Packages changed: ImageMagick Mesa Mesa-drivers MozillaFirefox (123.0.1 -> 124.0.1) baobab (45.0 -> 46.0) bash-completion emacs-compat (29.1.4.4 -> 29.1.4.5) emacs-jinx (1.3 -> 1.4) emacs-vterm (696.c3a3a23 -> 698.ae4ae1a) ffado ffmpeg-6 file-roller (44.beta -> 44) folks (0.15.8 -> 0.15.9) gedit (46.1+135 -> 46.2) ghostscript (10.02.1 -> 10.03.0) gjs (1.80.0 -> 1.80.2) glibmm2 (2.78.1 -> 2.80.0) gnome-logs (45.beta -> 45.0) kernel-firmware (20240312 -> 20240322) libinput libksysguard6 libnfs (5.0.2 -> 5.0.3) libsmbios libunwind libvirt libwacom lvm2 lvm2-device-mapper malcontent mc open-vm-tools (12.3.5 -> 12.4.0) openSUSE-build-key opensuse-welcome patterns-gnome pcr-oracle pipewire polkit-default-privs (1550+20240311.559e6ac -> 1550+20240325.eddbe04) python-httpx (0.26.0 -> 0.27.0) python-psutil qt6-base salt thin-provisioning-tools vulkan-loader (1.3.275.0 -> 1.3.280.0) vulkan-tools (1.3.275.0 -> 1.3.280.0) wireplumber xen (4.18.0_06 -> 4.18.1_02) yast2-storage-ng (5.0.9 -> 5.0.10) === Details === ==== ImageMagick ==== Subpackages: libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - allow stdin/stdout - modified patches % ImageMagick-configuration-SUSE.patch ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - enable vulkan-beta meson flag for vulkan video support (suggested by "llyyr" ; adding C flag - Wno-error=missing-prototypes for this wasn't necessary) - Add zink driver by default ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva libxatracker2 - enable vulkan-beta meson flag for vulkan video support (suggested by "llyyr" ; adding C flag - Wno-error=missing-prototypes for this wasn't necessary) - Add zink driver by default ==== MozillaFirefox ==== Version update (123.0.1 -> 124.0.1) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 124.0.1 https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/ MFSA 2024-15 (bsc#1221850) * CVE-2024-29943 (bmo#1886849) Out-of-bounds access via Range Analysis bypass * CVE-2024-29944 (bmo#1886852) Privileged JavaScript Execution via Event Handlers Mozilla Firefox 124.0 https://www.mozilla.org/en-US/firefox/124.0/releasenotes/ MFSA 2024-12 (bsc#1221327) * CVE-2024-2605 (bmo#1872920) Windows Error Reporter could be used as a Sandbox escape vector * CVE-2024-2606 (bmo#1879237) Mishandling of WASM register values * CVE-2024-2607 (bmo#1879939) JIT code failed to save return registers on Armv7-A * CVE-2024-2608 (bmo#1880692) Integer overflow could have led to out of bounds write * CVE-2023-5388 (bmo#1780432) NSS susceptible to timing attack against RSA decryption * CVE-2024-2609 (bmo#1866100) Permission prompt input delay could expire when not in focus * CVE-2024-2610 (bmo#1871112) Improper handling of html and body tags enabled CSP nonce leakage * CVE-2024-2611 (bmo#1876675) Clickjacking vulnerability could have led to a user accidentally granting permissions * CVE-2024-2612 (bmo#1879444) Self referencing object could have potentially led to a use- after-free * CVE-2024-2613 (bmo#1875701) Improper handling of QUIC ACK frame data could have led to OOM * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093) Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 * CVE-2024-2615 (bmo#1881074, bmo#1881650, bmo#1882438) Memory safety bugs fixed in Firefox 124 - requires NSS = 3.98 rust-cbindgen >= 0.26 ==== baobab ==== Version update (45.0 -> 46.0) Subpackages: baobab-lang - Update to version 46.0: + Improved App metainfo. + Use enter instead of leave to update highlightitem. + Updated translations. ==== bash-completion ==== - Add patch boo1221414-scp.patch * Do not replace the asignment of the array COMPREPLY with the shell function _comp_compgen_split (boo#1221414) ==== emacs-compat ==== Version update (29.1.4.4 -> 29.1.4.5) - Update to version 29.1.4.5: * Update NEWS.org * compat-tests: Fix compat-thing-at-mouse test * Use https links everywhere * compat.texi: Use @dfn{Extended Definitions} * NEWS: Mention addition of compat.el to Emacs * compat.texi: Update manual after the inclusion of compat.el in Emacs * compat-tests: Fix commentary linter warnings * compat-tests: Use should-equal * compat--maybe-require: Rename macro to reduce churn ==== emacs-jinx ==== Version update (1.3 -> 1.4) - Update to version 1.4: * Update README * Fix: Ensure that `eval' local variable enabling `jinx-mode' works * yaml-mode/yaml-ts-mode: Alias to conf-mode * Remove TeX-mode alias * jinx-exclude/include-faces, jinx-exclude-regexps: Support mode aliases * jinx-correct-all: Restrict corrections to marked region * jinx-correct: Ensure that word is saved without text properties (Fix #140) ==== emacs-vterm ==== Version update (696.c3a3a23 -> 698.ae4ae1a) - Update to version 698.ae4ae1a: * Ensures the starting col is the same as later calculated * Fix typo: postion -> position ==== ffado ==== - Remove unnecessary BuildRequires on xdg-utils and update-desktop-files ==== ffmpeg-6 ==== Subpackages: libavcodec60 libavfilter9 libavformat60 libavutil58 libpostproc57 libswresample4 libswscale7 - Add 0001-avcodec-tests-rename-the-bundled-Mesa-AV1-vulkan-vid.patch ==== file-roller ==== Version update (44.beta -> 44) Subpackages: file-roller-lang - Update to version 44: + Fixes compilation when native app chooser is disabled. + Updated translations. ==== folks ==== Version update (0.15.8 -> 0.15.9) Subpackages: folks-data folks-lang libfolks-eds26 libfolks26 - Update to version 0.15.9: + simple-query: normalize phone numbers in search. + Updated translations. ==== gedit ==== Version update (46.1+135 -> 46.2) Subpackages: gedit-lang python3-gedit - Update to version 46.2: + Update URL gedit-technology.net -> gedit-technology.github.io. ==== ghostscript ==== Version update (10.02.1 -> 10.03.0) Subpackages: ghostscript-x11 - Version upgrade to 10.03.0: For openSUSE and SUSE Ghostscript is built '--without-tesseract' (see the entry below dated 'Mon Jul 18 07:28:54 UTC 2022'). Highlights in this release include: See 'Recent Changes in Ghostscript' at Ghostscript upstream https://ghostscript.readthedocs.io/en/gs10.03.0/News.html * As of this release (10.03.0) pdfwrite creates PDF files with XRef streams and ObjStm streams. This can result in considerably smaller PDF output files. See Vector Devices https://ghostscript.readthedocs.io/en/latest/VectorDevices.html for more details. * Ghostscript/pdfwrite now supports passing through PDF "Optional Content". * Our efforts in code hygiene and maintainability continue. * The usual round of bug fixes, compatibility changes, and incremental improvements. Incompatible changes (the release is listed in parentheses): * (10.03.0) Almost all the "internal" PostScript procedures defined during the interpreter startup are now "executeonly", further reducing the attack surface of the interpreter. The nature of these procedures means there should be no impact for legitimate usage, but it is possible it will impact uses which abuse the previous accessibility (even for legitimate reasons). Such cases may now require "DELAYBIND", See DELAYBIND https://ghostscript.readthedocs.io/en/latest/Use.html#ddelaybind * (10.03.0) The "makeimagedevice" non-standard operator has been removed. It allowed low level access to the graphics library in a way that was, essentially impossible to secure. * (10.03.0) The "putdeviceprops", "getdeviceprops", "finddevice", "copydevice", "findprotodevice" non-standard operators have all been removed. They provided functionality that is either accessible through standard operators, or should not be used by user PostScript. * (10.03.0) The process of "tidying" the PostScript namespace should have removed only non-standard and undocumented operators. Nevertheless, it is possible that any integrations or utilities that rely on those non-standard and undocumented operators may stop working or may change behaviour. If you encounter such a case, please contact us (Discord https://discord.gg/H9GXKwyPvY [#]ghostscript IRC channel https://web.libera.chat/#ghostscript or the gs-devel mailing list https://www.ghostscript.com/mailman/index.html would be best), but remember that free versions of Ghostscript come with with NO WARRANTY and NO SUPPORT. - Ghostscript 10.03.0 contains the fix to build with GCC 14 (boo#1221687) ==== gjs ==== Version update (1.80.0 -> 1.80.2) Subpackages: libgjs0 typelib-1_0-GjsPrivate-1_0 - Update to version 1.80.2: + Quick follow-up release to fix crash on ppc64. - Update to version 1.80.1: + Quick follow-up release to fix build failure on MacPorts and Homebrew. ==== glibmm2 ==== Version update (2.78.1 -> 2.80.0) Subpackages: libgiomm-2_68-1 libglibmm-2_68-1 - Update to version 2.80.0: + Glib: - Add wide_from_utf8() and wide_to_utf8() - DateTime: Add create_from_local_usec(), create_from_utc_usec() and to_unix_usec(). + Gio: - Application: Add get/set/property_version(). - ApplicationCommandLine: Add done(). - DBus::Message: Add get_arg0_path(). - Socket: Add receive_bytes() and receive_bytes_from(). - content_type_guess(): Remove most of an unnecessary overload. ==== gnome-logs ==== Version update (45.beta -> 45.0) Subpackages: gnome-logs-lang - Update to version 45.0: + Improve app metainfo. + Updated translations. ==== kernel-firmware ==== Version update (20240312 -> 20240322) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20240322 (git commit 9a6a0cc195c1): * mekdiatek: Update mt8186 SOF firmware to v2.0.1 * linux-firmware: Add firmware for Cirrus CS35L56 for Dell laptops * Montage: update firmware for Mont-TSSE * WHENCE: Link the Raspberry Pi CM4 and 5B to the 4B * Intel Bluetooth: Update firmware file for Intel Bluetooth BE200 * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX101 * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX211 * Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX101 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX101 * Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX211 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX211 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX210 * Intel Bluetooth: Update firmware file for Intel Bluetooth AX200 * Intel Bluetooth: Update firmware file for Intel Bluetooth AX201 * Intel Bluetooth: Update firmware file for Intel Bluetooth 9560 * Intel Bluetooth: Update firmware file for Intel Bluetooth 9260 * amdgpu: DMCUB updates for various AMDGPU ASICs * linux-firmware: mediatek: Update MT8173 VPU firmware to v1.1.8 * imx: sdma: update firmware to v3.6/v4.6 - Update aliases from 6.8 kernels ==== libinput ==== Subpackages: libinput-udev libinput10 - remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro, [bsc#1212476] ==== libksysguard6 ==== Subpackages: ksysguardsystemstats6-data libKSysGuardSystemStats2 libksysguard6-imports libksysguard6-lang libksysguard6-plugins - Drop meanwhile unnecessary BuildRequires on WebEngine and WebChannel ==== libnfs ==== Version update (5.0.2 -> 5.0.3) - update to 5.0.3: * final release of the old API * Support NLM Share * Improved handling of PDUs * multithreading: do not wake up immediately if there are no events to process * Reduced memory allocations * Expose further configuration options * Bug fixes and developer visible fixes ==== libsmbios ==== Subpackages: libsmbios-lang libsmbios_c2 python3-smbios python3-smbios-utils - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== libunwind ==== - Drop BuildRequires on latex2man, the tarball has manpages already. This avoids a large dependency chain: * Add dont-disable-documentation-without-latex2man.patch ==== libvirt ==== Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - CVE-2024-2494: remote: check for negative array lengths before allocation bsc#1221815 ==== libwacom ==== Subpackages: libwacom-data libwacom9 - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro, [bsc#1212476] ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro, [bsc#1212476] ==== malcontent ==== Subpackages: libmalcontent-0-0 libmalcontent-ui-1-1 malcontent-control malcontent-lang typelib-1_0-Malcontent-0 - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== mc ==== Subpackages: mc-lang - remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro, [bsc#1212476] ==== open-vm-tools ==== Version update (12.3.5 -> 12.4.0) Subpackages: libvmtools0 open-vm-tools-desktop - update to 12.4.0: https://github.com/vmware/open-vm-tools/blob/stable-12.4.0/ReleaseNotes.md https://github.com/vmware/open-vm-tools/blob/stable-12.4.0/open-vm-tools/ChangeLog There are no new features in the open-vm-tools 12.4.0 release. This is primarily a maintenance release that addresses a few critical problems, including: * A Github pull request has been handled. Please see the Resolved Issues section of the Release Notes. * A number of issues flagged by Coverity have been addressed. * For issues resolved in this release, see the Resolved Issues section of the Release Notes. ==== openSUSE-build-key ==== - Fix import-openSUSE-build-key:set proper timer name to try to stop (openSUSE-build-key-import.timer, not suse-build-key-import.timer) (boo#1221948). ==== opensuse-welcome ==== - remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro, [bsc#1212476] ==== patterns-gnome ==== Subpackages: patterns-gnome-gnome patterns-gnome-gnome_basic patterns-gnome-gnome_basis patterns-gnome-gnome_basis_opt