Packages changed: MozillaFirefox (131.0.2 -> 131.0.3) SDL2 (2.30.8 -> 2.30.9) SVT-AV1 (2.2.1 -> 2.3.0) apache-commons-logging (1.3.3 -> 1.3.4) apr-util bubblewrap (0.10.0 -> 0.11.0) cppcheck (2.15.0 -> 2.16.0) ghostscript glib2-branding-openSUSE gnome-control-center (47.1.1 -> 47.1.1+9) grub2 gtk4 (4.16.3 -> 4.16.5) inkscape (1.3.2 -> 1.4) ipmitool java-21-openjdk (21.0.4.0 -> 21.0.5.0) kdump (2.0.9 -> 2.0.10+git0.g62142dd) kf6-kxmlgui kvm_stat libHX (4.23 -> 4.24) libarchive (3.7.6 -> 3.7.7) libcamera (0.3.1 -> 0.3.2) libfprint (1.94.7+tod1 -> 1.94.8+tod1) libgit2 (1.8.3 -> 1.8.4) libnftnl (1.2.7 -> 1.2.8) libnl3 (3.10.0 -> 3.11.0) libnvme (1.10+0.gdd51fa8 -> 1.11) libpng16 (1.6.43 -> 1.6.44) librsvg (2.59.1 -> 2.59.2) libtirpc (1.3.5 -> 1.3.6) libvirt (10.8.0 -> 10.9.0) libvisio libxslt libzip (1.10.1 -> 1.11.1) mc microos-tools (4.0+git1 -> 4.0+git2) mozilla-nss (3.104 -> 3.105) mpg123 (1.32.8 -> 1.32.9) mutter (47.1 -> 47.1+3) nbdkit nftables (1.0.9 -> 1.1.1) nvme-cli (2.10 -> 2.11) openSUSE-release (20241028 -> 20241103) openssh openssl-3 (3.1.4 -> 3.1.7) openssl (3.1.4 -> 3.1.7) openvpn patterns-base patterns-gnome python-Automat (22.10.0 -> 24.8.1) python-M2Crypto (0.42.0 -> 0.43.0) python-Twisted (24.7.0 -> 24.10.0) python-argcomplete (3.4.0 -> 3.5.1) python-httpcore (1.0.5 -> 1.0.6) python-libvirt-python (10.8.0 -> 10.9.0) python-mysqlclient (2.2.4 -> 2.2.5) python-pip (24.2 -> 24.3.1) python-pycups python-service_identity (24.1.0 -> 24.2.0) python-zope.interface (7.1.0 -> 7.1.1) python311 python311-core qemu (9.1.0 -> 9.1.1) rasqal redland ruby-common rubygem-gem2rpm salt samba (4.21.1+git.367.e1da597d86e -> 4.21.1+git.372.cb50f2d0a68) schily seahorse (47.0.1 -> 47.0.1+6) selinux-policy (20241021 -> 20241031) snapper speech-dispatcher (0.12.0~rc3 -> 0.12.0~rc4) sqlite3 (3.46.0 -> 3.46.1) suitesparse (7.5.1 -> 7.8.3) system-users sysvinit (3.10 -> 3.11) tecla-keyboard-layout-viewer tigervnc update-bootloader (1.17 -> 1.18) virt-manager vlc xfce4-branding-openSUSE (4.18.0+git4.79f6d44 -> 4.18.0+git5.88e05bf) xkeyboard-config yaml-cpp yast2-trans (84.87.20240801.d54b6ae08f -> 84.87.20241029.4907c8ec47) === Details === ==== MozillaFirefox ==== Version update (131.0.2 -> 131.0.3) - Mozilla Firefox 131.0.3 * some users could not access the Bill Pay portion of their bank's site (bmo#1923500) * some VR180 and 360 videos were not properly rendering on YouTube (bmo#1922278) * Fixed a crash that Windows users with Avast or AVG security software were experiencing when visiting certain sites. (bmo#1919678) * "List all tabs" button was not able to be moved from the toolbar (bmo#1918681) NFSA 2024-53 * CVE-2024-9936 (bmo#1920381) Undefined behavior in selection node cache - remove obsolete mozilla-rust-disable-future-incompat.patch ==== SDL2 ==== Version update (2.30.8 -> 2.30.9) - Update to release 2.30.9 * Fixed flicker when entering/exiting fullscreen or moving the window between scaled and non-scaled displays under Wayland. ==== SVT-AV1 ==== Version update (2.2.1 -> 2.3.0) - Update to release 2.3.0 * Improved fast-decode level 1 option to increase its AV1 software cycle reduction by ~10% while maintaining the same quality levels. * New fast-decode level 2 to allow for an average AV1 software cycle reduction of 25-50% vs fast-decode 0 with a 1-3% BD-Rate loss across the presets. * Improved --lp settings for high resolutions, with CRF gaining a ~4% improvement in speed and VBR gaining ~15%. * Further ARM-based optimizations improving the efficiency of previously written NEON implementations by an average of 30%. ==== apache-commons-logging ==== Version update (1.3.3 -> 1.3.4) - Upgrade to 1.3.4 * Bug fix: + LOGGING-192: Fix factory loading from context class loader #280, #281. ==== apr-util ==== - Fix dependency on libapr: in 2021, libapr1 was renamed to libapr1-0, conforming to the shared library packaging policy. requires_eq silently dropped the dependency, as the packahe name, libapr1, does not exist. ==== bubblewrap ==== Version update (0.10.0 -> 0.11.0) Subpackages: bubblewrap-zsh-completion - update to 0.11.0: * New --overlay, --tmp-overlay, --ro-overlay and --overlay-src options allow creation of overlay mounts. This feature is not available when bubblewrap is installed setuid. * New --level-prefix option produces output that can be parsed by tools like logger --prio-prefix and systemd-cat --level-prefix=1 * bug fixes and developer visible changes - add upstream signing key and validate source signature ==== cppcheck ==== Version update (2.15.0 -> 2.16.0) - update to 2.16.0 Improved checking: * constVariable; checking multidimensional arrays * constVariablePointer; nested array access * deallocuse Changed interface: * SARIF output. Use --output-format=sarif to activate this. * Add option --output-format=. Allowed formats are sarif and xml. Deprecations: * The previously deprecated support for Python 2.7 has been removed. Please use Python 3 instead. * The maximum value for --max-ctu-depth is currently capped at 10. This limitation will be removed in a future release. Other: * "missingInclude" is no longer implicitly enabled with "information" - you need to enable it explicitly now. * Fixed checkers report when --addon=misra.py or - -addon=misra.json is used. ==== ghostscript ==== Subpackages: ghostscript-x11 - Enhanced entry below dated "Wed Oct 23 08:54:59 UTC 2024" by adding the individual "bsc" numbers for each CVE, see https://bugzilla.suse.com/show_bug.cgi?id=1232173#c4 and by adding the "IMPORTANT" change in Ghostscript 10.04.0 - spec file cleanup: removed the special cases for SLE12 i.e. rely on "suse_version >= 1500" as given precondition (recent Ghostscript versions fail to build in SLE12 anyway) ==== glib2-branding-openSUSE ==== - Remove "picture-uri-dark" in schema "org.gnome.desktop.screensaver", there is no this key in schema currently. ==== gnome-control-center ==== Version update (47.1.1 -> 47.1.1+9) Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces gnome-control-center-users - Update to version 47.1.1+9: * wwan: Fix status pages * default-apps-row: - Fix auto_ptr usage causing leaks - Fix auto_ptr use-after-free * Updated translations. