Packages changed: ModemManager (1.20.6 -> 1.22.0) amarok (3.1.0 -> 3.1.1) apache2-mod_php8 (8.3.11 -> 8.3.12) atftp audit (3.1.1 -> 4.0) audit-secondary (3.1.1 -> 4.0) cheese flashrom (1.3.0 -> 1.4.0) gtkmm4 (4.14.0 -> 4.16.0) gtksourceview5 (5.12.1 -> 5.14.0) libnetfilter_conntrack (1.0.9 -> 1.1.0) libopenmpt (0.7.9 -> 0.7.10) libreoffice (24.8.1.2 -> 24.8.2.1) libwnck mozilla-nss (3.103 -> 3.104) openSUSE-release (20240927 -> 20240930) pangomm (2.52.0 -> 2.54.0) perl-IO-Socket-SSL (2.88.0 -> 2.89.0) php8 (8.3.11 -> 8.3.12) pipewire (1.2.4 -> 1.2.5) python-cryptography (43.0.0 -> 43.0.1) python-greenlet (3.1.0 -> 3.1.1) ruby-common subversion tigervnc === Details === ==== ModemManager ==== Version update (1.20.6 -> 1.22.0) Subpackages: ModemManager-bash-completion libmm-glib0 - Update to version 1.22.0: + A new "MSG" (message) log verbosity level is introduced, which is also the new default one if none explicitly defined. This level takes the place of the old "INFO" level, as a level including the most important messages that should be logged without needing to be warnings or errors. The new "INFO" level is more verbose than "MSG" but less verbose than "DBG", and may be useful as default in systems where active debugging of WWAN related issues is required. E.g. all user operations triggered via DBus method calls are logged in "INFO" level. + Introduced the concept of "personal information" which should by default not be included in log messages. Enabling personal information in logs requires to run the daemon with the '--log-personal-info' option. This feature is mostly implemented for QMI and MBIM specific logs, but hasn't yet been included in generic daemon logs or when using the AT protocol. Changes and fixes related to this feature will be cherry-picked and included in the future stable branch updates. - Update URL and Source adresses. ==== amarok ==== Version update (3.1.0 -> 3.1.1) - Update to 3.1.1 * Most of the context view QML items ported from QtControls 1 to QtControls 2 * Default to no fadeout on pause and stop (kde#491603) * Actually show the file browser panel toolbar * Fix track editor autocompletions (kde#491520) * Ensure home icon is shown in browser breadcrumb widgets (kde#491354) ==== apache2-mod_php8 ==== Version update (8.3.11 -> 8.3.12) - Add /srv/www directories to filelist [bsc#1231027] - version update to 8.3.12 CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927) Core: Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer). Fixed bug GH-15515 (Configure error grep illegal option q). Fixed bug GH-15514 (Configure error: genif.sh: syntax error). Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEM not found). Fixed bug GH-15587 (CRC32 API build error on arm 32-bit). Fixed bug GH-15330 (Do not scan generator frames more than once). Fixed uninitialized lineno in constant AST of internal enums. Curl: Fixed bug GH-15547 (curl_multi_select overflow on timeout argument). DOM: Fixed bug GH-15551 (Segmentation fault (access null pointer) in ext/dom/xml_common.h). Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c). Fileinfo: Fixed bug GH-15752 (Incorrect error message for finfo_file with an empty filename argument). FPM: Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026) MySQLnd: Fixed bug GH-15432 (Heap corruption when querying a vector). Opcache: Fixed bug GH-15661 (Access null pointer in Zend/Optimizer/zend_inference.c). Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h). SAPI: Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925) Standard: Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c). Streams: Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated). ==== atftp ==== - Delete /usr/sbin/rc* symlink & specfile housekeeping - Make atftpd.socket listen on AF_INET6 as well - Deactivate FORTIFY_SOURCE for the time being due to a glibc bug ==== audit ==== Version update (3.1.1 -> 4.0) Subpackages: libaudit1 libauparse0 - Update to 4.0 - Drop python2 support - Drop auvirt and autrace programs - Drop SysVinit support - Require the use of the 5.0 or later kernel headers - New README.md file - Rewrite legacy service functions in