1012628). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1012628). - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (bsc#1012628). - ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop (bsc#1012628). - usb: gadget: midi2: Fix incorrect default MIDI2 protocol setup (bsc#1012628). - fs/ntfs3: Validate ff offset (bsc#1012628). - fs/ntfs3: Add a check for attr_names and oatbl (bsc#1012628). - jfs: don't walk off the end of ealist (bsc#1012628). - ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1012628). - s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception() (bsc#1012628). - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (bsc#1012628). - commit d3b5079 - Revert "rpm/kernel-obs-build.spec.in: drop algif_hash from KERNEL_MODULES (bsc#1226463)" This reverts commit c9c2e244cf9031882276be043b882ccf33835a4f. Openssl was fixed: https://build.opensuse.org/request/show/1189541 - commit 178f0b6 - drm/amd/display: Take Synaptics Cascaded Topology into Account (bsc#1228093 #3495). - commit a4c3703 - Linux 6.10.1 (bsc#1012628). - thermal: core: Allow thermal zones to tell the core to ignore them (bsc#1012628). - io_uring: fix error pbuf checking (bsc#1012628). - ASoC: cs35l56: Limit Speaker Volume to +12dB maximum (bsc#1012628). - ASoC: cs35l56: Use header defines for Speaker Volume control definition (bsc#1012628). - tpm: Use auth only after NULL check in tpm_buf_check_hmac_response() (bsc#1012628). - cifs: Fix setting of zero_point after DIO write (bsc#1012628). - cifs: Fix server re-repick on subrequest retry (bsc#1012628). - cifs: fix noisy message on copy_file_range (bsc#1012628). - cifs: Fix missing fscache invalidation (bsc#1012628). - cifs: Fix missing error code set (bsc#1012628). - ext4: use memtostr_pad() for s_volume_name (bsc#1012628). - commit a57275a - Revert "drm/amd/display: FEC overhead should be checked once for mst slot nums" (bsc#1228093 #3495). - commit cee765e - update to 6.10 final - refresh configs (headers only) - commit b8b0277 ==== libapparmor ==== Version update (4.0.1 -> 4.0.2) - update to AppArmor 4.0.2 - bugfix release with lots of fixes in all areas - add new userns profiles for balena-etcher, chromium and wike - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.2 for the detailed upstream changelog - drop upstream(ed) patches: - aa-remove-unknown-fix-unconfined.diff - logprof-mount-empty-source.diff - plasmashell.diff - sampa-rpcd-witness.diff - sddm-xauth.diff - teardown-unconfined.diff - test-aa-notify.diff - tools-fix-redefinition.diff - utils-relax-mount-rules-2.diff - utils-relax-mount-rules.diff - refresh GPG key (was expired) ==== openblas_openmp ==== - Make sure the minimum CPU requirement set in the pkgconfig file is the same one as used for building. This also helps to maintain a reproducible build (boo#1228177). ==== pciutils ==== Subpackages: libpci3 - Synchronize SLE-15 and openSUSE:Factory [PED-8393, bsc#1224138]. The following patches are now obsolete in version 3.13.0: * lspci-Fixed-buffer-overflows-in-ls-tree.c.patch * pciutils-Add-PCIe-5.0-data-rate-32-GT-s-support.patch * pciutils-Add-PCIe-6.0-data-rate-64-GT-s-support.patch * pciutils-Add-decoding-of-vendor-specific-VPD-fields.patch * pciutils-VPD-Cleanup.patch * pciutils-VPD-When-printing-item-IDs-escape-non-ASCII-characte.patch ==== selinux-policy ==== Version update (20240715 -> 20240726) Subpackages: selinux-policy-targeted - Update to version 20240726: * Allow snapper grub plugin to manage unlabeled_t and read link files - Update to version 20240725: * Initial policy for grub2 snapper plugin (bsc#1228205) - Update to version 20240716: * Set microos autorelabel script to systemd_autorelabel_generator_t * Allow systemd_generator to write kmsg * Initial policy for systemd growpart-generator (bsc#1226824) ==== systemd ==== Version update (255.8 -> 256.4) Subpackages: libsystemd0 libudev1 systemd-boot systemd-experimental udev - Import commit 5bba1ebe17564b606cc5d1c07b14123c305019a7 (merge of v256.4) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/bd8b5ee3cf0466b6b78e167967468cf6f93ec807...5bba1ebe17564b606cc5d1c07b14123c305019a7 - Add 5004-disable-session-freeze.patch as a temporary workaround for https://github.com/systemd/systemd/issues/33083 - Add temporarily 5003-core-when-switching-root-remove-run-systemd-before-e.patch (bsc#1227580) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) Otherwise pesign-obs-integration ends up re-packaging systemd with all macros inside comments unescaped leading to unpredictable behavior. Now why rpm expands rpm macros inside comments is the question... - Skip running the test units in %check for now. Some tests don't appreciate to run inside the build environment of OBS currently and some of them take an unexpected long time to execute on both risc and s390x architectures. - Make sure systemd-sysvcompat replaces systemd-sysvinit on upgrades (bsc#1218110) - Import commit bd8b5ee3cf0466b6b78e167967468cf6f93ec807 (merge of v256.2) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/dd15bf4f6430d8646e546ee0b980448c7d0c9699...bd8b5ee3cf0466b6b78e167967468cf6f93ec807 - varlinkctl is no more considered as experimental and has been moved to the main package. - Upgrade to v256.1 (commit dd15bf4f6430d8646e546ee0b980448c7d0c9699) See https://github.com/openSUSE/systemd/blob/SUSE/v256/NEWS for details. - Added pam.systemd-run0 ==== taglib ==== Version update (2.0 -> 2.0.1) - update to 2.0.1: * Fix aborting when _GLIBCXX_ASSERTIONS are enabled. * Fall back to utf8cpp header detection in the case that its CMake configuration is removed. * Improve compatibility with the SWIG interface compiler. * Build system fixes for testing without bindings, Emscripten and Illumos. * C bindings: Fix setting UTF-8 encoded property values. * Windows: Fix opening long paths. ==== wtmpdb ==== Version update (0.12.0+git.20240508 -> 0.13.0+git.20240726) Subpackages: libwtmpdb0 - Update to version 0.13.0+git.20240726: * Release version 0.13.0 * Fix variable overflow and check for it (#15) ==== yast2 ==== Version update (5.0.8 -> 5.0.9) - Re-added missing error class (bsc#1227580) - 5.0.9