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin grub2-systemd-sleep-plugin - Enable support of Radix, Xive and Radix_gtse on Power (jsc#PED-9881) * 0001-kern-ieee1275-init-Add-IEEE-1275-Radix-support-for-K.patch ==== gtk4 ==== Version update (4.16.3 -> 4.16.5) Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.16.5: + Clean up debug spew. - Update to version 4.16.4: + GtkTextView: - Fix some missing CSS invalidation - Handle charsets in clipboard datatypes + GtkApplication: Respect GDK_DEBUG=no-portals + Printing: - Avoid warnings for avahi errors - Fix a segfault in the print dialog setup code + Accessibility: Handle NULL values in more places + Gdk: - vulkan: Fix validation errors - Fix 32bit build for the jpeg loader + Wayland: Fix a possible deadlock with high-priority sources triggering Wayland roundtrips + Updated translations. ==== inkscape ==== Version update (1.3.2 -> 1.4) Subpackages: inkscape-extensions-extra inkscape-extensions-gimp - Update to version 1.4: + Filter Gallery + Modular grids & improved axonometric grids + Swatches dialog and palette file handling improved + Unified font browser preview + Customizable handles + Fast image clipping with the Shape Builder + Affinity Designer File Import + Support for internal links in exported PDF files + A whole new icon set + See the full release notes https://inkscape.org/release/inkscape-1.4 - Drop inkscape-poppler-24.03.0.patch, inkscape-libxml2.12.patch, inkscape-poppler-c++20.patch, inkscape-poppler-24.05.0.patch, inkscape-poppler-c++20-2.patch, inkscape_1.3.2_fix_tiff.patch, fixed upstream ==== ipmitool ==== - Drop rcFOO symlinks (PED-266). - To create rcipmievd, the service binary is required at build time. This binary is provided by aaa_base. Make sure this package is available during build. ==== java-21-openjdk ==== Version update (21.0.4.0 -> 21.0.5.0) Subpackages: java-21-openjdk-headless - Update to upstream tag jdk-21.0.5+13 (October 2024 CPU) * Security fixes + JDK-8307383: Enhance DTLS connections + JDK-8311208: Improve CDS Support + JDK-8328286, CVE-2024-21208, bsc#1231702: Enhance HTTP client + JDK-8328544, CVE-2024-21210, bsc#1231711: Improve handling of vectorization + JDK-8328726: Better Kerberos support + JDK-8331446, CVE-2024-21217, bsc#1231716: Improve deserialization support + JDK-8332644, CVE-2024-21235, bsc#1231719: Improve graph optimizations + JDK-8335713: Enhance vectorization analysis * Other changes + JDK-6355567: AdobeMarkerSegment causes failure to read valid JPEG + JDK-6967482: TAB-key does not work in JTables after selecting details-view in JFileChooser + JDK-7022325: TEST_BUG: test/java/util/zip/ZipFile/ /ReadLongZipFileName.java leaks files if it fails + JDK-8051959: Add thread and timestamp options to java.security.debug system property + JDK-8073061: (fs) Files.copy(foo, bar, REPLACE_EXISTING) deletes bar even if foo is not readable + JDK-8166352: FilePane.createDetailsView() removes JTable TAB, SHIFT-TAB functionality + JDK-8170817: G1: Returning MinTLABSize from unsafe_max_tlab_alloc causes TLAB flapping + JDK-8211847: [aix] java/lang/ProcessHandle/InfoTest.java fails: "reported cputime less than expected" + JDK-8211854: [aix] java/net/ServerSocket/ /AcceptInheritHandle.java fails: read times out + JDK-8222884: ConcurrentClassDescLookup.java times out intermittently + JDK-8238169: BasicDirectoryModel getDirectories and DoChangeContents.run can deadlock + JDK-8241550: [macOS] SSLSocketImpl/ReuseAddr.java failed due to "BindException: Address already in use" + JDK-8242564: javadoc crashes:: class cast exception com.sun.tools.javac.code.Symtab$6 + JDK-8260633: [macos] java/awt/dnd/MouseEventAfterStartDragTest/ /MouseEventAfterStartDragTest.html test failed + JDK-8261433: Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit + JDK-8269428: java/util/concurrent/ConcurrentHashMap/ /ToArray.java timed out + JDK-8269657: Test java/nio/channels/DatagramChannel/ /Loopback.java failed: Unexpected message + JDK-8280120: [IR Framework] Add attribute to @IR to enable/disable IR matching based on the architecture + JDK-8280392: java/awt/Focus/NonFocusableWindowTest/ /NonfocusableOwnerTest.java failed with "RuntimeException: Test failed." + JDK-8280988: [XWayland] Click on title to request focus test failures + JDK-8280990: [XWayland] XTest emulated mouse click does not bring window to front + JDK-8283223: gc/stringdedup/TestStringDeduplicationFullGC.java [#]Parallel failed with "RuntimeException: String verification failed" + JDK-8287325: AArch64: fix virtual threads with - XX:UseBranchProtection=pac-ret + JDK-8291809: Convert compiler/c2/cr7200264/TestSSE2IntVect.java to IR verification test + JDK-8294148: Support JSplitPane for instructions and test UI + JDK-8299058: AssertionError in sun.net.httpserver.ServerImpl when connection is idle + JDK-8299487: Test java/net/httpclient/whitebox/ /SSLTubeTestDriver.java timed out + JDK-8299790: os::print_hex_dump is racy + JDK-8299813: java/nio/channels/DatagramChannel/Disconnect.java fails with jtreg test timeout due to lost datagram + JDK-8301686: TLS 1.3 handshake fails if server_name doesn't match resuming session + JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing test + JDK-8305072: Win32ShellFolder2.compareTo is inconsistent + JDK-8305825: getBounds API returns wrong value resulting in multiple Regression Test Failures on Ubuntu 23.04 + JDK-8307193: Several Swing jtreg tests use class.forName on L&F classes + JDK-8307352: AARCH64: Improve itable_stub + JDK-8307778: com/sun/jdi/cds tests fail with jtreg's Virtual test thread factory + JDK-8307788: vmTestbase/gc/gctests/LargeObjects/large003/ /TestDescription.java timed out + JDK-8308286: Fix clang warnings in linux code + JDK-8308660: C2 compilation hits 'node must be dead' assert + JDK-8309067: gtest/AsyncLogGtest.java fails again in stderrOutput_vm + JDK-8309621: [XWayland][Screencast] screen capture failure with sun.java2d.uiScale other than 1 + JDK-8309685: Fix -Wconversion warnings in assembler and register code + JDK-8309894: compiler/vectorapi/ /VectorLogicalOpIdentityTest.java fails on SVE system with UseSVE=0 + JDK-8310072: JComboBox/DisabledComboBoxFontTestAuto: Enabled and disabled ComboBox does not match in these LAFs: GTK+ ... changelog too long, skipping 570 lines ... + JDK-8341989: [21u] Back out JDK-8327501 and JDK-8328366 ==== kdump ==== Version update (2.0.9 -> 2.0.10+git0.g62142dd) - upgrade to version 2.0.10 * calibrate: don't add percentage margin on top of LUKS memory (bsc#1229207) ==== kf6-kxmlgui ==== Subpackages: libKF6XmlGui6 - Fix qt6-core-private-devel minimum version ==== kvm_stat ==== - Add a patch that makes it possible to use kvm_stat from scripts (it has been submitted upstream already): * Added patches: fix-termination-behavior-when-not-on-a-terminal.patch ==== libHX ==== Version update (4.23 -> 4.24) - Update to release 4.24 * io: resolve use-after-free and out-of-bounds writes in conjunction with ``HX_realpath`` * io: add ``HX_getcwd`` function ==== libarchive ==== Version update (3.7.6 -> 3.7.7) - Update to 3.7.7: * gzip: prevent a hang when processing a malformed gzip inside a gzip * tar: don't crash