terms of systemctl - Consolidate and update end of event detection to a common function - Split off rule loading from auditd.service into audit-rules.service - Refactor libaudit.h to split out logging functions and record numbers - Speed up aureport --summary reports - Limit libaudit python bindings to logging functions - Add a metrics function for auparse - Change auditctl to use pidfd_send_signal for signaling auditd - Adjust watches to optimize syscalls hooked when watch file access - Drop nispom rules - Add intepretations for fsconfig, fsopen, fsmount, & move_mount - Many code fixups (cgzones) - Update syscall and interpretation tables to the 6.8 kernel (from v3.1.2) - When processing a run level change, make auditd exit - In auditd, fix return code when rules added in immutable mode - In auparse, when files are given, also consider EUID for access - Auparse now interprets unnamed/anonymous sockets (Enzo Matsumiya) - Disable Python bindings from setting rules due to swig bug (S. Trofimovich) - Update all lookup tables for the 6.5 kernel - Don't be as paranoid about auditctl -R file permissions - In ausearch, correct subject/object search to be an and if both are given - Adjust formats for 64 bit time_t - Fix segfault in python bindings around the feed API - Add feed_has_data, get_record_num, and get/goto_field_num to python bindings - Update spec: * Add fix-auparse-test.patch (downstream): Upstream tests uses a static value (42) for 'gdm' uid/gid (based on Fedora values, apparently). Replace these occurrences with 'unknown(123456)' * Replace '--with-python' with '--with-python3' on %configure * Add new headers 'audit_logging.h' and 'audit-records.h' for audit-devel ==== audit-secondary ==== Version update (3.1.1 -> 4.0) Subpackages: audit python3-audit system-group-audit - Update audit-secondary.spec: * Add "Requires: audit-rules" for audit package * Remove preun/postun handling of audit-rules.service - Update to 4.0 - Drop python2 support - Drop auvirt and autrace programs - Drop SysVinit support - Require the use of the 5.0 or later kernel headers - New README.md file - Rewrite legacy service functions in terms of systemctl - Consolidate and update end of event detection to a common function - Split off rule loading from auditd.service into audit-rules.service - Refactor libaudit.h to split out logging functions and record numbers - Speed up aureport --summary reports - Limit libaudit python bindings to logging functions - Add a metrics function for auparse - Change auditctl to use pidfd_send_signal for signaling auditd - Adjust watches to optimize syscalls hooked when watch file access - Drop nispom rules - Add intepretations for fsconfig, fsopen, fsmount, & move_mount - Many code fixups (cgzones) - Update syscall and interpretation tables to the 6.8 kernel (from v3.1.2) - When processing a run level change, make auditd exit - In auditd, fix return code when rules added in immutable mode - In auparse, when files are given, also consider EUID for access - Auparse now interprets unnamed/anonymous sockets (Enzo Matsumiya) - Disable Python bindings from setting rules due to swig bug (S. Trofimovich) - Update all lookup tables for the 6.5 kernel - Don't be as paranoid about auditctl -R file permissions - In ausearch, correct subject/object search to be an and if both are given - Adjust formats for 64 bit time_t - Fix segfault in python bindings around the feed API - Add feed_has_data, get_record_num, and get/goto_field_num to python bindings - Update spec: * Move rules-related files into new subpackage `audit-rules': * Files moved: - /sbin/auditctl, /sbin/augenrules, /etc/audit/{audit.rules,rules.d/audit.rules,audit-stop.rules} - manpages for auditctl, augenrules, and audit.rules - /etc/audit is now owned by `audit-rules' as well * Add new file /usr/lib/systemd/system/audit-rules.service * Remove in-house create-augenrules-service.patch that generated augenrules.service systemd unit service * Remove ownership of /usr/share/audit * Create /usr/share/audit-rules directory on %install * Remove audit-userspace-517-compat.patch (fixed upstream) * Remove libev-werror.patch (fixed