patterns-gnome-gnome_games patterns-gnome-gnome_imaging patterns-gnome-gnome_internet patterns-gnome-gnome_multimedia patterns-gnome-gnome_office patterns-gnome-gnome_utilities patterns-gnome-gnome_x11 patterns-gnome-gnome_yast patterns-gnome-sw_management_gnome - Keep gedit instead of gnome-text-editor on SLE and Leap (bsc#1219646). ==== pcr-oracle ==== - Add fix_grub_bls_cmdline.patch to include the measurements of the cmdline and the linux and initrd grub commands ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Avoid %if %{pkg_vcmp gcc < 8}, instead replicate the condition from the BuildRequires section. ==== polkit-default-privs ==== Version update (1550+20240311.559e6ac -> 1550+20240325.eddbe04) - Update to version 1550+20240325.eddbe04: * profiles: power-profiles-daemon (bsc#1219957) ==== python-httpx ==== Version update (0.26.0 -> 0.27.0) - Update to 0.27.0 * The app=... shortcut has been deprecated. Use the explicit style of transport=httpx.WSGITransport() or transport=httpx.ASGITransport() instead. * Respect the http1 argument while configuring proxy transports. (#3023) * Fix RFC 2069 mode digest authentication. (#3045) ==== python-psutil ==== - BuildRequire pkgconfig(libsystemd) instead of full systemd ==== qt6-base ==== Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6Widgets6 libQt6Xml6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-platformtheme-gtk3 qt6-printsupport-cups qt6-sql-mysql qt6-sql-sqlite - Replace the postgresql-server build dependency with the client library ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-transactional-update - Convert oscap output to UTF-8 - Added: * switch-oscap-encoding-to-utf-8-639.patch - Make Salt compatible with Python 3.11 - Added: * fix-salt-warnings-and-testuite-for-python-3.11-635.patch - Ignore non-ascii chars in oscap output (bsc#1219001) - Added: * decode-oscap-byte-stream-to-string-bsc-1219001.patch ==== thin-provisioning-tools ==== - Enable test execution during build - Modernise cargo packaging usage in spec file ==== vulkan-loader ==== Version update (1.3.275.0 -> 1.3.280.0) - Update to release SDK-1.3.280.0 * Bugfixes for Windows ==== vulkan-tools ==== Version update (1.3.275.0 -> 1.3.280.0) - Update to release SDK-1.3.280.0 * icd: Add AV1 decode support * Update linmath to upstream and add degreestoradians definition. This fixes bug in linmath function: quat_mul_vec3 ==== wireplumber ==== Subpackages: libwireplumber-0_5-0 wireplumber-audio wireplumber-lang wireplumber-zsh-completion - Add patch from upstream to fix all input sources only working when bluetooth profile is set to HSF/HFP, which was a regression in 0.5.0 (glfo#pipewire/wireplumber#598): * 0001-filter-utils-fix-handling-of-targetless-smart-filters.patch - Avoid %if %{pkg_vcmp gcc < 8}, instead replicate the condition from the BuildRequires section. ==== xen ==== Version update (4.18.0_06 -> 4.18.1_02) Subpackages: xen-libs xen-tools xen-tools-domU - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) 65f83951-x86-mm-use-block_lock_speculation-in.patch - Update to Xen 4.18.1 bug fix release (bsc#1027519) xen-4.18.1-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data Sampling (XSA-452) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - Dropped patches included in new tarball 654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch 65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch 655b2ba9-fix-sched_move_domain.patch 6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch 6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch 656ee5e1-x86emul-avoid-triggering-event-assertions.patch 656ee602-cpupool-adding-offline-CPU.patch 656ee6c3-domain_create-error-path.patch 6571ca95-fix-sched_move_domain.patch 6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch 65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch 65a7a0a4-x86-Intel-GPCC-setup.patch 65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch 65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch 65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch 65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch 65b8f9ab-VT-d-else-vs-endif-misplacement.patch xsa451.patch ==== yast2-storage-ng ==== Version update (5.0.9 -> 5.0.10) - GuidedProposal: internal settings to control the configuration of boot-related partitions and the usage of adjust_by_ram. - Needed for gh#openSUSE/agama#1111 - 5.0.10