on truncated tar archives * tar: fix two leaks in tar header parsing * 7-zip: read/write symlink paths as UTF-8 * cpio: exit with an error code if an entry could not be extracted * rar5: report encrypted entries * tar: fix truncation of entry pathnames in specific archives ==== libcamera ==== Version update (0.3.1 -> 0.3.2) Subpackages: libcamera-base0_3 libcamera0_3 - Update to release 0.3.2 * Add Sony IMX214 sensor properties ==== libfprint ==== Version update (1.94.7+tod1 -> 1.94.8+tod1) - update to 1.94.8+tod1 * build: Support building in non-linux unix environments (tested in FreeBSD) * egismoc: New PIDs 0x0583, 0x0586, 0x0587. * elanmoc: New PID 0x0C9F. * fpcmoc: New PIDs 0x9524, 0x9544. * goodixmoc: New PIDs 0x609A, 0x650A, 0x650C, 0x6512. * realtek: New PID 0x5816. * synaptics: New PIDs 0x00C4, 0x019D, 0x00C6. * fpcmoc: fix incorrect immobile handling during enrollment. * fpcmoc: fixed jumping to wrong state at end of custom enroll. * egismoc: various code cleanups. - fix compilation error + label-can-only-be-part-of-a-statement.patch ==== libgit2 ==== Version update (1.8.3 -> 1.8.4) - update to 1.8.4: * Actually includes the pre-1.8.0 commit constness behavior fix ==== libnftnl ==== Version update (1.2.7 -> 1.2.8) - Update to release 1.2.8 * Fixes for incorrect validation of dynset netlink attributes from the kernel ==== libnl3 ==== Version update (3.10.0 -> 3.11.0) Subpackages: libnl-config libnl3-200 - Update to release 3.11 * Add NLA_{SINT|UINT} attribute types * Add NLA functions for variable-length integers * link/bonding: add getters for attributes * lib/route: add support for bridge msti ==== libnvme ==== Version update (1.10+0.gdd51fa8 -> 1.11) Subpackages: libnvme-mi1 libnvme1 - Update to version 1.11: * prefix: Use Request or Response Length in DLEN and DOFF for MI * types: Add ETPVDS and SSI fields of sanitize status log * json: do not escape strings when printing the configuration * tree: do no export tls keys when not provided by user * types: add struct nvme_id_ctrl_nvm ver and lbamqf member variables * types: add NVMe 2.1 get log page LIDs * type: Added enums for ANSAN and RGCNS bit of OAES field * linux: fixup PSK HMAC type '0' handling * util: added error code for ENOKEY * fabrics: fix map error level in __nvmf_add_ctrl * fabrics: add ctrl connect interface * fabrics: use hex numbers when generating command line options * fabrics: rename first argument for argument macros * linux: handle key import correctly * linux: export keys to config * tree: read tls_configured_key and tls_keyring from sysfs * tree: move dhchap and tls sysfs parser into separate functions * json: move keystore operations out of the JSON parser * tree: add getter/setters for TLS PSK * linux: add import/export function for TLS pre-shared keys * linux: only return the description of a key * linux: use ssize_t as return type for nvme_identity_len * linux: reorder variable declarations * types: Added enum for SMVES event of PEL log * libnvme: add lockdown log page support(LID : 0x14) * libnvme: add EMVS support to sanitize command * types: Add TP4159 PCIe Infrastructure for Live Migration definitions * types: add NVME_CTRL_OAES get macro definitions * types: add NVME_CTRL_OAES_TTHR definition * types: add NVME_CTRL_FNA definitions to get field values * types: add NVME_VAL() definition * tree: fix tls key mem leak (bsc#1231668) * tree: fix dhchap_ctrl_key mem leak (bsc#1231668) * tree: fix dhchap_key mem leak (bsc#1231668) * types: add NVME_CHECK() definition to check nvme register field value * types: add kv opcodes * types: added new fields in nvme_nvme_id_ns * types: Add enum for Completion Condition of Get LBA status command * ioctl: refactoring set_features * types: add new fields added in TP4142 * mi: add control primitive command * linux: Correct error handling for derive_psk_digest (bsc#1228376) * types: Added new field CSER in enum as per TP4167 - build fix for OpenSSL 1.1 * add 0001-linux-fix-derive_psk_digest-OpenSSL-1.1-version.patch ==== libpng16 ==== Version update (1.6.43 -> 1.6.44) - version update to 1.6.44: * Hardened calculations in chroma handling to prevent overflows, and relaxed a constraint in cHRM validation to accomodate the standard ACES AP1 set of color primaries. (Contributed by John Bowler) * Removed the ASM implementation of ARM Neon optimizations and updated the build accordingly. Only the remaining C implementation shall be used from now on, thus ensuring the support of the PAC/BTI security features on ARM64. (Contributed by Ross Burton and John Bowler) * Fixed the pickup of the PNG_HARDWARE_OPTIMIZATIONS option in the CMake build on FreeBSD/amd64. This is an important performance fix on this platform. * Applied various fixes and improvements to the CMake build. (Contributed by Eric Riff, Benjamin Buch and Erik Scholz) * Added fuzzing targets for the simplified read API. (Contributed by Mikhail Khachayants) * Fixed a build error involving pngtest.c under a custom config. This was a regression introduced in a code cleanup in libpng-1.6.43. (Contributed by Ben Wagner) * Fixed and improved the config files for AppVeyor CI and Travis CI. - Drop upstream patch: * 563.patch ==== librsvg ==== Version update (2.59.1 -> 2.59.2) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Change license to LGPL-2.1-or-later AND MIT. - Update to version 2.59.2: + Fix stack overflow due to unbounded recursion. Now there is a hard limit on the number of nested layers that an SVG document may have. This is not a hard limit on the amount of stack space consumed, but it is a general mitigation. + Fix regression when rendering paths with very flat elliptical arcs. This bug was introduced in 2.59.1 as part of the mitigation for paths with coordinates that Cairo is unable to handle. + Fix centering and text-anchor in general for scaled text. + Fix building with Rust 1.82 on Windows (Christoph Reiter). + Make cancellation work for all the resource loading functions. + Add documentation for rsvg-bench to the development guide. + Slight improvement in memory consumption for language tags. + Many updates to the developer's documentation, for Outreachy interns. ==== libtirpc ==== Version update (1.3.5 -> 1.3.6) Subpackages: libtirpc-netconfig libtirpc3 - update to 1.3.6: * http://sourceforge.net/projects/libtirpc/files/libtirpc/1.3.6/Release-1.3.6.txt * https://lore.kernel.org/linux-nfs/91ef3508-d0a6-48db-adfc-4f7831fba74e@redhat.com/ * rpcbind config changes ==== libvirt ==== Version update (10.8.0 -> 10.9.