upstream) * Remove audit-allow-manual-stop.patch (fixed upstream) * Add fix-auparse-test.patch (downstream): Upstream tests uses a static value (42) for 'gdm' uid/gid (based on Fedora values, apparently). Replace these occurrences with 'unknown(123456)' * Replace '--with-python' with '--with-python3' on %configure * Remove autrace and auvirt references (upstream) * Replace README with README.md - Drop `--enable-systemd' from %configure as SysV-style scripts aren't supported in upstream since 113ae191758c ("Drop support for SysVinit") ==== cheese ==== Subpackages: libcheese-common libcheese-gtk25 libcheese8 typelib-1_0-Cheese-3_0 - Add 73.patch: Fix JSON validation. Fixes startup with json-glib 1.10. ==== flashrom ==== Version update (1.3.0 -> 1.4.0) - Add doc and bash-completion subpackages - Update to 1.4.0: - Full changelog: https://www.flashrom.org/release_notes/v_1_4.html ==== gtkmm4 ==== Version update (4.14.0 -> 4.16.0) - Update to version 4.16.0: + Almost identical to 4.15.1. - Update to version 4.15.1: + Gdk: - DrawContext: Deprecate begin_frame(), end_frame(), is_in_frame(), get_frame_region(). - Surface: Deprecate set_opaque_region(). - Cursor: Rename create(const SlotGetTexture& slot, .....). Call it create_from_slot(). It was added in 4.15.0, but some create() calls in old code became ambiguous. + Gtk: - Window: Add set_interactive_debugging(). - TextBuffer: Add enum TextBuffer::NotifyFlags, add_commit_notify(), remove_commit_notify(). + Build: Require gtk4 >= 4.15.5. - Drop gtkmm4-docs-without-timestamp.patch: Fixed upstream. ==== gtksourceview5 ==== Version update (5.12.1 -> 5.14.0) - Update to version 5.14.0: + Fix an issue where the gutter would not redraw when focus changes. + Add support for Groff syntax. - Changes from version 5.13.1: + Documentation improvements + Improve performance of BuilderBlocks font loading. Some of this effort required changes to the TTF, so user testing with a wide variety of languages is desired. This should reduce startup time of GtkSourceView using applications. + gtk-doc.lang: highlight `backtick` spans + c.lang: highlight [[]] style attributes + java.lang: improve escaped character matching + Adwaita.xml, Adwaita-dark.xml: style updates to track platform changes for GNOME 47. - Changes from version 5.13.0: + Ensure gutter renderers are released during dispose + Make default auto-indenter keep indentation when cursor is at line start + python3.lang: Fix f-string in curly braces to have no-spellcheck applied + Updated translations. ==== libnetfilter_conntrack ==== Version update (1.0.9 -> 1.1.0) - Update to release 1.1.0 * Enhancements for filtering dump and flush commands, see struct nfct_filter_dump and nfct_nlmsg_build_filter(). * ctnetlink event BPF fixes (endianness issue, IPv6 matching) and enhancements (zone matching). ==== libopenmpt ==== Version update (0.7.9 -> 0.7.10) - Update to 0.7.10: * [Change] FST was added to the list of supported file extension. AMP uses this extension for multichannel MODs. * [Bug] The Android NDK build system did not enable C++20 when available. * Fixed inconsistency in length calculation and actual playback length with tempo commands below 32 BPM in various formats (MDL, MED among others). * MED: Command 09 (set speed) was limited to 20 ticks per row instead of 32 ticks per row. * MED: Allow tempo parameters < 32 BPM. * MED: Disallow free panning if hardware mixing is enabled. * For MOD-style vibrato, a speed parameter of 0 was not treated as effect memory. Vibrato speed is now correct for both vibrato commands. * MED: Fix pattern index exhaustion in modules with multiple subsongs. * OKT: Don't drop global commands when setting paired channel volume, and try to write channel volume on the next row in this situation. * PTM: Use square root pan law, like in XM files. * SFX: Ignore unused data at end of oneshot samples which sometimes caused clicky noises. * SFX: More accurate implementation of arpeggio effect. ==== libreoffice ==== Version update (24.8.1.2 -> 24.8.2.1) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-en libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-qt6 