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs - Update to libvirt 10.9.0 - jsc#PED-8909, jsc#9854, jsc#9855 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v10-9-0-2024-11-01 ==== libvisio ==== - libvisio testsuite in combination with ICU 76.1 requires UTF-8 locale during %check [boo#1232061] ==== libxslt ==== Subpackages: libexslt0 libxslt-tools libxslt1 - Add libxslt-reproducible.patch to make xml output deterministic (boo#1062303) ==== libzip ==== Version update (1.10.1 -> 1.11.1) - version update to 1.11.1 * Fix zipconf.h for version number with missing third component. * Stop searching after finding acceptable central directory, even if it contains inconsistencies. * Only write Zip64 EOCD if fields don't fit in normal EOCD. Previously libzip also wrote it when any directory entry required Zip64. * Allow bytes from 0x00-0x1F as UTF-8. * Add new error code ZIP_ER_TRUNCATED_ZIP for files that start with a valid local header signature. * `zipcmp`: add -T option for comparing timestamps. * `zip_file_replace` now removes the target's extra field information. ==== mc ==== Subpackages: mc-lang - Added patch 4575-fix-wrapper.patch - fixes boo#1203617 ==== microos-tools ==== Version update (4.0+git1 -> 4.0+git2) Subpackages: selinux-autorelabel - Update to version 4.0+git2: * Add RemainAfterExit=true to autorelabel services ==== mozilla-nss ==== Version update (3.104 -> 3.105) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools - update to NSS 3.105 * bmo#1915792 - Allow importing PKCS#8 private EC keys missing public key * bmo#1909768 - UBSAN fix: applying zero offset to null pointer in sslsnce.c * bmo#1919577 - set KRML_MUSTINLINE=inline in makefile builds * bmo#1918965 - Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys * bmo#1918767 - override default definition of KRML_MUSTINLINE * bmo#1916525 - libssl support for mlkem768x25519 * bmo#1916524 - support for ML-KEM-768 in softoken and pk11wrap * bmo#1866841 - Add Libcrux implementation of ML-KEM 768 to FreeBL * bmo#1911912 - Avoid misuse of ctype(3) functions * bmo#1917311 - part 2: run clang-format * bmo#1917311 - part 1: upgrade to clang-format 13 * bmo#1916953 - clang-format fuzz * bmo#1910370 - DTLS client message buffer may not empty be on retransmit * bmo#1916413 - Optionally print config for TLS client and server fuzz target * bmo#1916059 - Fix some simple documentation issues in NSS. * bmo#1915439 - improve performance of NSC_FindObjectsInit when template has CKA_TOKEN attr * bmo#1912828 - define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN ==== mpg123 ==== Version update (1.32.8 -> 1.32.9) Subpackages: libmpg123-0 mpg123-openal - Update to version 1.32.9 libmpg123: * Increase the library patchlevel, as was forgotten on previous release. Now you can check for distversion >= 1.32.8 or mpg123 libversion >= 48 patchlevel 3 to see if you're vulnerable to CVE-2024-10573. ==== mutter ==== Version update (47.1 -> 47.1+3) - Update to version 47.1+3: * wayland/pointer-constraints: Warp pointer after destroying resource * Updated translations. ==== nbdkit ==== Subpackages: nbdkit-basic-filters nbdkit-basic-plugins nbdkit-curl-plugin nbdkit-nbd-plugin nbdkit-python-plugin nbdkit-server nbdkit-ssh-plugin - spec: Cleanup 'Provides' list for the nbdkit-basic-plugins and nbdkit-basic-filters subpackages ==== nftables ==== Version update (1.0.9 -> 1.1.1) Subpackages: libnftables1 python311-nftables - Update to release 1.1.1 * Reduce netlink cache dependencies to speed up incremental updates. * Allow zero burst in byte ratelimiter expression. * Fix double-free when users call nft_ctx_clear_vars() followed by nft_ctx_free(). * Document that the tproxy statement is non-terminal (unlike in iptables). This allows for tproxy+log and tproxy+mark combos, see man nft(8) for details. * Add egress support for the `list hooks` subcommand. - Update to release 1.1.0 * Restore compatibility set element dump with <= 0.9.8 * Disallow empty interface names * Restore rule replace command * Search for group, rt_mark, rt_realms at /etc/iproute2, /usr/share/iproute2 * Resolve some timezone issues * Support for variables in map expressions * VLAN support ==== nvme-cli ==== Version update (2.10 -> 2.11) Subpackages: nvme-cli-bash-completion nvme-cli-zsh-completion - Update to version 2.11: * docs: update check-tls-key arguments * nvme: add support to append TLS PSK to keyfile for check-tls-key * nvme: return correct error code in append_keyfile * docs: nvme-id-doman: dom{ia => ai}n * ocp: fix latency monitoring data structure entry endian * ocp: fix TCG configuration log endian * ocp: fix firmware activation history entry endian * docs: update gen-tls-key arguments * nvme: add support to add derive TLS PSK to keyfile * nvme: rename identity to version * nvme: set file permission for keyfile to owner only * nvme: export tls keys honoring version and hmac * nvmf-keys: add udev rule to import tls keys * docs: update TLS options * fabrics: add support to connect to accept a PSK command line * fabrics: add support to connect to accept a configuration * nvme: use unsigned char for hmac and identity * nvme-print: Add Sanitize Media Verification Event in PEL log * netapp-ontapdev: add err msg for no ontapdevices * netapp-smdev: add err msg for no smdevices * doc: Add sanitize command emvs option * ocp: combine to use GUID length definitions * nvme: update tls_key() handling * nvme-print-stdout: print VERS bit of SANICAP field * nvme: add EMVS support to sanitize command * ocp: remove callback function cast * doc: added commit conventions to contribution guidelines * ocp: fix ocp-print-stdout.c indentation error * ocp: fix ocp-nvme.c indentation errors * ocp: build ocp-nvme.c and ocp-telemetry-decode.c without json * ocp: split TCG configuration log print codes * ocp: split telemetry string log print codes * ocp: split device capabilities log print codes * ocp: split error recovery log print codes * ocp: split unsupported requirement log print codes * ocp: split latency monitor log print codes * ocp: move ocp telemetry log print function into ocp-print * ocp: split smart extended log print codes * ocp: split ocp-fw-activation-history print codes * plugins: update meson.build file to always build ocp plugin * ocp-print: move json code into separate files * nvme-print-json: display only verbose output * ocp-nvme: ocp plugin version update * nvme-print: print KV command set page header * doc: show where self-test results can be found * plugins/memblaze: fix a wrong id on smart-log-add * plugins/dapustor: smart-log-add fix * plugins/sed: add sid password change (bsc#1229677) * plugins/solidigm: Automatic retry smaller log chunk size. * ocp-nvme: Add LMDATA-37 for Latency Monitor Log * ocp-nvme: remove ocp log page version checking * wdc: Fix for Reading WDC C2 Vendor