libreoffice-writer libreofficekit - Update to 24.8.2.1 (24.8.2 final) * Release notes: https://wiki.documentfoundation.org/Releases/24.8.2/RC1 - Update bundled dependencies: * curl 8.9.1 -> 8.10.1 * tiff 4.6.0t -> 4.7.0 ==== libwnck ==== Subpackages: libwnck-3-0 typelib-1_0-Wnck-3_0 - BuildRequire gettext-devel instead of gettext: allow OBS to shortcut through gettext-runtime-mini. ==== mozilla-nss ==== Version update (3.103 -> 3.104) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools - Fix build error under Leap by rebasing nss-fips-safe-memset.patch. - update to NSS 3.104 * bmo#1910071 - Copy original corpus to heap-allocated buffer * bmo#1910079 - Fix min ssl version for DTLS client fuzzer * bmo#1908990 - Remove OS2 support just like we did on NSPR * bmo#1910605 - clang-format NSS improvements * bmo#1902078 - Adding basicutil.h to use HexString2SECItem function * bmo#1908990 - removing dirent.c from build * bmo#1902078 - Allow handing in keymaterial to shlibsign to make the output reproducible * bmo#1908990 - remove nec4.3, sunos4, riscos and SNI references * bmo#1908990 - remove other old OS (BSDI, old HP UX, NCR, openunix, sco, unixware or reliantUnix * bmo#1908990 - remove mentions of WIN95 * bmo#1908990 - remove mentions of WIN16 * bmo#1913750 - More explicit directory naming * bmo#1913755 - Add more options to TLS server fuzz target * bmo#1913675 - Add more options to TLS client fuzz target * bmo#1835240 - Use OSS-Fuzz corpus in NSS CI * bmo#1908012 - set nssckbi version number to 2.70. * bmo#1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert. * bmo#1908009 - Remove Email Trust bit from certSIGN ROOT CA. * bmo#1908006 - Add Cybertrust Japan Roots to NSS. * bmo#1908004 - Add Taiwan CA Roots to NSS. * bmo#1911354 - remove search by decoded serial in nssToken_FindCertificateByIssuerAndSerialNumber * bmo#1913132 - Fix tstclnt CI build failure * bmo#1913047 - vfyserv: ensure peer cert chain is in db for CERT_VerifyCertificateNow * bmo#1912427 - Enable all supported protocol versions for UDP * bmo#1910361 - Actually use random PSK hash type * bmo#1911576 - Initialize NSS DB once * bmo#1910361 - Additional ECH cipher suites and PSK hash types * bmo#1903604 - Automate corpus file generation for TLS client Fuzzer * bmo#1910364 - Fix crash with UNSAFE_FUZZER_MODE * bmo#1910605 - clang-format shlibsign.c - remove obsolete nss-reproducible-builds.patch ==== openSUSE-release ==== Version update (20240927 -> 20240930) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== pangomm ==== Version update (2.52.0 -> 2.54.0) - Update to version 2.54.0: + Color: Add parse_with_alpha(). + Context: Add set/get_round_glyph_positions(). + Item: Add default constructor, get_char_offset(). + Layout: Add set/get_justify_last_line(), get_direction(), get_caret_pos(). + LayoutIter: Add operator bool(), get_run_baseline(). + LayoutLine: Add is_paragraph_start(), get_resolved_direction(), get_height(). + TabArray: Add TabArray(const Glib::ustring& text) constructor, operator bool(), set_positions_in_pixels(), to_string(), set/get_decimal_point(), sort(). + Documentation: - Language::get_scripts(): Improve documentation. - Don't link to removed parts of library.gnome.org. + Build: - Require pango >= 1.54.0. - Meson build: Require meson >= 0.62.0. - Use Meson's pkgconfig module instead of using the *.pc.in templates. - Drop pangomm-docs-without-timestamp.patch, fixed upstream. ==== perl-IO-Socket-SSL ==== Version update (2.88.0 -> 2.89.0) - updated to 2.89.0 (2.089) see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes 2.089 2024/08/29 - new option SSL_force_fingerprint to enforce fingerprint matching even if certificate validation would be successful without - document _get_ssl_object and _get_ctx_object for cases, where direct use of Net::SSLeay functions is needed ==== php8 ==== Version update (8.3.11 -> 8.3.12) Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - Add /srv/www directories to filelist [bsc#1231027] - version update to 8.3.12 CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927) Core: Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer). Fixed bug GH-15515 (Configure error grep illegal option q). Fixed bug GH-15514 (Configure error: genif.sh: syntax error). Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEM not found). Fixed bug GH-15587 (CRC32 API build error on arm 32-bit). Fixed bug GH-15330 (Do not scan generator frames more than once). Fixed uninitialized lineno in constant AST of internal enums. Curl: Fixed bug GH-15547 (curl_multi_select overflow on timeout argument). DOM: Fixed bug GH-15551 (Segmentation fault (access null pointer) in ext/dom/xml_common.h). Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c). Fileinfo: Fixed bug GH-15752 (Incorrect error message for finfo_file with an empty filename argument). FPM: Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026) MySQLnd: Fixed bug GH-15432 (Heap corruption when querying a vector). Opcache: Fixed bug GH-15661 (Access null pointer in Zend/Optimizer/zend_inference.c). Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h). SAPI: Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925) Standard: Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c). Streams: Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated). ==== pipewire ==== Version update (1.2.4 -> 1.2.5) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.2.5: + Highlights - Fix an fd mismatch in the protocol in some cases that could lead to fd leaks and crashes. - Fix a bug where the mixer was not updated after setting the port, which would cause muted audio at boot or resume from suspend. - Fix a potential use-after-free in module-rt when stopping a thread. - Cached objects are now freed in the JACK API to avoid memory leaks. - Some more fixes and improvements. + PipeWire - RequestProcess commands are now only sent after the node completes the state change to RUNNING. - More FreeBSD fixes. - Handle ACTIVE links going to < PAUSED as well. This improves renegotiation in some cases. - Fix an fd mismatch in the protocol in some cases that could lead to fd leaks and crashes. + Modules - Many of the network modules can now also accept hostnames instead of IP addresses. - Fix a potential use-after-free in module-rt when stopping the thread. + SPA - Support for elogind was added. - Some more errors are checked when converting JSON to POD. - Fix a bug where the mixer was not updated after setting the port, which would cause muted audio at boot or resume from suspend. + JACK - The BBT transport handling was improved. Some fields were added to be able to handle the JACK semantics correctly. - Buffers are now aligned according to the maximum CPU alignment instead of the hardcoded 16 bytes alignment. - Cached objects are now freed correctly. + Doc - Some small doc updates. - Don't try to enable apparmor support if without_apparmor is defined (as in SLFO). ==== python-cryptography ==== Version update (43.0.0 -> 43.0.1) - update to 43.0.1: * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.2. ==== python-greenlet ==== Version update (3.1.0 -> 3.1.1) - Fix build error under Leap. - Update to 3.1.1 * Fix crashes on 32-bit PPC Linux. Note that there is no CI for this, and support is best effort; there may be other issues lurking. * Remove unnecessary logging sometimes during interpreter shutdown. * Fix some crashes on 32-bit PPC MacOS. This is a very old platform, and is only known to be tested on beta versions of an operating system that was never released, using the GCC 14 only provided by MacPorts; it may or may not work on the final MacOS X release that supported 32-bit PowerPC. It has the known issue of leaking memory when greenlets are used in multiple threads. Help debugging this would be appreciated. ==== ruby-common ==== - update gem_packages.spec.erb: dont strip the newline at the end of main:filelist output ==== subversion ==== Subpackages: libsvn_auth_gnome_keyring-1-0 libsvn_auth_kwallet-1-0 subversion-bash-completion subversion-perl - Use strip-nondeterminism to normalize jar mtimes ==== tigervnc ==== Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module - Added patch: * n_tigervnc-reproducible-jar-mtime.patch + Use SOURCE_DATE_EPOCH for reproducible jar mtime + Applied if building with Java >= 17