Unique Log Page * ocp: Fixes for OCP 2.5 Telemetry DA1 FIFO Event Parsing * nvme-print-json: update JSON verbose output for nvm-id-ctrl (bsc#1231668) * wdc: Add Support for SN5100S * nvme: Support show-regs for nvmeof * ocp: fix option handling in internal-log * Documentation: Added solidigm plugin commands * wdc: add support for SNTMP drive * nvme-print: print NSSES field of CAP register * ocp: fix GUID output * nvme-print-json: print controller register values in offset order * nvme-print-json: print CMBEBS and CMBSWTP in json format * nvme-print-stdout: update changed-ns-list-log output (bsc#1231668) * nvme: fix uninitialized value in error-log (bsc#1231668) * nvme: fix to convert metadata size to native byte order * nvme-print: fix error information log page endianness error * completions: add get-feature command changed option * doc: add get-feature command changed option * nvme: separate get NVME_GET_FEATURES_SEL_CHANGED definition * nvme: use NVME_GET_FEATURES_SEL definitions * nvme-print-stdout: use NVME_CTRL_OAES definitions * completion: add ocp set-telemetry-profile to zsh * completion: add solidgm work-tracker binding * plugins/solidigm: Added Workload Tracker Triggers and Wall Time * ocp: include util/types.h to use nvme_uint128_t * ocp: fix to set log data pointer allocated * nvme: use NVME_CHECK() to check get features select field value * ocp: split ocp-hwcomp log * completions: add ocp hardware-component-log command * doc: add ocp hardware-component-log command * ocp: add hwcomp log json output * ocp: add hwcomp log command list option * ocp: add hwcomp log command comp-id option * ocp: add hwcomp dummy definition * ocp: add support for hwcomp log page * nvme: use NVME_CTRL_FNA definitions * netapp-smdevices: print single device output too (bsc#1231668) * netapp-smdevices: segregate print routines (bsc#1231668) * Add Support for new SN655 PCI Device ID * nvme-print-json: extern json object add functions * ocp: add SMART / health information extended log page version 4 * ocp: add error recovery log page version 3 * ocp: add get-enable-ieee1667-silo command * fabrics: fix incorrect access filename check (bsc#1231668) * nvme: use NVME_GET_FEATURES_SEL_SUPPORTED definition * nvme-print-json: use _cleanup_free_ * plugins/solidigm: fix use after free. ... changelog too long, skipping 32 lines ... - Install 70-nvmf-keys.rules to the default udev rules directory ==== openSUSE-release ==== Version update (20241028 -> 20241103) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Don't force using gcc11 on SLFO/ALP which have a newer version. - Add patches from upstream: - To fix a copy&paste oversight in an ifdef : * 0001-fix-utmpx-ifdef.patch - To fix a regression introduced when the "Match" criteria tokenizer was modified since it stopped supporting the "Match criteria=argument" format: * 0002-upstream-fix-regression-introduced-when-I-switched-the-Match.patch - To fix the previous patch which broke on negated Matches: * 0003-upstream-fix-previous-change-to-ssh_config-Match_-which-broken-on.patch - To fix the ML-KEM768x25519 kex algorithm on big-endian systems: * 0004-upstream-fix-ML-KEM768x25519-KEX-on-big-endian-systems-spotted-by.patch ==== openssl-3 ==== Version update (3.1.4 -> 3.1.7) Subpackages: libopenssl3 - Update to 3.1.7: * Major changes between OpenSSL 3.1.6 and OpenSSL 3.1.7 [3 Sep 2024] - Fixed possible denial of service in X.509 name checks (CVE-2024-6119) - Fixed possible buffer overread in SSL_select_next_proto() (CVE-2024-5535) * Major changes between OpenSSL 3.1.5 and OpenSSL 3.1.6 [4 Jun 2024] - Fixed potential use after free after SSL_free_buffers() is called (CVE-2024-4741) - Fixed an issue where checking excessively long DSA keys or parameters may be very slow (CVE-2024-4603) - Fixed unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511) * Major changes between OpenSSL 3.1.4 and OpenSSL 3.1.5 [30 Jan 2024] - Fixed PKCS12 Decoding crashes (CVE-2024-0727) - Fixed Excessive time spent checking invalid RSA public keys [CVE-2023-6237) - Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC CPUs which support PowerISA 2.07 (CVE-2023-6129) - Fix excessive time spent in DH check / generation with large Q parameter value (CVE-2023-5678) * Update openssl.keyring with BA5473A2B0587B07FB27CF2D216094DFD0CB81EF * Rebase patches: - openssl-Force-FIPS.patch - openssl-FIPS-embed-hmac.patch - openssl-FIPS-services-minimize.patch - openssl-FIPS-RSA-disable-shake.patch - openssl-CVE-2023-50782.patch * Remove patches fixed in the update: - openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch - openssl-CVE-2024-6119.patch openssl-CVE-2024-5535.patch - openssl-CVE-2024-4741.patch openssl-CVE-2024-4603.patch - openssl-CVE-2024-2511.patch openssl-CVE-2024-0727.patch - openssl-CVE-2023-6237.patch openssl-CVE-2023-6129.patch - openssl-CVE-2023-5678.patch - openssl-Enable-BTI-feature-for-md5-on-aarch64.patch - openssl-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch - openssl-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch - reproducible.patch ==== openssl ==== Version update (3.1.4 -> 3.1.7) - Update to 3.1.7 ==== openvpn ==== - Fix multiple exit notifications from authenticated clients will extend the validity of a closing session (bsc#1227546 CVE-2024-28882) Patchname:openvpn-CVE-2024-28882.patch - Enable Data-Channel-Offloading (DCO) for better performance (jsc#PED-8305) if libnl >= 3.4 is available ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - Agama does not install chrony, add it to the pattern like on all other products, so that it is always there, including on images. ==== patterns-gnome ==== Subpackages: patterns-gnome-gnome patterns-gnome-gnome_basic patterns-gnome-gnome_basis patterns-gnome-gnome_basis_opt patterns-gnome-gnome_games patterns-gnome-gnome_imaging patterns-gnome-gnome_internet patterns-gnome-gnome_multimedia patterns-gnome-gnome_office patterns-gnome-gnome_utilities patterns-gnome-gnome_x11 patterns-gnome-gnome_yast patterns-gnome-sw_management_gnome - Drop file-roller Recommends, the built in support in nautilus is sufficient. - Change console to gnome-console Recommends: Use the current app name. - Drop nautilus-extension-terminal Recommends: nautilus supports gnome-console nativly. ==== python-Automat ==== Version update (22.10.0 -> 24.8.1) - update to 24.8.1: * major new api * python 3.12/3.13 ==== python-M2Crypto ==== Version update (0.42.0 -> 0.43.0) - Update to 0.43.0: - feat[m2]: add m2.time_t_bits to checking for 32bitness. - fix[tests]: Use only X509_VERSION_1 (0) as version for CSR. - fix[EC]: raise ValueError when load_key_bio() cannot read the file (bsc#1231589). - ci: use -mpip wheel instead of -mbuild - fix: use PyMem_Malloc() instead of malloc() - fix[hints]: more work on conversion of type hints to the py3k ones - fix: make the package build even on Python 3.6 - ci[local]: skip freezing local tests - fix[hints]: remove AnyStr type - test: add suggested test for RSA.{get,set}_ex_data - fix: implement interfaces for RSA_{get,set}_ex_new_{data,index} - fix: generate src/SWIG/x509_v_flag.h to overcome weaknesses of swig - fix: replace literal enumeration of all VERIFY_ constants by a cycle - test: unify various test cases in test_ssl related to ftpslib - fix: replace deprecated url keyword in setup.cfg with complete project_urls map ==== python-Twisted ==== Version update (24.7.0 -> 24.10.0) Subpackages: python311-Twisted python311-Twisted-tls - update to 24.10.0: * Python 3.13 is now supported. * twisted.internet.defer.succeed() is significantly faster, and awaiting Deferred has also been sped up. * twisted.python.failure.Failure creation no longer records the place where it was created. This reduces creation time by 60% at least, thereby speeding up Deferred error handling. * twisted.internet.defer.Deferred no longer removes the traceback object from Failures. This may result in more objects staying in memory if you don't clean up failed Deferreds, but it speeds up error handling and enables improvements to traceback reporting. * twisted.internet.defer APIs are 2%-4% faster in many cases. * twisted.internet.defer.Deferred runs callbacks with chained Deferreds a little faster. * The reactor now will use a little less CPU when events have been scheduled with callLater(). * Creation of twisted.python.failure.Failure is now faster. * Fixed unreleased regression caused by PR 12109. * twisted.logger.eventAsText can now format the output having types/classes as input. This was a regression introduced in Twisted 24.3.0. * twisted.internet.endpoints.clientFromString for TLS endpoints with "bindAddress=" no longer crashes during connect. twisted.internet.endpoints.HostnameEndpoint() no longer crashes when given a bindAddress= argument that is just a string, and that argument now accepts either address strings or (address, port) tuples. * The URLs from README and pyproject.toml were updated. * #11236, #12060, #12062, #12099, #12219, #12290, #12296, [#12305], #12329, #12331, #12339 * twisted.conch.ssh.keys.Key can now load public blob keys of type sk-ssh-ed25519@openssh.com and sk-ecdsa- sha2-nistp256@openssh.com. * twisted.conch tests no longer rely on OpenSSH supporting DSA keys, fixing compatibility with OpenSSH >= 9.8. * twisted.conch.ssh.SSHCiphers no longer supports the cast128-ctr, cast128-cbc, blowfish-ctr, and blowfish-cbc ciphers. The Blowfish and CAST5 ciphers were removed as they were deprecated by the Python cryptography library. * #12313 * The twisted.web HTTP server and client now reject HTTP header names containing whitespace or other invalid characters by raising twisted.web.http_headers.InvalidHeaderName, improving compliance with RFC 9110. As a side effect, the server is slightly faster. * twisted.web.client and twisted.web.server now disable the Nagle algorithm (enable TCP_NODELAY), reducing the latency of small HTTP queries. * twisted.web.server is 1-2% faster in some cases. * twisted.web's HTTP/1.1 server now rejects header values containing a NUL byte with a 400 error, in compliance with RFC 9110. * twisted.internet.address no longer raises DeprecationWarning when used with attrs>=24.1.0. * twisted.web's HTTP/1.1 server now accepts '&' within tokens (methods, header field names, etc.), in compliance with RFC 9110. * #9743, #12276 * Trial's -j flag now accepts an auto keyword to spawn a number of workers based on the available CPUs. - drop 12313-fix-test_manhole.patch: upstream ==== python-argcomplete ==== Version update (3.4.0 -> 3.5.1) - Update to the version 3.5.1: - Restore compatibility with argparse in Python 3.12.7+ - Use project.scripts instead of setuptools scripts - Test infrastructure improvements - Remove upstreamed patches: - argparse-3_12_7.patch - Add _multibuild (to make testing against fully installed package) ==== python-httpcore ==== Version update (1.0.5 -> 1.0.6) - Update to 1.0.6 * Relax `trio` dependency pinning. * Handle `trio` raising `NotImplementedError` on unsupported platforms. * Handle mapping `ssl.SSLError` to `httpcore.ConnectError`. - Update Requires from pyproject.toml ==== python-libvirt-python ==== Version update (10.8.0 -> 10.9.0) - Update to 10.9.0 - Add all new APIs and constants in libvirt 10.9.0 - jsc#PED-8909, jsc#9854, jsc#9855 ==== python-mysqlclient ==== Version update (2.2.4 -> 2.2.5) - update to 2.2.5: * (Windows wheel) Update MariaDB Connector/C to 3.4.1. #726 * (Windows wheel) Build wheels for Python 3.13. #726 ==== python-pip ==== Version update (24.2 -> 24.3.1) - update to 24.3.1: * Allow multiple nested inclusions of the same requirements file again. * Deprecate wheel filenames that are not compliant with PEP 440. * Detect recursively referencing requirements files and help users identify the source. * Support for PEP 730 iOS wheels. * Display a better error message when an already installed package has an invalid requirement. * Ignore PIP_TARGET and pip.conf global.target when preparing a build environment. * Restore support for macOS 10.12 and older (via truststore). * Allow installing pip in editable mode in a virtual environment on Windows. * Upgrade certifi to 2024.8.30 * Upgrade distlib to 0.3.9 * Upgrade truststore to 0.10.0 * Upgrade urllib3 to 1.26.20 ==== python-pycups ==== - fix_shebang on the postscript driver rpmhook ==== python-service_identity ==== Version update (24.1.0 -> 24.2.0) - update to 24.2.0: * Python 3.13 is now officially supported. * pyOpenSSL's identity extraction has been reimplemented using * cryptography*'s primitives instead of deprecated pyOpenSSL APIs. * As a result, the oldest supported pyOpenSSL version is now 17.1.0. ==== python-zope.interface ==== Version update (7.1.0 -> 7.1.1) - Update to 7.1.1 * Fix segmentation faults in `weakrefobject.c` on Python 3.12 and 3.13. (#323) - Adjust upstream source name in spec file ==== python311 ==== Subpackages: python311-curses python311-dbm - Add CVE-2024-9287-venv_path_unquoted.patch to properly quote path names provided when creating a virtual environment (bsc#1232241, CVE-2024-9287) - Drop .pyc files from docdir for reproducible builds (bsc#1230906). ==== python311-core ==== Subpackages: libpython3_11-1_0 python311-base - Add CVE-2024-9287-venv_path_unquoted.patch to properly quote path names provided when creating a virtual environment (bsc#1232241, CVE-2024-9287) - Drop .pyc files from docdir for reproducible builds (bsc#1230906). ==== qemu ==== Version update (9.1.0 -> 9.1.1) Subpackages: qemu-arm qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-pr-helper qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios - Update to version 9.1.1: Full changelog here: https://lore.kernel.org/qemu-devel/7f0561ec-3564-4860-bacf-a98071a5ce52@tls.msk.ru/ Some of the most notable features: * ui/dbus: fix filtering all update messages * ui/win32: fix potential use-after-free with dbus shared memory * ui/dbus: fix leak on message filtering * hw/audio/hda: fix memory leak on audio setup * hw/audio/hda: free timer on exit * hw/char/pl011: Use correct masks for IBRD and FBRD * hw/intc/arm_gicv3_cpuif: Add cast to match the documentation * hw/intc/arm_gicv3: Add cast to match the documentation * hw/intc/arm_gicv3: Add cast to match the documentation * meson: ensure -mcx16 is passed when detecting ATOMIC128 * meson: define qemu_isa_flags * meson: fix machine option for x86_version * target/m68k: Always return a temporary from gen_lea_mode * tcg/ppc: Use TCG_REG_TMP2 for scratch index in prepare_host_addr * tcg/ppc: Use TCG_REG_TMP2 for scratch tcg_out_qemu_st * linux-user: Fix parse_elf_properties GNU0_MAGIC check * linux-user/flatload: Take mmap_lock in load_flt_binary() * vnc: fix crash when no console attached * testing: bump mips64el cross to bookworm and fix package list * hw/sd/sdcard: Fix handling of disabled boot partitions * target/arm: Avoid target_ulong for physical address lookups * block/reqlist: allow adding overlapping requests * util/timer: avoid deadlock when shutting down * hw/mips/jazz: fix typo in in-built NIC alias * tcg: Fix iteration step in 32-bit gvec operation * hw/loongarch/virt: Add description for virt machine type * migration/multifd: Fix p->iov leak in multifd-uadk.c * target/ppc: Fix migration of CPUs with TLB_EMB TLB type * target/hppa: Fix random 32-bit linux-user crashes * target/arm: Correct ID_AA64ISAR1_EL1 value for neoverse-v1 * hw/char/stm32l4x5_usart.c: Enable USART ACK bit response * migration/multifd: Fix rb->receivedmap cleanup race * mac_dbdma: Remove leftover `dma_memory_unmap` calls - Fix boo#1231166: * [openSUSE][RPM] The qemu translation is not being installed (boo#1231166) ==== rasqal ==== - Drop %requires_ge libraptor1: This has been a NOP for the last 10 years, since we moved to raptor 2.x. ==== redland ==== - Remove the requires_ge against librasqal1: it's been 15 years that librasqal1 changed to librasqal2. Due to requires_ge simply ignoring the dep if the package cannot be found, this was effectively a NOP for the last 15 years - and as nobody seemed to miss it, the autodep of RPM seems good enough. ==== ruby-common ==== - update gem_packages.spec.erb by syncing with gem2rpm - drop group tag - only emit manual comments if we actually put out content - mark docs explicitely with the %doc tag - stop using deprecated PreReq for update-alternatives ==== rubygem-gem2rpm ==== - update suse.patch: handle ERB.new for older ruby versions - update suse.patch and sync in ruby-common/gem_packages.spec.erb - remove gem2rpm.yml.documentation as it is now in the git tree and therefor part of the suse.patch - replaced all patches with suse.patch generated with update-suse-patch.sh 0001-use-the-ID-from-os-release-to-use-the-proper-templat.patch 0002-added-basic-config-file-support-to-gem2rpm-in-yaml-f.patch 0003-new-opensuse-templates.-they-require-the-config-file.patch 0004-added-example-gem2rpm.yml.patch 0005-properly-shorten-description-and-summary.patch 0006-Preserve-the-license-header-found-in-the-output-file.patch 0007-fixes-for-the-opensuse-template.patch 0008-do-not-use-not-.-not-supported-on-1.8-e.g.patch 0009-No-longer-require-the-ruby-version-inside-the-subpac.patch 0010-Try-to-load-rbconfigpackagingsupport-and-fail-gracef.patch 0011-Add-support-for-scripts-pre-post-for-subpackages.patch 0012-typo-in-gem2rpm.yml.documentation-custom_pkgs-instea.patch 0013-Also-tag-LICENSE-MIT-as-docfile.patch 0014-Refactor-into-multiple-lines.patch 0015-Add-licence-to-the-list-of-license-files-as-well.patch 0016-add-two-more-ways-to-express-changes.patch 0017-.markdown-is-also-seen-in-the-wild.patch 0018-Only-use-the-extensions-doc-dir-on-MRI-2.1.x.patch 0019-Cleaner-solution-for-the-extensions-doc-dir.patch 0020-Ruby-1.8-insists-on-the-for-the-parameter.patch 0021-Fix-company-name-in-copyright-header.patch 0022-add-the-touch-for-build-compare-to-the-template.patch 0023-Also-tag-APACHE-LICENSE-2.0-as-docfile.patch 0024-add-ability-to-provide-alternative-main-Source.patch 0025-allow-running-commands-after-patching.patch 0026-use-https-instead-of-http-for-rubygems.org.patch 0027-quote-version_suffix-in-gem2rpm.yml.documentation-to.patch 0028-add-binary_map-support.patch 0029-Use-or-for-the-conditions-instead-of-and.patch 0030-gem_package.spec.erb-sync-with-ruby-common.patch 0031-use-template-opensuse-on-openSUSE-Tumbleweed-where-e.patch 0032-Replace-no-rdoc-no-ri-with-no-document.patch 0033-Use-File.exist-instead-of-File.exists-which-was-remo.patch 0034-plugin-dir.patch 0035-fix-patch-syntax.patch template_loader.patch ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-transactional-update - Handle logger exception when flushing already closed file - Include passlib as a recommended dependency - Added: * handle-logger-flushing-already-closed-file-686.patch ==== samba ==== Version update (4.21.1+git.367.e1da597d86e -> 4.21.1+git.372.cb50f2d0a68) Subpackages: libldb2 python3-ldb samba-ad-dc-libs samba-client samba-client-libs samba-dcerpc samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs - Add placeholder changelog for sle15-sp7; (jsc#PED-11210). ==== schily ==== Subpackages: libcdrdeflt1_0 libdeflt1_0 libfile1_0 libfind4_0 librmt1_0 librscg1_0 libscg1_0 libscgcmd1_0 libschily2_0 mkisofs spax star - Add 81.patch to not store the build host kernel version (boo#1232434) ==== seahorse ==== Version update (47.0.1 -> 47.0.1+6) Subpackages: gnome-shell-search-provider-seahorse - Update to version 47.0.1+6: * build: - Fix config.h target - Fix symbolic icon name * Updated translations. ==== selinux-policy ==== Version update (20241021 -> 20241031) Subpackages: selinux-policy-targeted - Update to version 20241031: * Label /var/livepatches as lib_t for ULP on micro (bsc#1228879) ==== snapper ==== Subpackages: libsnapper7 snapper-zypp-plugin - generate dsc file for Ubuntu 24.10 ==== speech-dispatcher ==== Version update (0.12.0~rc3 -> 0.12.0~rc4) Subpackages: libspeechd2 python311-speechd speech-dispatcher-module-espeak - Update to version 0.12.0~rc4: * audio: Fix logging from audio modules in server-side audio. * Sort Baratinoo engine higher. * espeak-ng-mbrola: Fix mbrola voices with rate different from 22KHz * Add a run-spd-say script and make run-speechd and run-spd-say able to talk directly. * Add initial pipewire support. - Drop speech-dispatcher-missing-return-vals.patch and speech-dispatcher-pulseaudio-samples.patch: fixed upstream. - Add libpipewire-0.3 to BuildRequires to build Pipewire support. - Package speechd_module library. - Drop rcFOO symlinks (PED-266). ==== sqlite3 ==== Version update (3.46.0 -> 3.46.1) Subpackages: libsqlite3-0 sqlite3-tcl - Update to release 3.46.1: * Improved robustness while parsing the tokenize= arguments in FTS5. * Enhancements to covering index prediction in the query planner. * Do not let the number of terms on a VALUES clause be limited by SQLITE_LIMIT_COMPOUND_SELECT, even if the VALUES clause contains elements that appear to be variables due to double-quoted string literals. * Fix the window function version of group_concat() so that it returns an empty string if it has one or more empty string inputs. * In FTS5 secure-delete mode, fix false-positive integrity-check reports about corrupt indexes. * Syntax errors in ALTER TABLE should always return SQLITE_ERROR. In some cases, they were formerly returning SQLITE_INTERNAL. * Other minor fixes. ==== suitesparse ==== Version update (7.5.1 -> 7.8.3) Subpackages: libamd3 libcamd3 libccolamd3 libcholmod5 libcolamd3 libsuitesparseconfig7 libumfpack6 - update to version 7.8.3 * ParU 1.0.0: first stable release. No change since last version - update to version 7.8.2 * LAGraph 1.1.4: bug fix for LAGraph_MMWrite when matrix is dense - update to version 7.8.1 * GraphBLAS 9.3.1: bug fix in creation of JIT package - update to version 7.8.0 * ParU 0.2.0: many changes; nearing a stable release. * CHOLMOD 5.3.0: added cholmod_query, and #define's in cholmod.h, to query which Modules and features have been configured. - update to version 7.7.0 * SPEX 3.1.0: major revision to API, new methods. Added SPEX_Cholesky, SPEX_Backslash, and python interface. * Example 1.7.0: revised for change in SPEX API * GraphBLAS 9.1.0: revised defn of C11 complex type, bug fix * CXSparse 4.4.0: revise malloc/calloc/realloc/free wrappers - update to version 7.6.1 * GraphBLAS 9.0.3: performance bug fix (JIT kernels were not compiled with OpenMP, since v8.3.1), and fix to Makefile ("make static") - update to version 7.6.0 * CHOLMOD 5.2.0: bug fix (restore ABI compatibility with 5.0.x, i.e., 5.2.0 is ABI incompatible to 5.1.x) * SPQR 4.3.2: remove unused parameters ==== system-users ==== Subpackages: system-group-hardware system-group-kvm system-group-libvirt system-group-wheel system-user-bin system-user-daemon system-user-ftp system-user-lp system-user-mail system-user-man system-user-news system-user-nobody system-user-qemu system-user-tftp system-user-tss system-user-upsd system-user-uucp system-user-vscan system-user-wwwrun - system-user-nobody: remove shell for user nobody, all packages should be meanwhile adjusted, no other distribution has a shell for this user. ==== sysvinit ==== Version update (3.10 -> 3.11) - Update to sysvinit 3.11 * Some escape characters were included in the inittab manual page, but not displayed by the "man" command because they were not (ironically) properly escaped. This has been fixed. * Enabled chaining commands together in the inittab file. This allows the admin to run commands like "task1 && task2" or "task2 || task2" from the inittab file. * Fix typoes in halt manual page. Fixes provided by Bjarni Ingi Gislason. * Fix typos/markdown in fstab-decode manual page. Patch provided by Bjarni Ingi Gislason. ==== tecla-keyboard-layout-viewer ==== - Update license to GPL-2.0-pr-later, conforming to the license declated in the source files. ==== tigervnc ==== Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module - Require /usr/bin/dbus-launch insted of dbus-1-x11: Do not rely on legacy dbus-1-x11 package, which is going away after moving to dbus-broker. ==== update-bootloader ==== Version update (1.17 -> 1.18) - merge gh#openSUSE/perl-bootloader#181 - explicitly use bash as shell (bsc#1231018) - 1.18 ==== virt-manager ==== Subpackages: virt-install virt-manager-common - bsc#1231400 - Virt-manager is missing support for AMD sev-snp virtman-add-sev-memory-support.patch ==== vlc ==== Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-noX vlc-qt vlc-vdpau - Drop the requres_ge libbluray1 statement, which was added as a hack due to a libbluray ABI brak at version 0.5. By now libbluray is at .so.2, so that statement was actually a NOP. as RPM simply ignored in-existing package dependencies. ==== xfce4-branding-openSUSE ==== Version update (4.18.0+git4.79f6d44 -> 4.18.0+git5.88e05bf) Subpackages: libgarcon-branding-openSUSE libxfce4ui-branding-openSUSE thunar-volman-branding-openSUSE xfce4-notifyd-branding-openSUSE xfce4-panel-branding-openSUSE xfce4-power-manager-branding-openSUSE xfce4-session-branding-openSUSE xfce4-settings-branding-openSUSE xfdesktop-branding-openSUSE xfwm4-branding-openSUSE - Updated Tumbleweed wallpaper symlinks ==== xkeyboard-config ==== - n_fi-kotoistus-metainfo.patch * add meta information for default variant of "fi" keyboard layout "kotoistus" needed for GNOME or other users of xkeyboard meta XML files (boo#1227420) ==== yaml-cpp ==== - Add baselibs.conf ==== yast2-trans ==== Version update (84.87.20240801.d54b6ae08f -> 84.87.20241029.4907c8ec47) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20241029.4907c8ec47: * Translated using Weblate (Swedish) * Translated using Weblate (Czech) * New POT for text domain 'control'. * Translated using Weblate (German) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (French) * Translated using Weblate (Slovak) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * New POT for text domain 'auth-client'. * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Galician) * Translated using Weblate (Czech) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Dutch) * Translated using Weblate (Slovak) * Translated using Weblate (French) * Translated using Weblate (Japanese) * Translated using Weblate (Arabic) * Translated using Weblate (Catalan) * New POT for text domain 'installation'. * Translated using Weblate (Spanish) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * Translated using Weblate (Slovenian) * New POT for text domain 'security'. * New POT for text domain 'iscsi-client'. * Translated using Weblate (Lithuanian) * New POT for text domain 'registration'. * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) ... changelog too long, skipping 407 lines ... * New POT for text domain 'firewall'.